Edit tour

Windows Analysis Report
LZ_109186961250811H#U00ae.exe

Overview

General Information

Sample name:	LZ_109186961250811H#U00ae.exe
Analysis ID:	1529961
MD5:	1e882dbe5b3ed8af455c98400eed4613
SHA1:	5e655d9c6ece1a0e4875608955053d465315dcf4
SHA256:	f93ded1b0010b80cac7185b9c019d2fad5c94118b4fd7e558e404b26a832634f
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Installs new ROOT certificates

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Stores large binary data to the registry

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64native

LZ_109186961250811H#U00ae.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe" MD5: 1E882DBE5B3ED8AF455C98400EED4613)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: LZ_109186961250811H#U00ae.exe

ReversingLabs: Detection: 13%

Bitcoin Miner

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00EC19E0 LoadLibraryExW,

0_2_00EC19E0

Source: LZ_109186961250811H#U00ae.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 4x nop then cmp rdx, 40h	0_2_00EADFC0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 4x nop then shr r10, 0Dh	0_2_00EB9720
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 4x nop then lock or byte ptr [rdx], dil	0_2_00EAE700
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 4x nop then shr r10, 0Dh	0_2_00EBABC0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 4x nop then cmp rdx, rbx	0_2_00E9BE60

Source: Joe Sandbox View

IP Address: 18.238.49.52 18.238.49.52

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: letras.mus.brUser-Agent: Go-http-client/1.1Referer: https://lzarz.cearacaju.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: spotify.comUser-Agent: Go-http-client/1.1Referer: https://gywfq.tecnokoll.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.spotify.comUser-Agent: Go-http-client/1.1Referer: https://spotify.comAccept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: open.spotify.comUser-Agent: Go-http-client/1.1Referer: https://www.spotify.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: terra.com.brUser-Agent: Go-http-client/1.1Referer: https://wyejd.acosouropreto.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: weather.comUser-Agent: Go-http-client/1.1Referer: https://rxemz.arjmineradora.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: correios.com.brUser-Agent: Go-http-client/1.1Referer: https://putaz.geometralengenharia.com/Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.correios.com.brUser-Agent: Go-http-client/1.1Referer: https://correios.com.brAccept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: jw.orgUser-Agent: Go-http-client/1.1Referer: https://uxjuw.osberbigao.com/Accept-Encoding: gzip

Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <img class="proporcao-link-rodape" src="https://www.correios.com.br/estrutura-da-pagina/rodape/siga-os-correios/facebook/@@images/imagem_para_link/icon" alt="Facebook Correios" /> equals www.facebook.com (Facebook)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <img class="proporcao-link-rodape" src="https://www.correios.com.br/estrutura-da-pagina/rodape/siga-os-correios/linkedin/@@images/imagem_para_link/icon" alt="Linkedin Correios" /> equals www.linkedin.com (Linkedin)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <img class="proporcao-link-rodape" src="https://www.correios.com.br/estrutura-da-pagina/rodape/siga-os-correios/youtube/@@images/imagem_para_link/icon" alt="Youtube - Correios" /> equals www.youtube.com (Youtube)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a href="https://www.facebook.com/correios/?locale=pt_BR"> equals www.facebook.com (Facebook)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a href="https://www.youtube.com/@correiosoficial"> equals www.youtube.com (Youtube)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "https://www.linkedin.com/company/the-weather-channel", equals www.linkedin.com (Linkedin)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "https://www.youtube.com/@TheWeatherChannel", equals www.youtube.com (Youtube)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "https://www.linkedin.com/company/the-weather-channel", equals www.linkedin.com (Linkedin)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "https://www.youtube.com/@TheWeatherChannel", equals www.youtube.com (Youtube)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "sameAs" : ["https://www.facebook.com/TerraBrasil", "http://twitter.com/Terra", "http://plus.google.com/115961647624943558279"], equals www.facebook.com (Facebook)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "sameAs" : ["https://www.facebook.com/TerraBrasil", "http://twitter.com/Terra", "http://plus.google.com/115961647624943558279"], equals www.twitter.com (Twitter)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303139230.000000C000302000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <div class="footer-social g-fix"> <strong class="footer-label font --base --strong --size16">Siga o Letras</strong> <div class="footer-follows"> <a class="footer-follow --instagram font --base --strong --size14" href="https://www.instagram.com/letrasmusbr/" target="_blank" rel="noopener"> <i></i> <span>Instagram</span> </a> <a class="footer-follow --tiktok font --base --strong --size14" href="https://www.tiktok.com/@letras" target="_blank" rel="noopener"> <i></i> <span>TikTok</span> </a> <a class="footer-follow --youtube font --base --strong --size14" href="https://www.youtube.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>YouTube</span> </a> <a class="footer-follow --facebook font --base --strong --size14" href="https://facebook.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Facebook</span> </a> <a class="footer-follow --x font --base --strong --size14" href="https://x.com/letras" target="_blank" rel="noopener"> <i></i> <span>X</span> </a> <a class="footer-follow --pinterest font --base --strong --size14" href="https://br.pinterest.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Pinterest</span> </a> <a class="footer-follow --linkedin font --base --strong --size14" href="https://www.linkedin.com/company/letras/" target="_blank" rel="noopener"> <i></i> <span>Linkedin</span> </a> </div> </div> equals www.facebook.com (Facebook)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303139230.000000C000302000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <div class="footer-social g-fix"> <strong class="footer-label font --base --strong --size16">Siga o Letras</strong> <div class="footer-follows"> <a class="footer-follow --instagram font --base --strong --size14" href="https://www.instagram.com/letrasmusbr/" target="_blank" rel="noopener"> <i></i> <span>Instagram</span> </a> <a class="footer-follow --tiktok font --base --strong --size14" href="https://www.tiktok.com/@letras" target="_blank" rel="noopener"> <i></i> <span>TikTok</span> </a> <a class="footer-follow --youtube font --base --strong --size14" href="https://www.youtube.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>YouTube</span> </a> <a class="footer-follow --facebook font --base --strong --size14" href="https://facebook.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Facebook</span> </a> <a class="footer-follow --x font --base --strong --size14" href="https://x.com/letras" target="_blank" rel="noopener"> <i></i> <span>X</span> </a> <a class="footer-follow --pinterest font --base --strong --size14" href="https://br.pinterest.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Pinterest</span> </a> <a class="footer-follow --linkedin font --base --strong --size14" href="https://www.linkedin.com/company/letras/" target="_blank" rel="noopener"> <i></i> <span>Linkedin</span> </a> </div> </div> equals www.linkedin.com (Linkedin)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303139230.000000C000302000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <div class="footer-social g-fix"> <strong class="footer-label font --base --strong --size16">Siga o Letras</strong> <div class="footer-follows"> <a class="footer-follow --instagram font --base --strong --size14" href="https://www.instagram.com/letrasmusbr/" target="_blank" rel="noopener"> <i></i> <span>Instagram</span> </a> <a class="footer-follow --tiktok font --base --strong --size14" href="https://www.tiktok.com/@letras" target="_blank" rel="noopener"> <i></i> <span>TikTok</span> </a> <a class="footer-follow --youtube font --base --strong --size14" href="https://www.youtube.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>YouTube</span> </a> <a class="footer-follow --facebook font --base --strong --size14" href="https://facebook.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Facebook</span> </a> <a class="footer-follow --x font --base --strong --size14" href="https://x.com/letras" target="_blank" rel="noopener"> <i></i> <span>X</span> </a> <a class="footer-follow --pinterest font --base --strong --size14" href="https://br.pinterest.com/letrasmusbr" target="_blank" rel="noopener"> <i></i> <span>Pinterest</span> </a> <a class="footer-follow --linkedin font --base --strong --size14" href="https://www.linkedin.com/company/letras/" target="_blank" rel="noopener"> <i></i> <span>Linkedin</span> </a> </div> </div> equals www.youtube.com (Youtube)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: =<a href="https://www.facebook.com/correios/?locale=pt_BR"> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: lzarz.cearacaju.com
Source: global traffic	DNS traffic detected: DNS query: letras.mus.br
Source: global traffic	DNS traffic detected: DNS query: www.letras.mus.br
Source: global traffic	DNS traffic detected: DNS query: gywfq.tecnokoll.com
Source: global traffic	DNS traffic detected: DNS query: spotify.com
Source: global traffic	DNS traffic detected: DNS query: www.spotify.com
Source: global traffic	DNS traffic detected: DNS query: open.spotify.com
Source: global traffic	DNS traffic detected: DNS query: jqbve.ullmannemp.com
Source: global traffic	DNS traffic detected: DNS query: noticias.uol.com.br
Source: global traffic	DNS traffic detected: DNS query: pleku.karinapisos.com
Source: global traffic	DNS traffic detected: DNS query: microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: wyejd.acosouropreto.com
Source: global traffic	DNS traffic detected: DNS query: terra.com.br
Source: global traffic	DNS traffic detected: DNS query: www.terra.com.br
Source: global traffic	DNS traffic detected: DNS query: rxemz.arjmineradora.com
Source: global traffic	DNS traffic detected: DNS query: weather.com
Source: global traffic	DNS traffic detected: DNS query: putaz.geometralengenharia.com
Source: global traffic	DNS traffic detected: DNS query: correios.com.br
Source: global traffic	DNS traffic detected: DNS query: www.correios.com.br
Source: global traffic	DNS traffic detected: DNS query: uxjuw.osberbigao.com
Source: global traffic	DNS traffic detected: DNS query: jw.org
Source: global traffic	DNS traffic detected: DNS query: www.jw.org
Source: global traffic	DNS traffic detected: DNS query: rakdd.equipebuffet.com
Source: global traffic	DNS traffic detected: DNS query: casasbahia.com.br

Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303038965.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302039180.000000C000474000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/gsr1.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5464794829.000001B23423C000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/gsr1.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r4.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00018E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B8000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000428000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C000428000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r4.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/-Yj7OYL5Dng.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008453292.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676985191.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/-hiVeOStiWo.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/Kvu7cf9_d_4.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/Kvu7cf9_d_4.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/LcT3rMT9KpM.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/SaWLYV2xvlI.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/X2M_FEd6Z7c.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/hyVOyYKxz9E.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/hyVOyYKxz9E.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/hyVOyYKxz9E.crlrakdd.equipebuffet.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/r1Lq4vMcD8c.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/r1Lq4vMcD8c.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/yoggNsz3xQU.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/yoggNsz3xQU.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/we1/yoggNsz3xQU.crlhttp://c.pki.goog/we1/r1Lq4vMcD8c.crlm#
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676920350.000001B234251000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C000860000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000332000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004CB000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00048D000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302170249.000000C00043C000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00043C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crl0u
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crlhttp://ocsp.r2m02.amazontrust.comhttp://crt.r2m02.amazontr
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676920350.000001B234251000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C000860000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000332000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004CB000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004CB000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.r2m02.amazontrust.com/r2m02.cer
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00048D000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302170249.000000C00043C000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00043C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.r2m02.amazontrust.com/r2m02.cer0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/gsr1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5464794829.000001B23423C000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/gsr1.crt0-
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303038965.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302039180.000000C000474000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/gsr1.crthttp://c.pki.goog/r/gsr1.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00018E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B8000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000428000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C000428000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r4.crt0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r4.crtGlobalSign
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303038965.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00032A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302039180.000000C000474000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304672133.000000C000200000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008453292.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676985191.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0)
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0-
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt01
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/we1.crt0=
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://images.terra.com/2022/05/27/flipar_favicon_32x32_mascara-vf0upzz9httf.png
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://images.terra.com/2022/05/27/logo_flipar_88x31-to4m3xktrfp0.png
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://images.terra.com/2024/03/01/logo_joao-bidu-qhvn1smnq6gl.png
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/CQc
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/CQc0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/CQchttp://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/GRs0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/N1w
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/N1w0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/N1whttp://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306260246.000000C0000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/NgQ0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00032A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/WUo
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/WUo0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00032A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/WUohttp://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/Yt4
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008453292.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676985191.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/Yt40%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/Yt4http://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fHE
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fHE0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fHEhttp://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304672133.000000C000200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fsw
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fsw0%
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000200000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304672133.000000C000200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/s/we1/fswhttp://i.pki.goog/we1.crt
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.6676920350.000001B234251000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C000860000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000332000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004CB000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.r2m02.amazontrust.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00048D000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302170249.000000C00043C000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00043C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.r2m02.amazontrust.com06
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ogp.me/ns#
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://plone.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s.ss2.us/r.crl
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schema.org
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C00085A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004CB000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B234250000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www2.correios.com.br/sistemas/precosPrazos/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x.ss2.us/x.cer
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x.ss2.us/x.cerhttp://s.ss2.us/r.crlAmazon
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x.ss2.us/x.cerhttp://s.ss2.us/r.crlnoticias.uol.com.br:443http://i.pki.goog/r4.crtGlobalSign
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/3iHw48f
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/Alo25
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/Alo50
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/Alo75
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/alo30
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/alo40
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://buscacepinter.correios.com.br/app/endereco/index.php?t
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cas.correios.com.br/login?service=https%3A%2F%2Fapps.correios.com.br%2Fportalimportador%2Fpa
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cas.correios.com.br/login?service=https%3A%2F%2Fmeucorreios.correios.com.br%2Fcore%2Fseguran
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cas.correios.com.br/login?service=https%3A%2F%2Fprepostagem.correios.com.br%2Flogin%2Fcas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?version=4.8.0&features=default%2CArray.prot
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://correios.com.br
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306288660.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000330000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://effulgenttempest.com/57930e98704a/9972c29ffcf7b25dd45e0aa8.main.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://efi.correios.com.br/app/simulaPrecoPrazoInternacional/index.php
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://empresas.correios.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://empresas.correios.com.br/#/login
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303270757.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5296977865.000000C0004F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://eum-orange-saas.instana.io
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303270757.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5296977865.000000C0004F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://eum.instana.io/eum.min.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302614468.000000C0003EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gywfq.tecnokoll.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jqbve.ullmannemp.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000414000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jw.org
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://letras.mus.br
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://letras.mus.brspeculation-rules
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mais.correios.com.br/app/index.php
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mapbox.com/about/maps
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://meucorreios.correios.com.br/app/index.php
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303270757.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5296977865.000000C0004F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://micro.rubiconproject.com/prebid/dynamic/10738.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304643018.000000C000222000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://microsoftonline.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://novavp-a.akamaihd.net/customdeny/casasbahia.com.br/style.css
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://novavp-a.akamaihd.net/customdeny/extra.com.br/style.css
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://novavp-a.akamaihd.net/customdeny/grupocasasbahia.com.br/style.css
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://novavp-a.akamaihd.net/customdeny/pontofrio.com.br/style.css
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://novavp-a.akamaihd.net/customdeny/via.com.br/style.css
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302590773.000000C0003F8000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com/Wed
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://parceiro.gestaoar.shop/correios/certificados
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://prosel.correios.com.br/concursos
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://putaz.geometralengenharia.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7007762136.000000C000866000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://rakdd.equipebuffet.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://rastreamento.correios.com.br/app/index.php
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://rastreamento.correios.com.br/app/index.php;
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5296977865.000000C0004F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://s.w-x.co/240x180_twc_default.png
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://s.w-x.co/helios/twc/1.35.1/helios.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://saladeimprensa.correios.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://saladeimprensa.correios.com.br/arquivos/8601
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://spotify.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://spotify.comspeculation-rules
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/accounts/answer/32050?hl=pt-BR&co=GENIE.Platform%3DDesktop
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://terra.com.br
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://terra.com.brspeculation-rules
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00025D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://theweathercompany.info/$
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/weatherchannel
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://uxjuw.osberbigao.com/potify.com
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://uxjuw.osberbigao.com/potify.commust-revalidate
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://via.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vlibras.gov.br/app
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vlibras.gov.br/app/v
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vlibras.gov.br/app/vlibras-plugin.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://websdk.appsflyer.com?
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.casasbahia.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0001FA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0001FA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br//
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/RSS
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acessibilidade
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/acoes-e-programas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/auditorias
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/convenios-e-transferencias
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/dados-abertos
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/informacoes-classificadas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/institucional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/licitacoes-e-contratos
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/participacao-social
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/perguntas-frequentes
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/receitas-e-despesas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/servico-de-informacao-ao-cidadao-sic
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/servidores
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/acesso-a-informacao/transparencia-e-governanca
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/acesse-serasa-limpa-nome
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/achados-e-perdidos
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/adquira-certificado-digital
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/atendimento-presencial-telefonicas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/consulte-restricao-cpf-ou-cnpj
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/contrate-seu-plano-odontologico
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/cursos
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/emita-seu-cpf
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/mais-servicos-por-estado-ou-regiao
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/protocolo-orgaos-judiciais
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/seguros
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/titulo-de-capitalizacao
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/balcao-do-cidadao/transacoes-financeiras
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/correiosempresas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/developers
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/developers/correios-developers
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferram
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferramentas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferramentas/aplicativo-dos-correios
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferramentas/aplicativo-dos-correios/aplicativo-dos-correios
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferramentas/meu-correios-como-excluir-sua-conta
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/ferramentas/sistemas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/influenciadores-digitais
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atendimento/seguros/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/atom.xml
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/comprar
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/comprar/certificado-digital
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/comprar/certificado-digital-1/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/comprar/correios-celular
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/comprar/loja-online
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/config.js
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/correios-facil
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/correios-para-chamar-de-seu
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/educacao-e-cultura/filatelia/compre-seu-selo-aqui/compre-seu-selo-aqui
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/eleicoes/eleicoes
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/correspondencia
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/correspondencia/arquivos/nacional/guia-tecnico-de-enderecamento-d
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/correspondencia/correspondencias
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/dinheiro
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/dinheiro/dinheiro
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/arquivo/nacional/formulario-declaracao-de-conteudo-a5
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/arquivo/nacional/guia-de-enderecamento.pdf
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/arquivo/nacional/guia-tecnico-embalagens-rpc_v1-1.pdf
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/internacional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/nacional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/encomendas/nacional/nacional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/marketing-direto
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/marketing-direto/marketing
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/novo-sedex-hoje/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/precisa-de-ajuda
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/precisa-de-ajuda/como-contratar-os-correios
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/precisa-de-ajuda/correios-de-a-a-z
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/enviar/precisa-de-ajuda/tudo-sobre-cep
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/estrutura-da-pagina/acessibilidade/saiba-mais-sobre-acessibilidade/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/estrutura-da-pagina/carol/corpo/carol-corpo.png/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/estrutura-da-pagina/carol/rosto/rosto_carol_nova-1.png/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/estrutura-da-pagina/meu-correios/pessoa-juridica
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/estrutura-da-pagina/propaganda-menu/correios/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/fale-com-os-correios/politica-de-privacidade-e-notas-legais/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/falecomoscorreios/central-de-atendimento
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/app-correios/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/busca-cep-ou-endereco/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/central-de-atendimento/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/correios-empresa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/encontre-sua-agencia/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/loja-online/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/minhas-importacoes/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/pre-postagem/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/precos-e-prazos-internacionais/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/precos-e-prazos/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/sala-de-imprensa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/acesso-rapido/seja-um-parceiro-um-correios-para-chamar-de
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/banner-principal/certificado-digital-dos-correios-1/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/banner-principal/concurso-dos-correios/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/banner-principal/premio-reclame-aqui/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/home-page-2024/rastreamento/acompanhe-seu-objeto/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/homepage
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/contrateoscorreios
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/contrateoscorreios/como-contratar-os-correios
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/log-saude/log-saude
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/logi-supri/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/logistica-novo-layout
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/logistica-novo-layout/logistica
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/logistica/precisa-de-ajuda
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/pagina-temporariamente-indisponivel/pagina-indisponivel
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/plonejsi18n
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/dinheiro
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/encomenda
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/encomenda/internacional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/encomenda/nacional
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/encomenda/nacional/receber-encomenda
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/locker-dos-correios/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/receber/precisa-de-ajuda
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/resolveuid/49581b78d9894145a5fd9c10547853fb
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/rss.xml
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.correios.com.br/sitemap
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.extra.co
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.extra.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-J59GSF3WW5
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303139230.000000C000302000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WNPMDD2
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.grupocasasbahia.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/weatherchannel/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000414000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ach/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ada/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/af/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/am/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ar/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/as/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ay/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/az-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/az/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bas/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bba/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bci/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bcl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bem/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bin/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bm/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/bum/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/cat/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ceb/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/chk/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ckb/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/cmn-hant/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/crs/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/cs/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/cv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/cy/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/da/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/de/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/dga/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/dua/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/dyu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ee/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/efi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/el/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/en/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fj/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fon/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/fr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/gaa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/gil/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/gkn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/guc/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/gug/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/gui/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/guw/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ha/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/he/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hil/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hmn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ho/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ht/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hy/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hyw/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/hz/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/id/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ig/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ilo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/is/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/it/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ja/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ka/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kab/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kam/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kbd/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kbp/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kck-x-kl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ki/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kj/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kk/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/km/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kmb/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kmr-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ko/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kos/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/kwy/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ky/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lb/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lgg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ln/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/loz/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lua/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/luo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/lv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/maz/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mfe/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mgr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mh/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mhr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mk/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ml/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mni/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mos/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/mt/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/my/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nch/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ncj/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nd/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ne/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ng/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ngl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ngu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/niu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/no/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nso/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ny/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nya/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nyn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/nzi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/om/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/os-x-dgr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/os/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pag/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pap-x-paa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pap/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pau/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pdt/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/pon/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/qu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/quc/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/que/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/quy/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/quz/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/rmn-x-rm/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/rtm/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ru/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/run/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/rw/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/seh/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/si/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sid/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sk/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sm/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sr-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sr-latn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/srn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ss/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/st/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/sw/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/swc/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ta/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tdt/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/te/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/teo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/th/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ti/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tiv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tk-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/to/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tog/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/toi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tpi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tr/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ts/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tt/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ttj/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tum/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tvl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ty/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/tyv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ug-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/uk/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/umb/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/uz-cyrl/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/uz-latn/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/ve/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/vi/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/vmw/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/wal/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/war/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/whg/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/wls/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/wo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/www.jw.org
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/xh/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/xmv/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/yao/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/yap/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/yo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/yua/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/zai/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/zne/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/zpa/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jw.org/zu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/company/the-weather-channel
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.openstreetmap.org/about
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.pinterest.com/weatherchannel/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.pontofrio.com.br/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.reclameaqui.com.br/premio/votacao/servicos/2531/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302614468.000000C0003EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000330000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.spotify.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.spotify.com/X-Content-Type-Options
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.spotify.com/X-Content-Type-OptionsX-Content-Type-Options
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.terra.com.br/amp/story/vida-e-estilo/horoscopo/horoscopo-de-23-a-29-de-setembro-para-tod
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.terra.com.br/parceiros/flipar/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.terra.com.br/parceiros/joao-bidu/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.terra.com.br/vida-e-estilo/horoscopo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.terra.com.br/vida-e-estilo/turismo/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303139230.000000C000302000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wyejd.acosouropreto.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC1720 LoadLibraryExW,LoadLibraryExW,NtCreateWaitCompletionPacket,NtAssociateWaitCompletionPacket,NtCancelWaitCompletionPacket,RtlGetCurrentPeb,RtlGetVersion,	0_2_00EC1720
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC2F60 DuplicateHandle,GetCurrentThreadId,CreateWaitableTimerExW,CreateWaitableTimerExW,NtCreateWaitCompletionPacket,VirtualQuery,	0_2_00EC2F60
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC1320 NtCancelWaitCompletionPacket,SetWaitableTimer,NtAssociateWaitCompletionPacket,	0_2_00EC1320

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00E92260	0_2_00E92260
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ECE320	0_2_00ECE320
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ED5520	0_2_00ED5520
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EF568C	0_2_00EF568C
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB3630	0_2_00EB3630
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB6760	0_2_00EB6760
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC78E0	0_2_00EC78E0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA3840	0_2_00EA3840
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB5940	0_2_00EB5940
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ECECA0	0_2_00ECECA0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00E9CD80	0_2_00E9CD80
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC3E00	0_2_00EC3E00
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EEC0A0	0_2_00EEC0A0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F0A040	0_2_00F0A040
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F21020	0_2_00F21020
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EE9180	0_2_00EE9180
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC8120	0_2_00EC8120
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EE0280	0_2_00EE0280
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB0260	0_2_00EB0260
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA8380	0_2_00EA8380
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F29300	0_2_00F29300
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F284C0	0_2_00F284C0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00E9A400	0_2_00E9A400
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ECB5C0	0_2_00ECB5C0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA76C0	0_2_00EA76C0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EC06C0	0_2_00EC06C0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB46A0	0_2_00EB46A0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EFE6A0	0_2_00EFE6A0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EF0660	0_2_00EF0660
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EE5640	0_2_00EE5640
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F2E620	0_2_00F2E620
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F1C7E0	0_2_00F1C7E0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA1760	0_2_00EA1760
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EFF729	0_2_00EFF729
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB9720	0_2_00EB9720
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F20800	0_2_00F20800
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F229E0	0_2_00F229E0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EE19C0	0_2_00EE19C0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EAE980	0_2_00EAE980
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA6960	0_2_00EA6960
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EEB920	0_2_00EEB920
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F09920	0_2_00F09920
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EF9A40	0_2_00EF9A40
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F24BE0	0_2_00F24BE0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F32BE0	0_2_00F32BE0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EBABC0	0_2_00EBABC0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ED7BC0	0_2_00ED7BC0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00E9DB60	0_2_00E9DB60
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EB9C00	0_2_00EB9C00
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EEEC00	0_2_00EEEC00
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F27C00	0_2_00F27C00
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ED9D20	0_2_00ED9D20
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F32D00	0_2_00F32D00
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F1CEE0	0_2_00F1CEE0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F22EE0	0_2_00F22EE0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00F32EE0	0_2_00F32EE0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EBDEC0	0_2_00EBDEC0
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ECFE60	0_2_00ECFE60
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00E93E40	0_2_00E93E40
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EBCE20	0_2_00EBCE20
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EA7FA5	0_2_00EA7FA5
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EBBF80	0_2_00EBBF80
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00ECBF80	0_2_00ECBF80
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: 0_2_00EFBF40	0_2_00EFBF40

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: String function: 00EC60A0 appears 35 times
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: String function: 00EC8E60 appears 586 times
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: String function: 00EC8640 appears 59 times
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Code function: String function: 00EFA560 appears 539 times

Source: classification engine

Classification label: mal60.evad.mine.winEXE@1/0@25/19

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

File created: C:\Users\user\AppData\Local\Publishers\8j3eq9eme6ctt\achasseis

Jump to behavior

Source: LZ_109186961250811H#U00ae.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LZ_109186961250811H#U00ae.exe

ReversingLabs: Detection: 13%

Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: 0123456789abcdefghijklmnopqrstuvwxyzlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: 0123456789abcdefghijklmnopqrstuvwxyzlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable t
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime:
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoneduse of closed network connection" not supported for cpu option "ed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlapbytes.Buffer.Grow: negative countpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qsync: RUnlock of unlocked RWMutextoo many levels of symbolic linksInitializeProcThreadAttributeListskip everything and stop the walkleafCounts[maxBits][maxBits] != ntls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangereflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length go package net: confVal.netCgo = 142108547152020037174224853515625710542735760100185871124267578125slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeempty hex number for chunk lengthGetVolumeNameForVolumeMountPointWwaiting for unsupported file typeGODEBUG: no value specified for "crypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/aes: output not full blockcrypto/des: output not full blocktoo many Answers to pack (>65535)scalar has high bit set illegallyindefinite length found (not DER)struct contains unexpor
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoneduse of closed network connection" not supported for cpu option "ed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlapbytes.Buffer.Grow: negative countpseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qsync: RUnlock of unlocked RWMutextoo many levels of symbolic linksInitializeProcThreadAttributeListskip everything and stop the walkleafCounts[maxBits][maxBits] != ntls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangereflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length go package net: confVal.netCgo = 142108547152020037174224853515625710542735760100185871124267578125slice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeempty hex number for chunk lengthGetVolumeNameForVolumeMountPointWwaiting for unsupported file typeGODEBUG: no value specified for "crypto: requested hash function #x509: invalid RSA public exponentx509: SAN rfc822Name is malformedx509: invalid extended key usagescrypto/aes: output not full blockcrypto/des: output not full blocktoo many Answers to pack (>65535)scalar has high bit set illegallyindefinite length found (not DER)struct contains unexpor
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: failed to construct HKDF label: %sreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of range3552713678800500929355621337890625slice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacityunexpected runtime.netpoll error: crypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizeencoding/hex: odd length hex stringhttp: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00network dropped connection on resettransport endpoint is not connectedhash/crc32: invalid hash state sizeflate: corrupt input before offset unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharereflect.MakeSlice of non-slice type1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9mime: bogus characters after %%: %qpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinebigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)'_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferbytes.Reader.ReadAt: negative offsethttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying af
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: failed to construct HKDF label: %sreflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of range3552713678800500929355621337890625slice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacityunexpected runtime.netpoll error: crypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizeencoding/hex: odd length hex stringhttp: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00network dropped connection on resettransport endpoint is not connectedhash/crc32: invalid hash state sizeflate: corrupt input before offset unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharereflect.MakeSlice of non-slice type1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9mime: bogus characters after %%: %qpersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinebigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)'_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferbytes.Reader.ReadAt: negative offsethttp: unexpected EOF reading trailer LastStreamID=%v ErrCode=%v Debug=%qRoundTrip retrying af
Source: LZ_109186961250811H#U00ae.exe	String found in binary or memory: net/addrselect.go

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Section loaded: gpapi.dll	Jump to behavior

Source: LZ_109186961250811H#U00ae.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: LZ_109186961250811H#U00ae.exe

Static file information: File size 5423616 > 1048576

Source: LZ_109186961250811H#U00ae.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x260c00
Source: LZ_109186961250811H#U00ae.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x27b400

Source: LZ_109186961250811H#U00ae.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: LZ_109186961250811H#U00ae.exe	Static PE information: section name: .xdata
Source: LZ_109186961250811H#U00ae.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00F362E4 push rdx; ret

0_2_00F362EB

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00F02480 rdtscp

0_2_00F02480

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00EC2020 GetSystemInfo,SetProcessPriorityBoost,

0_2_00EC2020

Source: LZ_109186961250811H#U00ae.exe, 00000000.00000002.7008244897.000001B2341C1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlldd

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00F02480 Start: 00F02489 End: 00F0249F

0_2_00F02480

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00F02480 rdtscp

0_2_00F02480

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe	Queries volume information: C:\Users\user\AppData\Local\Publishers VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Code function: 0_2_00EC1720 LoadLibraryExW,LoadLibraryExW,NtCreateWaitCompletionPacket,NtAssociateWaitCompletionPacket,NtCancelWaitCompletionPacket,RtlGetCurrentPeb,RtlGetVersion,

0_2_00EC1720

Source: C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Modify Registry	LSASS Memory	14 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Install Root Certificate	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
LZ_109186961250811H#U00ae.exe	13%	ReversingLabs

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pleku.karinapisos.com	104.21.59.92	true	false	unknown
uxjuw.osberbigao.com	104.21.80.152	true	false	unknown
spotify.com	35.186.224.24	true	false	unknown
putaz.geometralengenharia.com	172.67.158.215	true	false	unknown
jw.org	184.28.207.119	true	false	unknown
atc.spotify.map.fastly.net	151.101.131.42	true	false	unknown
jqbve.ullmannemp.com	172.67.159.186	true	false	unknown
rakdd.equipebuffet.com	104.21.28.189	true	false	unknown
terra.com.br	208.84.244.116	true	false	unknown
www.correios.com.br	201.48.198.80	true	false	unknown
letras.mus.br	177.54.145.108	true	false	unknown
correios.com.br	186.211.255.80	true	false	unknown
wyejd.acosouropreto.com	104.21.64.85	true	false	unknown
weather.com	23.204.10.170	true	false	unknown
casasbahia.com.br	23.48.224.105	true	false	unknown
gywfq.tecnokoll.com	172.67.154.4	true	false	unknown
edge-web.dual-gslb.spotify.com	35.186.224.24	true	false	unknown
lzarz.cearacaju.com	172.67.194.39	true	false	unknown
d3txhn20wjevmq.cloudfront.net	18.238.49.52	true	false	unknown
rxemz.arjmineradora.com	104.21.39.248	true	false	unknown
noticias.uol.com.br	unknown	unknown	false	unknown
www.letras.mus.br	unknown	unknown	false	unknown
open.spotify.com	unknown	unknown	false	unknown
www.spotify.com	unknown	unknown	false	unknown
www.terra.com.br	unknown	unknown	false	unknown
microsoftonline.com	unknown	unknown	false	unknown
www.jw.org	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://correios.com.br/	false		unknown
https://open.spotify.com/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://theweathercompany.info/$	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000302000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00025D000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/az/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atom.xml	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/kab/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://wyejd.acosouropreto.com/	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/kbd/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://micro.rubiconproject.com/prebid/dynamic/10738.js	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303270757.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5296977865.000000C0004F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302774585.000000C000382000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atendimento/influenciadores-digitais	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/receber/precisa-de-ajuda	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://prosel.correios.com.br/concursos	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.extra.co	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atendimento/balcao-do-cidadao/protocolo-orgaos-judiciais	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://o.pki.goog/s/we1/WUo0%	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar/precisa-de-ajuda/como-contratar-os-correios	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ceb/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atendimento/ferramentas/aplicativo-dos-correios	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/km/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atendimento	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/lo/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/comprar/certificado-digital	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://efi.correios.com.br/app/simulaPrecoPrazoInternacional/index.php	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/mfe/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://images.terra.com/2022/05/27/flipar_favicon_32x32_mascara-vf0upzz9httf.png	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004C2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/pon/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/tyv/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/xh/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306288660.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302842549.000000C000330000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/plonejsi18n	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar/encomendas/internacional	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://crt.r2m02.amazontrust.com/r2m02.cer0	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00048D000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302170249.000000C00043C000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00043C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://s.ss2.us/r.crl	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/mr/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar/encomendas/nacional	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/kn/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/teo/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://vlibras.gov.br/app	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?version=4.8.0&features=default%2CArray.prot	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://bit.ly/3iHw48f	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003D4000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://s.w-x.co/helios/twc/1.35.1/helios.js	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/logistica/logistica-novo-layout/logistica	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://buscacepinter.correios.com.br/app/endereco/index.php?t	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/xmv/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ve/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/srn/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ug-cyrl/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ta/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://c.pki.goog/r/gsr1.crl0	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5464794829.000001B23423C000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5304086761.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000278000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5769678326.000001B23423D000.00000004.00000020.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C00042E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000190000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://spotify.comspeculation-rules	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/bba/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ko/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/rss.xml	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000E4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000D2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://vlibras.gov.br/app/vlibras-plugin.js	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://i.pki.goog/gsr1.crt	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C000478000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000004000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000406000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002E0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302452813.000000C000404000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/hi/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://bit.ly/alo30	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/da/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/yua/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/guw/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/bin/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://effulgenttempest.com/57930e98704a/9972c29ffcf7b25dd45e0aa8.main.js	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5300936329.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C00053A000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/quy/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://c.pki.goog/we1/r1Lq4vMcD8c.crl0	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005608219.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302664060.000000C0003E2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5302320666.000000C00041E000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7005753392.000000C000420000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/nv/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/quz/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/sr-cyrl/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/mt/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/cmn-hant/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://jqbve.ullmannemp.com/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306454949.000000C0000BE000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/fon/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://bit.ly/alo40	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/pau/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://x.ss2.us/x.cerhttp://s.ss2.us/r.crlnoticias.uol.com.br:443http://i.pki.goog/r4.crtGlobalSign	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5306520362.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://open.spotify.com/Wed	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002BA000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/acesso-a-informacao/servidores	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/os-x-dgr/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://correios.com.br	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/tog/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/tpi/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://letras.mus.brspeculation-rules	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000178000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000170000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ach/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/home-page-2024/acesso-rapido/minhas-importacoes/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://o.pki.goog/s/we1/CQc0%	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002A6000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5303664678.000000C0002B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002AA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/comprar	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
http://c.pki.goog/we1/SaWLYV2xvlI.crl0	LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000003.5305194971.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000188000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00017A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000074000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000220000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/estrutura-da-pagina/carol/corpo/carol-corpo.png/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0000EE000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0002F0000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ee/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar/correspondencia/correspondencias	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00011C000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://saladeimprensa.correios.com.br/arquivos/8601	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/acesso-a-informacao/auditorias	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/falecomoscorreios/central-de-atendimento	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/atendimento/seguros/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/chk/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/acesso-a-informacao/perguntas-frequentes	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/home-page-2024/acesso-rapido/loja-online/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003A2000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/dua/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.correios.com.br/enviar/encomendas/arquivo/nacional/guia-de-enderecamento.pdf	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C00024A000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000341000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C000142000.00000004.00001000.00020000.00000000.sdmp	false	unknown
https://www.jw.org/ny/	LZ_109186961250811H#U00ae.exe, 00000000.00000002.7001036251.000000C0003B4000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004DA000.00000004.00001000.00020000.00000000.sdmp, LZ_109186961250811H#U00ae.exe, 00000000.00000002.7006301592.000000C0004B5000.00000004.00001000.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.64.85	wyejd.acosouropreto.com	United States	13335	CLOUDFLARENETUS	false
186.211.255.80	correios.com.br	Brazil	14840	COMMCORPCOMUNICACOESLTDABR	false
104.21.59.92	pleku.karinapisos.com	United States	13335	CLOUDFLARENETUS	false
201.48.198.80	www.correios.com.br	Brazil	16735	ALGARTELECOMSABR	false
104.21.80.152	uxjuw.osberbigao.com	United States	13335	CLOUDFLARENETUS	false
172.67.158.215	putaz.geometralengenharia.com	United States	13335	CLOUDFLARENETUS	false
172.67.154.4	gywfq.tecnokoll.com	United States	13335	CLOUDFLARENETUS	false
172.67.159.186	jqbve.ullmannemp.com	United States	13335	CLOUDFLARENETUS	false
35.186.224.24	spotify.com	United States	15169	GOOGLEUS	false
18.238.49.52	d3txhn20wjevmq.cloudfront.net	United States	16509	AMAZON-02US	false
172.67.194.39	lzarz.cearacaju.com	United States	13335	CLOUDFLARENETUS	false
177.54.145.108	letras.mus.br	Brazil	262287	MaxihostLTDABR	false
151.101.131.42	atc.spotify.map.fastly.net	United States	54113	FASTLYUS	false
23.204.10.170	weather.com	United States	16625	AKAMAI-ASUS	false
184.28.207.119	jw.org	United States	16625	AKAMAI-ASUS	false
208.84.244.116	terra.com.br	United States	40260	TERRA-NETWORKS-MIAMIUS	false
23.48.224.105	casasbahia.com.br	United States	20940	AKAMAI-ASN1EU	false
104.21.39.248	rxemz.arjmineradora.com	United States	13335	CLOUDFLARENETUS	false
104.21.28.189	rakdd.equipebuffet.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529961
Start date and time:	2024-10-09 15:22:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LZ_109186961250811H#U00ae.exe
Detection:	MAL
Classification:	mal60.evad.mine.winEXE@1/0@25/19
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 18 Number of non-executed functions: 56
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Stop behavior analysis, all processes terminated

Warnings

Excluded IPs from analysis (whitelisted): 23.53.126.141, 23.53.126.192, 23.53.126.205, 23.53.126.157, 23.200.198.246, 23.217.173.130
Excluded domains from analysis (whitelisted): a1799.dscb.akamai.net, www.terra.com.br.edgesuite.net, ctldl.windowsupdate.com, e9570.b.akamaiedge.net, www.jw.org.edgekey.net, studiosol.edgesuite.net, a1805.dscb.akamai.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: LZ_109186961250811H#U00ae.exe

WriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 9, 2024 15:26:40.617443085 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:40.617603064 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:40.618079901 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:40.618429899 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:40.618532896 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.207573891 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.207701921 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.207947016 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.208031893 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.208268881 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.238872051 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.238873005 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.238997936 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.239031076 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.239048958 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.239068985 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.334451914 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.334799051 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.334887981 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.670455933 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:26:41.726254940 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:26:41.796760082 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:41.796896935 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:41.797234058 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:41.797573090 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:41.797665119 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.430191040 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.430527925 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.430550098 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.430608034 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.430620909 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.431235075 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.431416988 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.432972908 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.433229923 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.434803963 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.434849977 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.434931040 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.482352018 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.482372046 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.530158997 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.825412035 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.825815916 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.826042891 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.826466084 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.826544046 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:42.826575041 CEST	49707	443	192.168.11.20	177.54.145.108
Oct 9, 2024 15:26:42.826627016 CEST	443	49707	177.54.145.108	192.168.11.20
Oct 9, 2024 15:26:47.233967066 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.234049082 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.234204054 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.234585047 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.234635115 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.827465057 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.827647924 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.827827930 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.828016043 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.828073025 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.828258038 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.831001997 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.831002951 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.831002951 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.831116915 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.831171036 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.831192970 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.927316904 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:47.927617073 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:47.927685022 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:48.115958929 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:48.163625956 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:48.163691044 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:26:48.211078882 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:26:48.260519981 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.260656118 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.260972977 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.261212111 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.261284113 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.708467007 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.708719969 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.708758116 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.708784103 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.708808899 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.711548090 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.711719990 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.712352991 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.712378025 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.712523937 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.759862900 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.759922028 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.807564020 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.885802984 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.886123896 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.886133909 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.886136055 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.886298895 CEST	443	49710	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.886333942 CEST	49710	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.982011080 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.982170105 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:48.982505083 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.982809067 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:48.982896090 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.404007912 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.404309988 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.404377937 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.404402018 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.404427052 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.407882929 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.408231020 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.408858061 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.409023046 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.409152031 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.456855059 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.456897020 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.504609108 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.599571943 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.599991083 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.599991083 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.600076914 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.600131989 CEST	443	49711	35.186.224.24	192.168.11.20
Oct 9, 2024 15:26:49.600230932 CEST	49711	443	192.168.11.20	35.186.224.24
Oct 9, 2024 15:26:49.697629929 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:49.697736025 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:49.697983980 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:49.698405027 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:49.698497057 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.128711939 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.129115105 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.129116058 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.129163980 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.129179955 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.131099939 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.131346941 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.131979942 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.131979942 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.132162094 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.180139065 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.180207968 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.228138924 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.282807112 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.283601999 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.283807993 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.283901930 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.283901930 CEST	49712	443	192.168.11.20	151.101.131.42
Oct 9, 2024 15:26:50.283974886 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:50.284017086 CEST	443	49712	151.101.131.42	192.168.11.20
Oct 9, 2024 15:26:58.461699009 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:58.461855888 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:58.462157965 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:58.462434053 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:58.462522030 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.054656982 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.054805040 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.054992914 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.055044889 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.055454969 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.057951927 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.058022022 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.058057070 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.058057070 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.058151960 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.058175087 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.153553009 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.154216051 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.154310942 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.248398066 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.296168089 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.443010092 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:26:59.484169006 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:26:59.685033083 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:26:59.685185909 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:26:59.685511112 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:26:59.685743093 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:26:59.685810089 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.267292976 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.267435074 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.267807007 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.267870903 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.268140078 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.268382072 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.269805908 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.269881964 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.269900084 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.269925117 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.270028114 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.270080090 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.364856005 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.365171909 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:00.365190983 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.460278034 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:00.507988930 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:04.643681049 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:04.643695116 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:04.643928051 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:04.644319057 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:04.644328117 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.235718012 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.235842943 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.235979080 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.236037970 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.236148119 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.238698006 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.238698006 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.238698006 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.238797903 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.238843918 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.238866091 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.334935904 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.335320950 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:05.335441113 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.527648926 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:05.571898937 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:08.828984022 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:08.829099894 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:08.829246998 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:08.829595089 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:08.829638958 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.414582014 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.414705992 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.414779902 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.414825916 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.414977074 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.417612076 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.417612076 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.417670012 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.417700052 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.417711020 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.417728901 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.512937069 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.513236046 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.513297081 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.702167988 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.750066996 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.750165939 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:09.797395945 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:09.881995916 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:09.882056952 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:09.882235050 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:09.882740021 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:09.882787943 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.383753061 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.384368896 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.384390116 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.384411097 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.384435892 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.385865927 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.386198997 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.386774063 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.386840105 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.386924028 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.434366941 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.434461117 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.482263088 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.638319016 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.638660908 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.639017105 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.639103889 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.639105082 CEST	49717	443	192.168.11.20	208.84.244.116
Oct 9, 2024 15:27:10.639178991 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:10.639210939 CEST	443	49717	208.84.244.116	192.168.11.20
Oct 9, 2024 15:27:11.674948931 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:27:11.675057888 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:27:18.173178911 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:27:18.173247099 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:27:22.096045971 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.096091032 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.096333981 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.096716881 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.096745968 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.683155060 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.683252096 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.683365107 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.683439016 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.683556080 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.687999010 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.687999010 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.687999010 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.688071966 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.688103914 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.688117981 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.783180952 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.783449888 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:22.783490896 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:22.981412888 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:23.034310102 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:23.077848911 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.077919006 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.078061104 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.078437090 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.078489065 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.488183975 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.488461018 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.488500118 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.488527060 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.488555908 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.491627932 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.491832018 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.492311001 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.492358923 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.492563009 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.540280104 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.540343046 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.588116884 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.746840954 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.746874094 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.746900082 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.746993065 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.746999025 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.747000933 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.747076035 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.747123003 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.747176886 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.747246981 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.847745895 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.847774029 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.847909927 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.848051071 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.848062992 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.848256111 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.851964951 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.877449036 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.877542973 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.877796888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.877796888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.877796888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.877796888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.877866030 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.904689074 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.904809952 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.904918909 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.905019999 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.905046940 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.905047894 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.905047894 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.905256033 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.951534986 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.951630116 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.951783895 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.951783895 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.951785088 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.951873064 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.951908112 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.951908112 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.952029943 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973427057 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.973517895 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.973795891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973795891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973795891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973795891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973797083 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.973865986 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.974179029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.993993044 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.994096041 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.994250059 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.994312048 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:23.994359970 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:23.994510889 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.014864922 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.014955044 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.015285969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.015285969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.015285969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.015285969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.015285969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.015402079 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.015685081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.017800093 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.018001080 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.037347078 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.037453890 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.037523985 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.037523985 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.037579060 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.037607908 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.037633896 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.037790060 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.048517942 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.048582077 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.048707962 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.048707962 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.048894882 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.048935890 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.049290895 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.053971052 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.054210901 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.054210901 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.054210901 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.065994024 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.066070080 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.066175938 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.066175938 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.066219091 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.066240072 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.066267967 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.066317081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.066415071 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.069477081 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.069736958 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.081105947 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.081182003 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.081358910 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.081402063 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.081425905 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.090573072 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.090651989 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.090756893 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.090756893 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.090794086 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.090955019 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.092312098 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.092505932 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.092531919 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.101473093 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.101540089 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.101697922 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.101736069 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.101761103 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.101921082 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.112230062 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.112304926 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.112466097 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.112466097 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.112507105 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.112538099 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.112538099 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.116780043 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.116986990 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.117027998 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.117055893 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.125614882 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.125691891 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.125843048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.125843048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.125843048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.125843048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.125895023 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.125931025 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.129956961 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.130208015 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.130270958 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.130506992 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.137855053 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.137998104 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.138134003 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.138134003 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.138232946 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.138276100 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.138478041 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.144898891 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.145010948 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.145131111 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.145131111 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.145294905 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.145363092 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.145561934 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.145905972 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.151995897 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.152106047 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.152230978 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.152231932 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.152308941 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.152369022 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.158891916 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.159015894 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.159126997 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.159126997 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.159187078 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.159291029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.159291029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.161566973 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.161761045 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.161830902 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.161860943 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.167619944 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.167741060 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.167824984 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.167825937 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.167893887 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.167979956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.167979956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.170391083 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.170634031 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.170684099 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.175452948 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.175560951 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.175640106 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.175698042 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.175720930 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.175770998 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.175770998 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.180383921 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.180510044 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.180614948 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.180614948 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.180691004 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.180752039 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.180752039 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.185961008 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.186070919 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.186171055 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.186171055 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.186243057 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.186274052 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.186274052 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.186355114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.190521955 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.190642118 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.190715075 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.190778971 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.190804005 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.190804958 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.190804958 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.190900087 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.193435907 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.193727016 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.193778038 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.197310925 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.197421074 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.197518110 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.197571993 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.197599888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.197599888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.197599888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.197691917 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.200150967 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.200340033 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.200396061 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.200422049 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.204291105 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.204399109 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.204528093 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.204576969 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.204607964 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.204607964 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208446980 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.208570957 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.208632946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208632946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208687067 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.208722115 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208801031 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208801031 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.208848000 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.212239027 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.212351084 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.212452888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.212452888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.212527037 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.212558031 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.212585926 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.216996908 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.217114925 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.217191935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.217191935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.217250109 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.217361927 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.217363119 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.218847036 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.219043016 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.219136953 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.222491980 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.222596884 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.222677946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.222677946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.222805023 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.222850084 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.224344015 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.224534988 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.224574089 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.224601984 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.228739977 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.228844881 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.228965998 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.229013920 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.229108095 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.231969118 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.232073069 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.232259989 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.232260942 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.232260942 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.232319117 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.232347012 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.233004093 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.233233929 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.233278036 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.233459949 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.236149073 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.236298084 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.236404896 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.236449003 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.236469030 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.236469030 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.236588001 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.239319086 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.239341974 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.239460945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.239509106 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.239590883 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.239595890 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.239733934 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.240778923 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.240916967 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.240964890 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.241014004 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.244599104 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.244641066 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.244777918 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.244826078 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.244831085 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.244874954 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.244874954 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.244986057 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.245505095 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.245662928 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.245662928 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.248534918 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.248548031 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.248681068 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.248810053 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.248810053 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.248816013 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.249002934 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.252091885 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.252104998 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.252218008 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.252254009 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.252305031 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.252310038 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.252353907 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.252403021 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.252451897 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.255650997 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.255662918 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.255815983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.255815983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.255863905 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.255868912 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.255970955 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.256088018 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.258546114 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.258560896 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.258766890 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.258863926 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.258863926 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.258871078 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.258913040 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.259011030 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.259061098 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.260032892 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.260170937 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.260170937 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.260313034 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.262953997 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.262969971 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.263186932 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.263195038 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.263237953 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.263351917 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.263919115 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.264096975 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.266623020 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.266664028 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.266817093 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.266823053 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.266913891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.266913891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.267011881 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.270239115 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.270252943 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.270342112 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.270389080 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.270389080 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.270437956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.270442963 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.270545006 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.270545006 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.272902966 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.272938967 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.273041010 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.273041010 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.273094893 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.273099899 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.273195982 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.273319006 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.275568008 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.275582075 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.275744915 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.275744915 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.275753975 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.275794029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.275794029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.275939941 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.276998043 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.277136087 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.277136087 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.277232885 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.279383898 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.279397964 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.279784918 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.279784918 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.279958963 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.279958963 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.279967070 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.280323029 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.280810118 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.280998945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283324003 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.283345938 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.283485889 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283677101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283677101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283677101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283677101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283677101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.283689022 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.285804033 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.285826921 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.285907984 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.285975933 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.285984039 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.286024094 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.286024094 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.286072969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.286072969 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.288424969 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.288445950 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.288575888 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.288625002 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.288625002 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.288630962 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.288672924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.288779020 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.291135073 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.291156054 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.291337967 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.291338921 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.291347027 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.291379929 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.291429043 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.291527033 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.292320967 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.292553902 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.292707920 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.294630051 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.294642925 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.294802904 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.294802904 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.294812918 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.294852018 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.294950008 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.294950008 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.295552015 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.295686960 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.295738935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.297678947 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.297691107 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.297859907 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.297885895 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.297976017 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.297976017 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.298028946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.298075914 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.298121929 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300041914 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.300059080 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.300174952 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300184011 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.300220966 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300220966 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300270081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300270081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.300270081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.302476883 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.302494049 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.302642107 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.302649975 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.302720070 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.302768946 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.304296970 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.304306984 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.304424047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.304424047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.304521084 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.304526091 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.304569960 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.304569960 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.305290937 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.305530071 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.305537939 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.307729959 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.307748079 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.307986021 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.307992935 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.308180094 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.308180094 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.308180094 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.308521032 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.308748960 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.308756113 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.308798075 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.308846951 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.310610056 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.310622931 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.310988903 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.310996056 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.311182022 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312596083 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.312608004 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.312731028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312731028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312740088 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.312791109 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312791109 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312827110 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.312875986 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.314443111 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.314455032 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.314615965 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.314615965 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.314625025 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.314663887 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.314760923 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.316312075 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.316323042 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.316452980 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.316452980 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.316462040 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.316507101 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.316603899 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.317148924 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.317398071 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.317398071 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.318983078 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.318994999 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.319165945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.319214106 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.319214106 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.319221020 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.319262981 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.320203066 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.320400953 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.320400953 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.320427895 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.321933031 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.321947098 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.322110891 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.322119951 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.322254896 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.323791981 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.323802948 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.324163914 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.324171066 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.326066017 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.326081038 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.326237917 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.326246977 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.326394081 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.327419043 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.327428102 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.327985048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.327985048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.327985048 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.327995062 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.328407049 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.329691887 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.329699993 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.330265045 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.330279112 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.331130981 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.331368923 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.331793070 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.331793070 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.331793070 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.331803083 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.331980944 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.331980944 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.332844019 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.332855940 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.333030939 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.333030939 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.333030939 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.333040953 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.333127975 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.334305048 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.334331989 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.334914923 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335336924 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.335349083 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.335719109 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.336240053 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.336253881 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.337143898 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.337143898 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.337143898 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.337143898 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.337143898 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.337155104 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.337924957 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.337943077 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.338094950 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.338094950 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.338104010 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.338141918 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.338196039 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.338239908 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.338809013 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.338965893 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.339107990 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.340636969 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.340666056 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.341017008 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.341470957 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.341470957 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.341480017 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.341660976 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.341660976 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.342434883 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.342448950 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.343153000 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.343161106 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.343344927 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.344130993 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.344142914 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.344281912 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.344294071 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.344374895 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.344438076 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.344444990 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.344584942 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.346210003 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.346224070 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.346810102 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.346817970 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.353950024 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.353965044 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.354239941 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.354253054 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354253054 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354264021 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.354445934 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354445934 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354634047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354634047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.354634047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.355720043 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.355731964 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.355865002 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.355942965 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.355942965 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.355948925 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.356098890 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.356690884 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.356853008 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.356904984 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357346058 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.357363939 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.357633114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357633114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357633114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357633114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357633114 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.357645988 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.358016014 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.358932018 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.358942986 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.359121084 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.359447956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.359447956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.359453917 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.359632015 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.360791922 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.360810041 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.360918045 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.360918045 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.360965014 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.360970974 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.361013889 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.361112118 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.362034082 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.362051964 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.362339973 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.362346888 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.362533092 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.362725019 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.362817049 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.363095045 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.363944054 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.363961935 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.364300966 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364300966 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364300966 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364326954 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.364490032 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364490032 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364576101 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.364717960 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.364768028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.365740061 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.365757942 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.365926981 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.365936041 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.365976095 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.365976095 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.366024971 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.367360115 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.367374897 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.367491961 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.367592096 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.367592096 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.367614031 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.367768049 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.367963076 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.368335962 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.368352890 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.368685007 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.368685007 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.368694067 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.369066000 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.370095015 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.370105982 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.370275974 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.370275974 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.370295048 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.370420933 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.370470047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.370676994 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.370879889 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.371855021 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.371891022 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.372107983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372107983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372107983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372107983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372107983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372122049 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.372489929 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.372585058 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.373151064 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.373552084 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.373564005 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.373711109 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.373902082 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.373902082 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.373902082 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.373909950 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.375164032 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.375185966 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.375345945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.375359058 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.375395060 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.375395060 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.375443935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.376194000 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.376225948 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.376363993 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.376374960 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.376414061 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.376414061 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.376461983 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.377156019 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.377171993 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.377368927 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.377368927 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.377376080 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.377418041 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.377466917 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.378287077 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.378505945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.378513098 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.379579067 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.379596949 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.379776955 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.379776955 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.379786968 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.379826069 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.379826069 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.379874945 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.380146980 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.380374908 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.380382061 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.381226063 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.381242990 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.381345987 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.381356001 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.381393909 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.381395102 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.381500959 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.382376909 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.382395983 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.382446051 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.382491112 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.382539034 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.382586956 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.382606030 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.382685900 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.382786989 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383388996 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.383404970 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.383529902 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383529902 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383578062 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383583069 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.383626938 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383724928 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.383724928 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.384959936 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.384979963 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.385133028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385133028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385133028 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385144949 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.385181904 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385181904 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385327101 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.385377884 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385385036 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.385524988 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385703087 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.385704041 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386564970 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.386579990 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.386714935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386714935 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386763096 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386763096 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386771917 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.386811972 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.386909962 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.387028933 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.387304068 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.387304068 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.401772976 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.401787996 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.402034998 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402035952 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402035952 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402035952 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402035952 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402050018 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.402224064 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.402995110 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.403013945 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.403203011 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.403251886 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.403259993 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.403356075 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.403511047 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.404057026 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.404150009 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.404227972 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.404227972 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.404273987 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.404324055 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.404324055 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.886831999 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.888250113 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.888250113 CEST	49720	443	192.168.11.20	23.204.10.170
Oct 9, 2024 15:27:24.888264894 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:24.888269901 CEST	443	49720	23.204.10.170	192.168.11.20
Oct 9, 2024 15:27:29.457643986 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:27:29.457752943 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:27:30.467838049 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:27:30.467901945 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:27:31.072619915 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.072743893 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.072982073 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.073357105 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.073440075 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.661048889 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.661252022 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.661385059 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.661521912 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.661623001 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.661842108 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.664165020 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.664165020 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.664268970 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.664330006 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.664355993 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.664396048 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.759823084 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:31.760209084 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:31.760293961 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:32.040822983 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:27:32.089274883 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:27:32.250535011 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:32.250632048 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:32.250874043 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:32.251163006 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:32.251225948 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.366767883 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.367089033 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.367147923 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.367182016 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.367208004 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.371596098 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.371849060 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.372410059 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.372459888 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.372823000 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.420625925 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.420689106 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.468426943 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.592652082 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.593003988 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.593091011 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.593115091 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.593152046 CEST	443	49722	186.211.255.80	192.168.11.20
Oct 9, 2024 15:27:33.593274117 CEST	49722	443	192.168.11.20	186.211.255.80
Oct 9, 2024 15:27:33.803307056 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:33.803411007 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:33.803744078 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:33.804090977 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:33.804148912 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.041873932 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.042177916 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.042262077 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.042292118 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.042335987 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.046545982 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.046864033 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.047359943 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.047360897 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.047816038 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.095483065 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.095546007 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.143279076 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.310340881 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.310451031 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.310667038 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.310750961 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.310849905 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.310920954 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.310967922 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.311194897 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.530060053 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:27:35.530113935 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:27:35.565634966 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.565661907 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.565857887 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.566026926 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.566044092 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.566245079 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.566276073 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.566304922 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.566653967 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.836978912 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.837424040 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.837620974 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.837699890 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.837807894 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.837937117 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.838001013 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.838037968 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.838211060 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.838582039 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.838653088 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.838932037 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:35.888478994 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:35.888808012 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.148055077 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.148286104 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.148562908 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.148737907 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.148739100 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.148929119 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.149126053 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.149487972 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.149630070 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.149696112 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.149719954 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.149844885 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.150080919 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.150099039 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.150149107 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.150268078 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.150304079 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.218348980 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.218656063 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.411334038 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.411498070 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.411530018 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.411631107 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.411664009 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.411777973 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.411890984 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.411920071 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.411979914 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412017107 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412133932 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412163973 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412199020 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412306070 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412373066 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412395954 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412410975 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412528038 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412565947 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412590981 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412780046 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412812948 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412828922 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.412918091 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.412918091 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.413018942 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.413022041 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413043022 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413172007 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413216114 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.413234949 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413305998 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.413376093 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413412094 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.413429976 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.413538933 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.460494995 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.473984003 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.474133968 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.474307060 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.474498987 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.474561930 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.474672079 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.669780970 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.670032024 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.670809984 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.670939922 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.671030998 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.671154976 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.671221018 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.671442986 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.671616077 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.671616077 CEST	49723	443	192.168.11.20	201.48.198.80
Oct 9, 2024 15:27:36.671685934 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:36.671709061 CEST	443	49723	201.48.198.80	192.168.11.20
Oct 9, 2024 15:27:39.764893055 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:27:39.764955044 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:27:40.868664980 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:40.868750095 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:40.868931055 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:40.869287968 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:40.869349957 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.462549925 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.462646008 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.462789059 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.462862968 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.463123083 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.465490103 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.465490103 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.465490103 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.465589046 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.465629101 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.465641975 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.561286926 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.561672926 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.561745882 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.687242031 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:27:41.687311888 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:27:41.761508942 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:27:41.812603951 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:27:41.859061003 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:41.859123945 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:41.859330893 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:41.859677076 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:41.859716892 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.263494968 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.263808966 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.263828039 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.263840914 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.263851881 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.265402079 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.265671015 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.266298056 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.266410112 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.266525030 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.313865900 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.313986063 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.361764908 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.447523117 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.447805882 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.447895050 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.447895050 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:42.448035955 CEST	443	49725	184.28.207.119	192.168.11.20
Oct 9, 2024 15:27:42.448076963 CEST	49725	443	192.168.11.20	184.28.207.119
Oct 9, 2024 15:27:48.183442116 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:27:48.183501005 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:27:52.982222080 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:27:52.982254028 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:27:59.465229034 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:27:59.465262890 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:28:00.480531931 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:28:00.480581999 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:28:02.057358027 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:28:02.057445049 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:28:05.538419962 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:28:05.538497925 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:28:09.313231945 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.313254118 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.313416958 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.313801050 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.313827038 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.767508984 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:28:09.767570972 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:28:09.927594900 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.927678108 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.927922010 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.927979946 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.928287029 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.930381060 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.930381060 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.930442095 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.930474997 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:09.930489063 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:09.930505991 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:10.025767088 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:10.026269913 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:10.026336908 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:10.221615076 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:10.277064085 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:10.587361097 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:10.587390900 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:10.587580919 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:10.587968111 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:10.587980032 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.170804977 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.170963049 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.171159983 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:11.171240091 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.203964949 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:11.204011917 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.204103947 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:11.204121113 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.299417973 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.347201109 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:11.679512024 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:28:11.679649115 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:28:11.679686069 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:28:11.680082083 CEST	443	49706	172.67.194.39	192.168.11.20
Oct 9, 2024 15:28:11.680227041 CEST	49706	443	192.168.11.20	172.67.194.39
Oct 9, 2024 15:28:11.773638964 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:28:11.773696899 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:28:11.892754078 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:11.893066883 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:18.176408052 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:28:18.176486015 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:28:18.176508904 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:28:18.176881075 CEST	443	49709	172.67.154.4	192.168.11.20
Oct 9, 2024 15:28:18.177023888 CEST	49709	443	192.168.11.20	172.67.154.4
Oct 9, 2024 15:28:22.988152027 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:28:22.988192081 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:28:29.453694105 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:28:29.453695059 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:28:29.453809023 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:28:29.454191923 CEST	443	49713	172.67.159.186	192.168.11.20
Oct 9, 2024 15:28:29.454391003 CEST	49713	443	192.168.11.20	172.67.159.186
Oct 9, 2024 15:28:30.476255894 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:28:30.476284027 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:28:30.476350069 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:28:30.476481915 CEST	443	49714	18.238.49.52	192.168.11.20
Oct 9, 2024 15:28:30.476762056 CEST	49714	443	192.168.11.20	18.238.49.52
Oct 9, 2024 15:28:32.072163105 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:28:32.072263002 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:28:35.540301085 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:28:35.540301085 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:28:35.540416002 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:28:35.540462017 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:28:35.540478945 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:28:35.540949106 CEST	443	49715	104.21.59.92	192.168.11.20
Oct 9, 2024 15:28:35.541085005 CEST	49715	443	192.168.11.20	104.21.59.92
Oct 9, 2024 15:28:39.761513948 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:28:39.761605978 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:28:39.761631966 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:28:39.762005091 CEST	443	49716	104.21.64.85	192.168.11.20
Oct 9, 2024 15:28:39.762280941 CEST	49716	443	192.168.11.20	104.21.64.85
Oct 9, 2024 15:28:40.230624914 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:28:40.230701923 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:28:41.777187109 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:28:41.777236938 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:28:41.902318001 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:28:41.902409077 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:28:52.988454103 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:28:52.988454103 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:28:52.988529921 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:28:52.988883972 CEST	443	49719	104.21.39.248	192.168.11.20
Oct 9, 2024 15:28:52.989084959 CEST	49719	443	192.168.11.20	104.21.39.248
Oct 9, 2024 15:29:02.036648035 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:29:02.036720037 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:29:02.036736965 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:29:02.037066936 CEST	443	49721	172.67.158.215	192.168.11.20
Oct 9, 2024 15:29:02.037235022 CEST	49721	443	192.168.11.20	172.67.158.215
Oct 9, 2024 15:29:10.239156961 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:29:10.239172935 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:29:11.764055014 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:29:11.764182091 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:29:11.764209986 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:29:11.764595032 CEST	443	49724	104.21.80.152	192.168.11.20
Oct 9, 2024 15:29:11.764843941 CEST	49724	443	192.168.11.20	104.21.80.152
Oct 9, 2024 15:29:11.906379938 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:29:11.906486988 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:29:40.229736090 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:29:40.229736090 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:29:40.229784966 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:29:40.230027914 CEST	443	49728	104.21.28.189	192.168.11.20
Oct 9, 2024 15:29:40.230191946 CEST	49728	443	192.168.11.20	104.21.28.189
Oct 9, 2024 15:29:41.891144037 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:29:41.891144037 CEST	49729	443	192.168.11.20	23.48.224.105
Oct 9, 2024 15:29:41.891282082 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:29:41.891844988 CEST	443	49729	23.48.224.105	192.168.11.20
Oct 9, 2024 15:29:41.892060041 CEST	49729	443	192.168.11.20	23.48.224.105

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 9, 2024 15:26:40.401587009 CEST	57076	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:40.614017963 CEST	53	57076	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:41.671343088 CEST	63794	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:41.795878887 CEST	53	63794	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:42.826472044 CEST	64458	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:47.095488071 CEST	54486	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:47.233243942 CEST	53	54486	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:48.164532900 CEST	52983	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:48.259629965 CEST	53	52983	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:48.886579037 CEST	61144	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:48.981240034 CEST	53	61144	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:49.600383997 CEST	61995	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:49.696945906 CEST	53	61995	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:58.292210102 CEST	60513	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:58.460941076 CEST	53	60513	1.1.1.1	192.168.11.20
Oct 9, 2024 15:26:59.443738937 CEST	50205	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:26:59.684009075 CEST	53	50205	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:04.463000059 CEST	54707	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:04.642846107 CEST	53	54707	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:05.528853893 CEST	53585	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:05.624489069 CEST	53	53585	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:08.625843048 CEST	49434	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:08.828372002 CEST	53	49434	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:09.752332926 CEST	61327	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:09.881083965 CEST	53	61327	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:10.639606953 CEST	50876	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:21.926661015 CEST	50619	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:22.095175982 CEST	53	50619	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:22.982248068 CEST	54229	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:23.077162981 CEST	53	54229	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:30.901051998 CEST	49483	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:31.071630955 CEST	53	49483	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:32.041711092 CEST	49426	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:32.249749899 CEST	53	49426	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:33.593983889 CEST	59591	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:33.802627087 CEST	53	59591	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:40.699039936 CEST	55700	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:40.867826939 CEST	53	55700	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:41.762161016 CEST	51721	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:41.858357906 CEST	53	51721	1.1.1.1	192.168.11.20
Oct 9, 2024 15:27:42.448415995 CEST	60892	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:27:51.142446995 CEST	58913	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:28:09.170903921 CEST	49230	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:28:09.312093973 CEST	53	49230	1.1.1.1	192.168.11.20
Oct 9, 2024 15:28:10.222435951 CEST	62516	53	192.168.11.20	1.1.1.1
Oct 9, 2024 15:28:10.586711884 CEST	53	62516	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 9, 2024 15:26:40.401587009 CEST	192.168.11.20	1.1.1.1	0x368d	Standard query (0)	lzarz.cearacaju.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.671343088 CEST	192.168.11.20	1.1.1.1	0x1ed	Standard query (0)	letras.mus.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:42.826472044 CEST	192.168.11.20	1.1.1.1	0x64b1	Standard query (0)	www.letras.mus.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:47.095488071 CEST	192.168.11.20	1.1.1.1	0x51af	Standard query (0)	gywfq.tecnokoll.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:48.164532900 CEST	192.168.11.20	1.1.1.1	0x5ee6	Standard query (0)	spotify.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:48.886579037 CEST	192.168.11.20	1.1.1.1	0xfdb4	Standard query (0)	www.spotify.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:49.600383997 CEST	192.168.11.20	1.1.1.1	0x4970	Standard query (0)	open.spotify.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:58.292210102 CEST	192.168.11.20	1.1.1.1	0x5309	Standard query (0)	jqbve.ullmannemp.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:59.443738937 CEST	192.168.11.20	1.1.1.1	0xa4f	Standard query (0)	noticias.uol.com.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:04.463000059 CEST	192.168.11.20	1.1.1.1	0x8a27	Standard query (0)	pleku.karinapisos.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:05.528853893 CEST	192.168.11.20	1.1.1.1	0x335b	Standard query (0)	microsoftonline.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:08.625843048 CEST	192.168.11.20	1.1.1.1	0x9c	Standard query (0)	wyejd.acosouropreto.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:09.752332926 CEST	192.168.11.20	1.1.1.1	0xfb2c	Standard query (0)	terra.com.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:10.639606953 CEST	192.168.11.20	1.1.1.1	0x1823	Standard query (0)	www.terra.com.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:21.926661015 CEST	192.168.11.20	1.1.1.1	0xe6d7	Standard query (0)	rxemz.arjmineradora.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:22.982248068 CEST	192.168.11.20	1.1.1.1	0xb02f	Standard query (0)	weather.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:30.901051998 CEST	192.168.11.20	1.1.1.1	0x43ce	Standard query (0)	putaz.geometralengenharia.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:32.041711092 CEST	192.168.11.20	1.1.1.1	0xb176	Standard query (0)	correios.com.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:33.593983889 CEST	192.168.11.20	1.1.1.1	0xa568	Standard query (0)	www.correios.com.br	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:40.699039936 CEST	192.168.11.20	1.1.1.1	0xd479	Standard query (0)	uxjuw.osberbigao.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:41.762161016 CEST	192.168.11.20	1.1.1.1	0x7690	Standard query (0)	jw.org	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:42.448415995 CEST	192.168.11.20	1.1.1.1	0xf48c	Standard query (0)	www.jw.org	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:51.142446995 CEST	192.168.11.20	1.1.1.1	0x151e	Standard query (0)	www.jw.org	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:28:09.170903921 CEST	192.168.11.20	1.1.1.1	0x5b4e	Standard query (0)	rakdd.equipebuffet.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:28:10.222435951 CEST	192.168.11.20	1.1.1.1	0xc8bc	Standard query (0)	casasbahia.com.br	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 9, 2024 15:26:40.614017963 CEST	1.1.1.1	192.168.11.20	0x368d	No error (0)	lzarz.cearacaju.com		172.67.194.39	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:40.614017963 CEST	1.1.1.1	192.168.11.20	0x368d	No error (0)	lzarz.cearacaju.com		104.21.92.133	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.795878887 CEST	1.1.1.1	192.168.11.20	0x1ed	No error (0)	letras.mus.br		177.54.145.108	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.795878887 CEST	1.1.1.1	192.168.11.20	0x1ed	No error (0)	letras.mus.br		177.54.145.110	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.795878887 CEST	1.1.1.1	192.168.11.20	0x1ed	No error (0)	letras.mus.br		177.54.145.109	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.795878887 CEST	1.1.1.1	192.168.11.20	0x1ed	No error (0)	letras.mus.br		177.54.145.106	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:41.795878887 CEST	1.1.1.1	192.168.11.20	0x1ed	No error (0)	letras.mus.br		177.54.145.107	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:42.923696995 CEST	1.1.1.1	192.168.11.20	0x64b1	No error (0)	www.letras.mus.br	studiosol.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:26:47.233243942 CEST	1.1.1.1	192.168.11.20	0x51af	No error (0)	gywfq.tecnokoll.com		172.67.154.4	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:47.233243942 CEST	1.1.1.1	192.168.11.20	0x51af	No error (0)	gywfq.tecnokoll.com		104.21.13.3	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:48.259629965 CEST	1.1.1.1	192.168.11.20	0x5ee6	No error (0)	spotify.com		35.186.224.24	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:48.981240034 CEST	1.1.1.1	192.168.11.20	0xfdb4	No error (0)	www.spotify.com	edge-web.dual-gslb.spotify.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:26:48.981240034 CEST	1.1.1.1	192.168.11.20	0xfdb4	No error (0)	edge-web.dual-gslb.spotify.com		35.186.224.24	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:49.696945906 CEST	1.1.1.1	192.168.11.20	0x4970	No error (0)	open.spotify.com	atc.spotify.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:26:49.696945906 CEST	1.1.1.1	192.168.11.20	0x4970	No error (0)	atc.spotify.map.fastly.net		151.101.131.42	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:49.696945906 CEST	1.1.1.1	192.168.11.20	0x4970	No error (0)	atc.spotify.map.fastly.net		151.101.195.42	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:49.696945906 CEST	1.1.1.1	192.168.11.20	0x4970	No error (0)	atc.spotify.map.fastly.net		151.101.3.42	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:49.696945906 CEST	1.1.1.1	192.168.11.20	0x4970	No error (0)	atc.spotify.map.fastly.net		151.101.67.42	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:58.460941076 CEST	1.1.1.1	192.168.11.20	0x5309	No error (0)	jqbve.ullmannemp.com		172.67.159.186	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:58.460941076 CEST	1.1.1.1	192.168.11.20	0x5309	No error (0)	jqbve.ullmannemp.com		104.21.9.92	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:59.684009075 CEST	1.1.1.1	192.168.11.20	0xa4f	No error (0)	noticias.uol.com.br	d3txhn20wjevmq.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:26:59.684009075 CEST	1.1.1.1	192.168.11.20	0xa4f	No error (0)	d3txhn20wjevmq.cloudfront.net		18.238.49.52	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:59.684009075 CEST	1.1.1.1	192.168.11.20	0xa4f	No error (0)	d3txhn20wjevmq.cloudfront.net		18.238.49.126	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:59.684009075 CEST	1.1.1.1	192.168.11.20	0xa4f	No error (0)	d3txhn20wjevmq.cloudfront.net		18.238.49.79	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:26:59.684009075 CEST	1.1.1.1	192.168.11.20	0xa4f	No error (0)	d3txhn20wjevmq.cloudfront.net		18.238.49.8	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:04.642846107 CEST	1.1.1.1	192.168.11.20	0x8a27	No error (0)	pleku.karinapisos.com		104.21.59.92	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:04.642846107 CEST	1.1.1.1	192.168.11.20	0x8a27	No error (0)	pleku.karinapisos.com		172.67.222.35	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:08.828372002 CEST	1.1.1.1	192.168.11.20	0x9c	No error (0)	wyejd.acosouropreto.com		104.21.64.85	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:08.828372002 CEST	1.1.1.1	192.168.11.20	0x9c	No error (0)	wyejd.acosouropreto.com		172.67.179.114	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:09.881083965 CEST	1.1.1.1	192.168.11.20	0xfb2c	No error (0)	terra.com.br		208.84.244.116	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:10.779114962 CEST	1.1.1.1	192.168.11.20	0x1823	No error (0)	www.terra.com.br	www.terra.com.br.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:27:22.095175982 CEST	1.1.1.1	192.168.11.20	0xe6d7	No error (0)	rxemz.arjmineradora.com		104.21.39.248	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:22.095175982 CEST	1.1.1.1	192.168.11.20	0xe6d7	No error (0)	rxemz.arjmineradora.com		172.67.172.120	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:23.077162981 CEST	1.1.1.1	192.168.11.20	0xb02f	No error (0)	weather.com		23.204.10.170	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:31.071630955 CEST	1.1.1.1	192.168.11.20	0x43ce	No error (0)	putaz.geometralengenharia.com		172.67.158.215	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:31.071630955 CEST	1.1.1.1	192.168.11.20	0x43ce	No error (0)	putaz.geometralengenharia.com		104.21.41.11	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:32.249749899 CEST	1.1.1.1	192.168.11.20	0xb176	No error (0)	correios.com.br		186.211.255.80	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:33.802627087 CEST	1.1.1.1	192.168.11.20	0xa568	No error (0)	www.correios.com.br		201.48.198.80	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:40.867826939 CEST	1.1.1.1	192.168.11.20	0xd479	No error (0)	uxjuw.osberbigao.com		104.21.80.152	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:40.867826939 CEST	1.1.1.1	192.168.11.20	0xd479	No error (0)	uxjuw.osberbigao.com		172.67.186.59	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:41.858357906 CEST	1.1.1.1	192.168.11.20	0x7690	No error (0)	jw.org		184.28.207.119	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:27:42.544320107 CEST	1.1.1.1	192.168.11.20	0xf48c	No error (0)	www.jw.org	www.jw.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:27:51.238291979 CEST	1.1.1.1	192.168.11.20	0x151e	No error (0)	www.jw.org	www.jw.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 9, 2024 15:28:09.312093973 CEST	1.1.1.1	192.168.11.20	0x5b4e	No error (0)	rakdd.equipebuffet.com		104.21.28.189	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:28:09.312093973 CEST	1.1.1.1	192.168.11.20	0x5b4e	No error (0)	rakdd.equipebuffet.com		172.67.147.80	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:28:10.586711884 CEST	1.1.1.1	192.168.11.20	0xc8bc	No error (0)	casasbahia.com.br		23.48.224.105	A (IP address)	IN (0x0001)	false
Oct 9, 2024 15:28:10.586711884 CEST	1.1.1.1	192.168.11.20	0xc8bc	No error (0)	casasbahia.com.br		23.48.224.115	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

letras.mus.br

spotify.com

www.spotify.com

open.spotify.com

terra.com.br

weather.com

correios.com.br

www.correios.com.br

jw.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49707	177.54.145.108	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:26:42 UTC	133	OUT	GET / HTTP/1.1 Host: letras.mus.br User-Agent: Go-http-client/1.1 Referer: https://lzarz.cearacaju.com/ Accept-Encoding: gzip
2024-10-09 13:26:42 UTC	299	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 09 Oct 2024 13:26:42 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Location: https://www.letras.mus.br/ Alt-Svc: h3=":443"; ma=86400 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
2024-10-09 13:26:42 UTC	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49710	35.186.224.24	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:26:48 UTC	131	OUT	GET / HTTP/1.1 Host: spotify.com User-Agent: Go-http-client/1.1 Referer: https://gywfq.tecnokoll.com/ Accept-Encoding: gzip
2024-10-09 13:26:48 UTC	353	IN	HTTP/1.1 301 Moved Permanently location: https://www.spotify.com/ strict-transport-security: max-age=31536000 x-content-type-options: nosniff vary: Accept-Encoding date: Wed, 09 Oct 2024 13:26:48 GMT server: envoy Content-Length: 0 Via: HTTP/2 edgeproxy, 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49711	35.186.224.24	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:26:49 UTC	126	OUT	GET / HTTP/1.1 Host: www.spotify.com User-Agent: Go-http-client/1.1 Referer: https://spotify.com Accept-Encoding: gzip
2024-10-09 13:26:49 UTC	354	IN	HTTP/1.1 301 Moved Permanently location: https://open.spotify.com/ strict-transport-security: max-age=31536000 x-content-type-options: nosniff vary: Accept-Encoding date: Wed, 09 Oct 2024 13:26:49 GMT server: envoy Content-Length: 0 Via: HTTP/2 edgeproxy, 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49712	151.101.131.42	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:26:50 UTC	132	OUT	GET / HTTP/1.1 Host: open.spotify.com User-Agent: Go-http-client/1.1 Referer: https://www.spotify.com/ Accept-Encoding: gzip
2024-10-09 13:26:50 UTC	146	IN	HTTP/1.1 421 Misdirected Request Connection: close Content-Length: 297 content-type: text/plain; charset=utf-8 x-served-by: cache-lga21964
2024-10-09 13:26:50 UTC	297	IN	Data Raw: 52 65 71 75 65 73 74 65 64 20 68 6f 73 74 20 64 6f 65 73 20 6e 6f 74 20 6d 61 74 63 68 20 61 6e 79 20 53 75 62 6a 65 63 74 20 41 6c 74 65 72 6e 61 74 69 76 65 20 4e 61 6d 65 73 20 28 53 41 4e 73 29 20 6f 6e 20 54 4c 53 20 63 65 72 74 69 66 69 63 61 74 65 20 5b 64 35 30 34 38 37 34 38 61 35 33 39 61 37 34 39 34 31 31 33 63 63 37 38 63 63 63 37 39 37 63 64 35 64 39 36 30 65 39 65 35 39 36 35 33 36 38 32 36 66 30 65 65 34 63 62 37 31 37 66 61 31 30 64 5d 20 69 6e 20 75 73 65 20 77 69 74 68 20 74 68 69 73 20 63 6f 6e 6e 65 63 74 69 6f 6e 2e 0d 0a 0d 0a 56 69 73 69 74 20 68 74 74 70 73 3a 2f 2f 64 6f 63 73 2e 66 61 73 74 6c 79 2e 63 6f 6d 2f 65 6e 2f 67 75 69 64 65 73 2f 63 6f 6d 6d 6f 6e 2d 34 30 30 2d 65 72 72 6f 72 73 23 65 72 72 6f 72 2d 34 32 31 2d 6d 69 Data Ascii: Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [d5048748a539a7494113cc78ccc797cd5d960e9e596536826f0ee4cb717fa10d] in use with this connection.Visit https://docs.fastly.com/en/guides/common-400-errors#error-421-mi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49717	208.84.244.116	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:27:10 UTC	136	OUT	GET / HTTP/1.1 Host: terra.com.br User-Agent: Go-http-client/1.1 Referer: https://wyejd.acosouropreto.com/ Accept-Encoding: gzip
2024-10-09 13:27:10 UTC	418	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 09 Oct 2024 13:27:10 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 233 Connection: close X-Http-Reason: Moved Permanently Location: https://www.terra.com.br/ Cache-Control: max-age=604800 Expires: Sat, 05 Oct 2024 12:18:49 GMT X-Mt-Cache: HIT X-Xact-Uuid: e7ecfdb3-e0dc-434e-9f57-dd32a6e97111 Vary: Accept-Encoding X-Frame-Options: SAMEORIGIN
2024-10-09 13:27:10 UTC	233	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 65 72 72 61 2e 63 6f 6d 2e 62 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.terra.com.br/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49720	23.204.10.170	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:27:23 UTC	135	OUT	GET / HTTP/1.1 Host: weather.com User-Agent: Go-http-client/1.1 Referer: https://rxemz.arjmineradora.com/ Accept-Encoding: gzip
2024-10-09 13:27:23 UTC	1872	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN X-Download-Options: noopen X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block webcakes-app-name: daybreak-home webcakes-app-version: 1.0.0-72fabd0536 webcakes-region: us-west-2 ETag: "1d24ee-/SdmuyrlmWtfQybHB3X8Ac6Jpts" X-Akamai-Transformed: 9 - 0 pmb=mRUM,1 Expires: Wed, 09 Oct 2024 13:27:23 GMT Cache-Control: max-age=0, no-cache Pragma: no-cache Date: Wed, 09 Oct 2024 13:27:23 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Set-Cookie: speedpin=4G; expires=Wed, 09-Oct-2024 13:57:23 GMT; path=/; domain=.weather.com; secure Set-Cookie: ci=TWC-Connection-Speed=4G&TWC-Locale-Group=US&TWC-Device-Class=desktop&X-Origin-Hint=PROD-AWS-Daybreak-home&TWC-Network-Type=wifi&TWC-GeoIP-Country=US&TWC-GeoIP-Lat=40.7500&TWC-GeoIP-Long=-73.9967&Akamai-Connection-Speed=1000+&TWC-Privacy=usa&TWC-GeoIP-DMA=501&TWC-GeoIP-City=NEWYORK&TWC-GeoIP-Region=NY; path=/; domain=.weather.com; secure Server-Timing: cdn-cache; desc=HIT Server-Timing: edge; dur=1 Server-Timing: intid;desc=1bff5cd8ec8762c0 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: * Property-id: TWC-WX-Prod TWC-PATH-LOCALE: / TWC-Unit: u TWC-Privacy: usa TWC-GeoIP-Region: NY TWC-GeoIP-City: NEWYORK TWC-GeoIP-DMA: 501 TWC-GeoIP-LatLong: 40.7500,-73.9967 TWC-GeoIP-Country: US TWC-Device-Class: desktop TWC-Locale-Group: US TWC-Connection-Speed: 4G X-IN-EW: True Strict-Transport-Security: max-age=15552000; preload TWC-AK-Req-ID: b69c359 X-Origin-Hint: PROD-AWS-Daybreak-home twc-subs: none Server-Timing: ak_p; desc="1728480443423_398664877_191480665_1989_40308_95_177_-";dur=1
2024-10-09 13:27:23 UTC	14512	IN	Data Raw: 30 30 30 30 43 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 72 75 65 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 64 61 74 61 2d 72 65 61 63 74 2d 68 65 6c 6d 65 74 3d 22 74 Data Ascii: 0000C000<!doctype html><html dir="ltr" lang="en-US"><head> <meta data-react-helmet="true" charset="utf-8"/><meta data-react-helmet="true" name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover"/><meta data-react-helmet="t
2024-10-09 13:27:23 UTC	16384	IN	Data Raw: 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 31 22 2c 22 70 61 67 65 22 3a 22 5e 74 65 6e 64 61 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 61 64 78 36 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 31 35 2c 22 69 64 22 3a 22 36 31 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 5e 28 3f 21 73 61 66 61 72 69 5c 75 46 46 30 34 29 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 74 65 6e 64 61 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f Data Ascii: ","rule":{"browser":"safari","kind":"poc","mr":"1","page":"^tenday\uFF04","plat":"^wx\uFF04","pos":"^wx_adx6\uFF04"}},{"floor":0.15,"id":"61","rule":{"browser":"^(?!safari\uFF04)","kind":"poc","mr":"0","page":"^tenday\uFF04","plat":"^wx\uFF04","pos":"^wx_
2024-10-09 13:27:23 UTC	506	IN	Data Raw: 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 74 6f 64 61 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 6c 64 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 37 35 2c 22 69 64 22 3a 22 35 38 34 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 31 22 2c 22 70 61 67 65 22 3a 22 5e 74 6f 64 61 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 6c 64 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 31 2e 30 35 2c 22 Data Ascii: fari","kind":"poc","mr":"0","page":"^today\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_ldr\uFF04"}},{"floor":0.75,"id":"584","rule":{"browser":"safari","kind":"poc","mr":"1","page":"^today\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_ldr\uFF04"}},{"floor":1.05,"
2024-10-09 13:27:23 UTC	16384	IN	Data Raw: 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 33 30 30 76 61 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 31 2e 30 35 2c 22 69 64 22 3a 22 35 38 37 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 74 6f 64 61 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 33 30 30 76 61 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 31 2e 30 35 2c 22 69 64 22 3a 22 35 38 38 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 Data Ascii: lat":"^wx_tab\uFF04","pos":"^wx_300var\uFF04"}},{"floor":1.05,"id":"587","rule":{"browser":"safari","kind":"poc","mr":"0","page":"^today\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_300var\uFF04"}},{"floor":1.05,"id":"588","rule":{"browser":"safari","kind":"p
2024-10-09 13:27:23 UTC	1378	IN	Data Raw: 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 68 6f 75 72 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 6d 69 64 6c 64 72 34 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 32 35 2c 22 69 64 22 3a 22 34 37 30 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 5e 28 3f 21 73 61 66 61 72 69 5c 75 46 46 30 34 29 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 31 22 2c 22 70 61 67 65 22 3a 22 5e 68 6f 75 72 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 6d 69 64 6c 64 72 34 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 33 2c Data Ascii: ":"poc","mr":"0","page":"^hourly\uFF04","plat":"^wx\uFF04","pos":"^wx_midldr4\uFF04"}},{"floor":0.25,"id":"470","rule":{"browser":"^(?!safari\uFF04)","kind":"poc","mr":"1","page":"^hourly\uFF04","plat":"^wx\uFF04","pos":"^wx_midldr4\uFF04"}},{"floor":0.3,
2024-10-09 13:27:23 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3a 22 5e 68 6f 75 72 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 33 30 30 76 61 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 37 35 2c 22 69 64 22 3a 22 36 32 37 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 68 6f 75 72 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 33 30 30 76 61 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 37 35 2c 22 69 64 22 3a 22 36 32 38 22 2c 22 72 75 6c 65 22 Data Ascii: 00004000:"^hourly\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_300var\uFF04"}},{"floor":0.75,"id":"627","rule":{"browser":"safari","kind":"poc","mr":"0","page":"^hourly\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_300var\uFF04"}},{"floor":0.75,"id":"628","rule"
2024-10-09 13:27:23 UTC	12	IN	Data Raw: 67 65 22 3a 22 5e 6d 6f 6e 74 0d 0a Data Ascii: ge":"^mont
2024-10-09 13:27:23 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 68 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 33 30 30 76 61 72 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 33 2c 22 69 64 22 3a 22 36 36 39 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 5e 28 3f 21 73 61 66 61 72 69 5c 75 46 46 30 34 29 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 6d 6f 6e 74 68 6c 79 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 6d 69 64 33 30 30 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 33 2c 22 69 64 22 3a 22 36 37 30 22 2c 22 72 Data Ascii: 00004000hly\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_300var\uFF04"}},{"floor":0.3,"id":"669","rule":{"browser":"^(?!safari\uFF04)","kind":"poc","mr":"0","page":"^monthly\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_mid300\uFF04"}},{"floor":0.3,"id":"670","r
2024-10-09 13:27:23 UTC	12	IN	Data Raw: 6c 6f 6f 72 22 3a 30 2e 31 2c 0d 0a Data Ascii: loor":0.1,
2024-10-09 13:27:23 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 22 69 64 22 3a 22 37 31 34 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 5e 28 3f 21 73 61 66 61 72 69 5c 75 46 46 30 34 29 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 31 22 2c 22 70 61 67 65 22 3a 22 5e 77 65 65 6b 65 6e 64 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 22 3a 22 5e 77 78 5f 74 61 62 5c 75 46 46 30 34 22 2c 22 70 6f 73 22 3a 22 5e 77 78 5f 61 64 78 31 5c 75 46 46 30 34 22 7d 7d 2c 7b 22 66 6c 6f 6f 72 22 3a 30 2e 31 2c 22 69 64 22 3a 22 37 31 35 22 2c 22 72 75 6c 65 22 3a 7b 22 62 72 6f 77 73 65 72 22 3a 22 73 61 66 61 72 69 22 2c 22 6b 69 6e 64 22 3a 22 70 6f 63 22 2c 22 6d 72 22 3a 22 30 22 2c 22 70 61 67 65 22 3a 22 5e 77 65 65 6b 65 6e 64 5c 75 46 46 30 34 22 2c 22 70 6c 61 74 Data Ascii: 00004000"id":"714","rule":{"browser":"^(?!safari\uFF04)","kind":"poc","mr":"1","page":"^weekend\uFF04","plat":"^wx_tab\uFF04","pos":"^wx_adx1\uFF04"}},{"floor":0.1,"id":"715","rule":{"browser":"safari","kind":"poc","mr":"0","page":"^weekend\uFF04","plat

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49722	186.211.255.80	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:27:33 UTC	145	OUT	GET / HTTP/1.1 Host: correios.com.br User-Agent: Go-http-client/1.1 Referer: https://putaz.geometralengenharia.com/ Accept-Encoding: gzip
2024-10-09 13:27:33 UTC	136	IN	Data Raw: 48 54 54 50 2f 31 2e 30 20 33 30 32 20 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 72 72 65 69 6f 73 2e 63 6f 6d 2e 62 72 0d 0a 53 65 72 76 65 72 3a 20 4c 6f 61 64 42 61 6c 61 6e 63 65 45 78 74 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 0d 0a Data Ascii: HTTP/1.0 302 Moved TemporarilyLocation: https://www.correios.com.brServer: LoadBalanceExt2Connection: closeContent-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49723	201.48.198.80	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:27:35 UTC	134	OUT	GET / HTTP/1.1 Host: www.correios.com.br User-Agent: Go-http-client/1.1 Referer: https://correios.com.br Accept-Encoding: gzip
2024-10-09 13:27:35 UTC	968	IN	HTTP/1.1 200 OK Date: Wed, 09 Oct 2024 13:27:35 GMT Content-Type: text/html;charset=utf-8 Content-Length: 134892 Connection: close Content-Language: pt-br X-Frame-Options: SAMEORIGIN cache-control: public, max-age=3600,s-maxage=3600 Vary: Accept-Encoding Age: 3287 Accept-Ranges: bytes X-Cache: HIT X-Cache-Hits: 15278 Strict-Transport-Security: max-age=31536000; includeSubDomains Set-Cookie: LBprdint2=3342467082.47873.0000; path=/; Httponly; Secure Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1 Cross-Origin-Resource-Policy: same-site Set-Cookie: LBprdExt2=852033546.47873.0000; path=/; Httponly; Secure Set-Cookie: TS01a7fccb=01ff9e5fc6908b44faa180f7485478f139adf9dc7aa2ae73008c0308ffc006ead64492169fbe89cbea6435c0904b35bc19d3dbc25ebb7c06ded87b92ac058aea983ed318eab90c8f5b6bbe73ce704813dfb19340b0; Path=/; Domain=.www.correios.com.br
2024-10-09 13:27:35 UTC	3757	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 70 74 2d 62 72 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 70 74 2d 62 72 22 3e 0a 20 20 20 20 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 21 2d 2d 20 49 6e 26 23 32 33 37 3b 63 69 6f 20 64 61 73 20 69 6e 66 6f 72 6d 61 26 23 32 33 31 3b 26 23 32 34 35 3b 65 73 20 64 6f 73 20 43 6f 72 72 65 69 6f 73 20 2d 2d 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 72 72 65 69 6f 73 3c 2f 74 69 74 Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" lang="pt-br" xml:lang="pt-br"> <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />... Início das informações dos Correios --> <title>Correios</tit
2024-10-09 13:27:35 UTC	1496	IN	Data Raw: 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 72 72 65 69 6f 73 2e 63 6f 6d 2e 62 72 2f 2b 2b 70 6c 6f 6e 65 2b 2b 73 74 61 74 69 63 2f 2b 2b 75 6e 69 71 75 65 2b 2b 32 30 32 30 2d 31 31 2d 32 37 25 32 30 31 36 25 33 41 30 33 25 33 41 34 37 2f 70 6c 6f 6e 65 2d 63 6f 6d 70 69 6c 65 64 2e 6d 69 6e 2e 6a 73 22 20 64 61 74 61 2d 62 75 6e 64 6c 65 3d 22 70 6c 6f 6e 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 72 72 65 69 6f 73 2e 63 6f 6d 2e 62 72 2f 2b 2b 70 6c 6f 6e 65 2b 2b 73 74 61 74 69 63 2f 2b 2b 75 6e 69 71 75 65 2b 2b 32 30 32 30 2d 31 31 2d 32 37 Data Ascii: "text/javascript" src="https://www.correios.com.br/++plone++static/++unique++2020-11-27%2016%3A03%3A47/plone-compiled.min.js" data-bundle="plone"></script><script type="text/javascript" src="https://www.correios.com.br/++plone++static/++unique++2020-11-27
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 6f 6e 65 2d 6e 61 76 62 61 72 2d 68 65 61 64 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 70 6c 6f 6e 65 2d 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 70 6f 72 74 61 6c 2d 67 6c 6f 62 61 6c 6e 61 76 2d 63 6f 6c 6c 61 70 73 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 54 6f 67 67 6c 65 20 6e 61 76 69 67 61 74 69 6f 6e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 69 63 6f Data Ascii: tainer"> <div class="plone-navbar-header"> <button type="button" class="plone-navbar-toggle" data-toggle="collapse" data-target="#portal-globalnav-collapse"> <span class="sr-only">Toggle navigation</span> <span class="ico
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 63 63 65 73 73 2d 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 61 63 74 69 76 65 22 3e 3c 2f 64 69 76 3e 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 76 77 2d 70 6c 75 67 69 6e 2d 77 72 61 70 70 65 72 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 77 2d 70 6c 75 67 69 6e 2d 74 6f 70 2d 77 72 61 70 70 65 72 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 3c 2f 64 69 76 3e 0a 0a 3c 21 2d 2d 20 46 69 6d 20 64 61 20 41 63 65 73 73 69 62 69 6c 69 64 61 64 65 20 65 20 49 64 69 6f 6d 61 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 49 6e 69 63 69 6f 20 64 6f 20 74 72 61 74 61 6d 65 6e 74 6f 20 70 61 72 61 20 4d 65 6e 75 20 2d 2d 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 Data Ascii: ccess-button class="active"></div> --> <div vw-plugin-wrapper=""> <div class="vw-plugin-top-wrapper"></div> </div> </div></div>... Fim da Acessibilidade e Idioma -->... Inicio do tratamento para Menu --><div id="me
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 69 74 65 6e 73 2d 64 6f 2d 6d 65 6e 75 20 66 6f 6c 64 65 72 2d 6d 65 6e 75 20 70 61 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </li> <li class="itens-do-menu folder-menu pai">
2024-10-09 13:27:35 UTC	294	IN	Data Raw: 74 61 72 2d 6f 73 2d 63 6f 72 72 65 69 6f 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 6f 6d 6f 20 63 6f 6e 74 72 61 74 61 72 20 6f 73 20 43 6f 72 72 65 69 6f 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: tar-os-correios"> Como contratar os Correios </a> </li>
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 69 74 65 6e 73 2d 64 6f 2d 6d 65 6e 75 20 6c 69 6e 6b 2d 6d 65 6e 75 20 66 69 6c 68 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 72 72 65 69 6f 73 2e 63 6f 6d 2e 62 72 2f 65 6e 76 69 61 72 2f 65 6e 63 6f 6d 65 6e 64 61 73 2f 61 72 71 75 69 76 6f 2f 6e 61 63 69 6f 6e 61 6c 2f 67 75 69 61 2d 64 65 2d 65 6e 64 65 72 65 63 61 6d 65 6e 74 6f 2e 70 64 66 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <li class="itens-do-menu link-menu filho"> <a href="https://www.correios.com.br/enviar/encomendas/arquivo/nacional/guia-de-enderecamento.pdf">
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 2d 64 65 74 61 6c 68 65 20 70 72 6f 70 61 67 61 6e 64 61 2d 74 69 74 75 6c 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 63 6b 65 72 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 70 72 6f 70 61 67 61 6e 64 61 2d 70 61 72 61 67 72 61 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 4f 20 61 72 6d c3 a1 72 69 6f 20 69 6e 74 65 6c 69 67 65 6e 74 65 20 64 6f 73 Data Ascii: -detalhe propaganda-titulo"> Locker </span> <p class="propaganda-paragrafo"> O armrio inteligente dos
2024-10-09 13:27:35 UTC	2992	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6f 72 72 65 69 6f 73 2e 63 6f 6d 2e 62 72 2f 65 6e 76 69 61 72 2f 65 6e 63 6f 6d 65 6e 64 61 73 2f 61 72 71 75 69 76 6f 2f 6e 61 63 69 6f 6e 61 6c 2f 67 75 69 61 2d 64 65 2d 65 6e 64 65 72 65 63 61 6d 65 6e 74 6f 2e 70 64 66 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 43 6f 6d 6f 20 65 6e 64 65 72 65 c3 a7 61 72 20 73 75 61 73 20 65 6e 63 6f 6d 65 6e 64 61 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <a href="https://www.correios.com.br/enviar/encomendas/arquivo/nacional/guia-de-enderecamento.pdf"> Como enderear suas encomendas
2024-10-09 13:27:35 UTC	4096	IN	Data Raw: 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 50 72 6f 70 61 67 61 6e 64 61 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6c 69 73 74 61 2d 70 72 6f 70 61 67 61 6e 64 61 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 70 72 6f 70 61 67 61 6e 64 61 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 70 72 6f 70 61 67 61 6e 64 61 2d Data Ascii: u"> ... Propaganda --> <li class="lista-propaganda"> <ul class="propaganda-menu"> <li> <img class="propaganda-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49725	184.28.207.119	443	7128	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 13:27:42 UTC	127	OUT	GET / HTTP/1.1 Host: jw.org User-Agent: Go-http-client/1.1 Referer: https://uxjuw.osberbigao.com/ Accept-Encoding: gzip
2024-10-09 13:27:42 UTC	434	IN	HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://www.jw.org/ Cache-Control: max-age=0 Expires: Wed, 09 Oct 2024 13:27:42 GMT Date: Wed, 09 Oct 2024 13:27:42 GMT Connection: close Set-Cookie: akacd_rel=1728484062~rv=52~id=fec1f1d1f3d21bea792330fe8e3b59a0; path=/; Expires=Wed, 09 Oct 2024 14:27:42 GMT; Secure; SameSite=None Vary: Accept-Language Vary: Cookie Strict-Transport-Security: max-age=31536000

Target ID:	0
Start time:	09:24:31
Start date:	09/10/2024
Path:	C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\LZ_109186961250811H#U00ae.exe"
Imagebase:	0xe90000
File size:	5'423'616 bytes
MD5 hash:	1E882DBE5B3ED8AF455C98400EED4613
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	24.5%
Total number of Nodes:	1299
Total number of Limit Nodes:	104

Executed Functions

Function 00EC1720 Relevance: 13.9, Strings: 11, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

RtlGetCurrentPeb, xrefs: 00EC18EE
bcryptprimitives.dll, xrefs: 00EC1739
NtCreateWaitCompletionPacket exists but NtAssociateWaitCompletionPacket does notx509: invalid signature: parent certificate cannot sign this kind of certificatecrypto/ecdh: internal error: nistec ScalarBaseMult failed for a fixed-size inputrefusing to use HTTP, xrefs: 00EC197F
NtAssociateWaitCompletionPacket, xrefs: 00EC1859
ntdll.dll, xrefs: 00EC17C7
NtCancelWaitCompletionPacket, xrefs: 00EC189E
RtlGetVersion, xrefs: 00EC192D
bcryptprimitives.dll not foundpanic called with nil argumentcheckdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible , xrefs: 00EC19A5
NtCreateWaitCompletionPacket, xrefs: 00EC1814
NtCreateWaitCompletionPacket exists but NtCancelWaitCompletionPacket does not115792089210356248762697446949407573530086143415290314195533631308867097853951115792089210356248762697446949407573529996955224135760342422259061068512044369x509: signature check attem, xrefs: 00EC196E
ProcessPrng, xrefs: 00EC1789

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: NtAssociateWaitCompletionPacket$NtCancelWaitCompletionPacket$NtCreateWaitCompletionPacket$NtCreateWaitCompletionPacket exists but NtAssociateWaitCompletionPacket does notx509: invalid signature: parent certificate cannot sign this kind of certificatecrypto/ecdh: internal error: nistec ScalarBaseMult failed for a fixed-size inputrefusing to use HTTP$NtCreateWaitCompletionPacket exists but NtCancelWaitCompletionPacket does not115792089210356248762697446949407573530086143415290314195533631308867097853951115792089210356248762697446949407573529996955224135760342422259061068512044369x509: signature check attem$ProcessPrng$RtlGetCurrentPeb$RtlGetVersion$bcryptprimitives.dll$bcryptprimitives.dll not foundpanic called with nil argumentcheckdead: inconsistent countsrunqputslow: queue is not fullruntime: bad pointer in frame invalid pointer found on stack locals stack map entries for abi mismatch detected between runtime: impossible $ntdll.dll
API String ID: 0-1872757821
Opcode ID: 402e3cf8a18df85c9131a5dd8c5d6576e8b427aa3551f24c87639dde11433643
Instruction ID: 1df806cd54c0f658731f90575ddfb41e432f6f7580b1f2129f45d2252623789d
Opcode Fuzzy Hash: 402e3cf8a18df85c9131a5dd8c5d6576e8b427aa3551f24c87639dde11433643
Instruction Fuzzy Hash: 1F61AA7620AF44C5EB15DF10F8447A9B7E4FB8A780F489029DA9C137A2EF7AC649C711

Function 00E9CD80 Relevance: 12.9, Strings: 10, Instructions: 384
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 00E9D4F2
region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m, xrefs: 00E9D3C7
out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 00E9D136
out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume, xrefs: 00E9D158
arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 00E9D147
out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePo, xrefs: 00E9D125
) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listruntime.Pinn, xrefs: 00E9D4C5
base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 00E9D3F1
, xrefs: 00E9D40F
end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 00E9D41F

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listruntime.Pinn$arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePo$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m
API String ID: 0-3600667164
Opcode ID: deb4ea17587c7e941628ecd06d8afea995da86d1d93fc0f3c40cb384499ead07
Instruction ID: d179b0af20b1c5d85b1635ae5fde7e8ff2d163be37137837cfc360e4b53c8ffa
Opcode Fuzzy Hash: deb4ea17587c7e941628ecd06d8afea995da86d1d93fc0f3c40cb384499ead07
Instruction Fuzzy Hash: B702A872209B9482DB64DB52E8407EAB7A5F389B94F449226EFDD27799CF7CC484C700

Function 00EC2F60 Relevance: 12.7, Strings: 10, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!internal error: unknown network type bisect.Hash: unexpected argument typec, xrefs: 00EC347F
CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key enc, xrefs: 00EC33BF, 00EC341F
runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocrypto/rsa: message too long for RSA key sizex509: IP constraint contained inval, xrefs: 00EC3457
runtime: NtCreateWaitCompletionPacket failed; errno=casfrom_Gscanstatus: gp->status is not in scan statecrypto/rsa: PSSOptions.SaltLength cannot be negativex509: cannot verify signature: insecure algorithm %vhttp: putIdleConn: too many idle connections for hos, xrefs: 00EC3337
runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocrypto/rsa: message too long for RSA key sizex509: IP constraint contained invalid mask %xx509: certificate signed by unknown, xrefs: 00EC3397, 00EC33F7
VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacityunexpected runtime.net, xrefs: 00EC330F
bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwrong timers (sensitive)OpenServiceWRevertToSelfCreateEventWGetConso, xrefs: 00EC32AA
NtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does , xrefs: 00EC335F
runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:, xrefs: 00EC32E7
0, xrefs: 00EC31BA

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: 0$CreateWaitableTimerEx when creating timer failedruntime.preemptM: duplicatehandle failed; errno=runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key enc$NtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does $VirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacityunexpected runtime.net$bad g0 stackself-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwrong timers (sensitive)OpenServiceWRevertToSelfCreateEventWGetConso$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocrypto/rsa: message too long for RSA key sizex509: IP constraint contained inval$runtime.minit: duplicatehandle failed_cgo_notify_runtime_init_done missingstartTheWorld: inconsistent mp->nextpruntime: unexpected SPWRITE function all goroutines are asleep - deadlock!internal error: unknown network type bisect.Hash: unexpected argument typec$runtime: CreateWaitableTimerEx failed; errno=exitsyscall: syscall frame is no longer validunsafe.String: ptr is nil and len is not zerocrypto/rsa: message too long for RSA key sizex509: IP constraint contained invalid mask %xx509: certificate signed by unknown$runtime: NtCreateWaitCompletionPacket failed; errno=casfrom_Gscanstatus: gp->status is not in scan statecrypto/rsa: PSSOptions.SaltLength cannot be negativex509: cannot verify signature: insecure algorithm %vhttp: putIdleConn: too many idle connections for hos$runtime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime: bad notifyList size - sync=accessed data from freed user arena runtime:
API String ID: 0-2482539751
Opcode ID: 2e9b7ddec538fcdd0f2bb358e85104f9b2d27a19321f85ce8145b10fc2d1cfcb
Instruction ID: 023a3d54c3837b5f31b0013efb1ffdbf0b497f0430ee9cd0288a5cf79f4a8ae8
Opcode Fuzzy Hash: 2e9b7ddec538fcdd0f2bb358e85104f9b2d27a19321f85ce8145b10fc2d1cfcb
Instruction Fuzzy Hash: 6BC19336208B8485D710EB25F68579E77A4F74AB80F44922AEF9C537A6DF3EC146C710

Function 00EB3630 Relevance: 10.4, Strings: 8, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00EB3B2F
previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 00EB3C25
mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00EB3B90
sweep increased allocation countremovespecial on invalid pointergetWeakHandle on invalid pointerruntime: root level max pages = NtAssociateWaitCompletionPacket, xrefs: 00EB3C6F
nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes status= etypes if-rangeNO_PROXYno_proxyavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1DNS nameClassANYQuestion2.5., xrefs: 00EB3C08
mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification, xrefs: 00EB3BB8
sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executiontraceSto, xrefs: 00EB3B1E
sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine HTTP_PROXYhttp_proxyLockFileEx, xrefs: 00EB3B75

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes status= etypes if-rangeNO_PROXYno_proxyavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1DNS nameClassANYQuestion2.5.$ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine HTTP_PROXYhttp_proxyLockFileEx$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification$sweep increased allocation countremovespecial on invalid pointergetWeakHandle on invalid pointerruntime: root level max pages = NtAssociateWaitCompletionPacket$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executiontraceSto$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-626794445
Opcode ID: 061ccc63893686a9366518067353fbae9450ade620e02202d50b98657dd1080c
Instruction ID: 446111a09c1ac33853188eb823c5f4621bbf3c6f884ea9dd1747fb90ce5dd8cc
Opcode Fuzzy Hash: 061ccc63893686a9366518067353fbae9450ade620e02202d50b98657dd1080c
Instruction Fuzzy Hash: 9CF1CF72208B9486CB10DF25E4813EE77A1F389B44F84A126EB8D537A9DF3DC996C750

Function 00E92260 Relevance: 9.2, Strings: 7, Instructions: 430
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

sse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks LockedreadatlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondCommonS, xrefs: 00E924ED
ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalseErrortls: Earlyparseint16int32in, xrefs: 00E922C1
pclmulqdqmath/randd.nx != 0info_hashClassINETAuthorityquestionsunderflowConnectionUser-AgentRST_STREAMEND_STREAMSet-Cookie stream=%dset-cookieuser-agentkeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%swinsymlink/dev/stdinCreateFi, xrefs: 00E922DF
avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1DNS nameClassANYQuestion2.5.4.102.5.4.112.5.4.17avx512cdavx512eravx512pfavx512dqParseUint[%v = %d]websocketsucceededSee OtherUse ProxyForbiddenNot FoundToo , xrefs: 00E9281C
rdtscppopcntcmd/gosecretheaderAnswerLengthSTREETavx512rdrandrdseedUpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGname %q:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTreaddirconsoleCopySidWSARe, xrefs: 00E92300
adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourtrueboolint8uintchanfunccallkind on !=, xrefs: 00E92286
avx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9amxtileamxint8amxbf16osxsavehijackedNO_ERRORPRIORITYSETTINGSLocation data=%q incr=%v ping=%qif-matchlocationhttp/1.1HTTP/2.0HTTP/1.1no, xrefs: 00E927F5

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourtrueboolint8uintchanfunccallkind on !=$avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3-512SHA1-RSADSA-SHA1DNS nameClassANYQuestion2.5.4.102.5.4.112.5.4.17avx512cdavx512eravx512pfavx512dqParseUint[%v = %d]websocketsucceededSee OtherUse ProxyForbiddenNot FoundToo $avx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9amxtileamxint8amxbf16osxsavehijackedNO_ERRORPRIORITYSETTINGSLocation data=%q incr=%v ping=%qif-matchlocationhttp/1.1HTTP/2.0HTTP/1.1no$ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalseErrortls: Earlyparseint16int32in$pclmulqdqmath/randd.nx != 0info_hashClassINETAuthorityquestionsunderflowConnectionUser-AgentRST_STREAMEND_STREAMSet-Cookie stream=%dset-cookieuser-agentkeep-alive:authorityconnectionHost: %ssocks bindProcessingNo Content%s|%s%s|%swinsymlink/dev/stdinCreateFi$rdtscppopcntcmd/gosecretheaderAnswerLengthSTREETavx512rdrandrdseedUpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGname %q:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTreaddirconsoleCopySidWSARe$sse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks LockedreadatlistensocketSundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondCommonS
API String ID: 0-2656423674
Opcode ID: ff3262a003c23ddbeb9529cbcd628409d78ddc4b33321374af98478fa6c8a4a8
Instruction ID: cd191e6857f78be414d81ed5e71c3772e95123a6c4962deff9d61da8255b9d0f
Opcode Fuzzy Hash: ff3262a003c23ddbeb9529cbcd628409d78ddc4b33321374af98478fa6c8a4a8
Instruction Fuzzy Hash: 0B32A97A504B44C5EB01DF61F8457D877E4F358B80F96922AEA8D873A0DF7AC6A9C700

Function 00EF568C Relevance: 8.1, Strings: 6, Instructions: 586COMMON

Download Yara Rule

Strings

VE, xrefs: 00EF6005
mallocgc called with gcphase == _GCmarkterminationruntime.Pinner: object was allocated into an arenaruntime.Pinner: decreased non-existing pin counterrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCal, xrefs: 00EF5FF9
malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = requested skip=bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo, xrefs: 00EF5FE8
malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 00EF5FD7
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00EF59F3
mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 00EF5FC6

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = requested skip=bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationruntime.Pinner: object was allocated into an arenaruntime.Pinner: decreased non-existing pin counterrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCal$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= $VE
API String ID: 0-780336222
Opcode ID: d7321be889d56f6868a254a82a0a2f83cc6c157a5eca78422f5965c634608cc1
Instruction ID: 5dc5cefe44a4cc38be741f8760e533cde964435ee089079c312144ec946194b9
Opcode Fuzzy Hash: d7321be889d56f6868a254a82a0a2f83cc6c157a5eca78422f5965c634608cc1
Instruction Fuzzy Hash: BF32F473308B98C6DB24CB11E4447BAB765F396B98F486116EF9D27B95CB38C984CB00

Function 00EC78E0 Relevance: 7.8, Strings: 6, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp, xrefs: 00EC7D45
invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCod, xrefs: 00EC7DF9
runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding error: %vQueryServiceStatusGetComputerNameExWGetModuleFileNameWuse of c, xrefs: 00EC7D05
suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function traceRegion: alloc with concurrent dropinvalid indexed representation index %dmath/big: buffer too small, xrefs: 00EC7E0A
G, xrefs: 00EC7C5B
, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2, xrefs: 00EC7D25, 00EC7DAF

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp$invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCod$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding error: %vQueryServiceStatusGetComputerNameExWGetModuleFileNameWuse of c$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function traceRegion: alloc with concurrent dropinvalid indexed representation index %dmath/big: buffer too small$G
API String ID: 0-2423746712
Opcode ID: 7863ee2b43799c5fd78be49a58ff5a0a959b4c3bdcf887350e53b119e3759411
Instruction ID: 299cf8833de2ef6608f7ab06d1fb426cfb564e3439f118ca3a05add0b0e463a0
Opcode Fuzzy Hash: 7863ee2b43799c5fd78be49a58ff5a0a959b4c3bdcf887350e53b119e3759411
Instruction Fuzzy Hash: F3D17476208B8486D714DB15E641BAEBB61F389BD0F14A12AEFDD23B55DF3AC442CB00

Function 00ECECA0 Relevance: 7.2, Strings: 5, Instructions: 942COMMON

Download Yara Rule

Strings

findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinebigmod: modulus, xrefs: 00ECFBD7
findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 00ECFBF9
findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina, xrefs: 00ECFBE8
global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on table with %v entriescrypto/rsa: input must be hashed messagersa: internal error:, xrefs: 00ECFBC6
findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionAdjustTokenPrivilegesLookupPrivilegeValueWNetUserGetLocalGroupsGetProfi, xrefs: 00ECFC0A

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for [origina$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinebigmod: modulus$findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionAdjustTokenPrivilegesLookupPrivilegeValueWNetUserGetLocalGroupsGetProfi$global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on table with %v entriescrypto/rsa: input must be hashed messagersa: internal error:
API String ID: 0-1235249524
Opcode ID: 689183f1fd75f85ce129ede78f0d37a5789ff451f126134f852e5211415c28ec
Instruction ID: 6ffecb8c0073475581acf803f3cccc64eb4750641d29289343438fd13602c206
Opcode Fuzzy Hash: 689183f1fd75f85ce129ede78f0d37a5789ff451f126134f852e5211415c28ec
Instruction Fuzzy Hash: 8992A032309BC486DB258F15E5807DAB3A1F789B94F48613ACA8D67795CF3EC986C740

Function 00EADFC0 Relevance: 6.4, Strings: 5, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket, xrefs: 00EAE187
greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCom, xrefs: 00EAE24F
objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500..\\\.\\?\??adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEEST, xrefs: 00EAE216
base of <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430, xrefs: 00EAE1FB
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 00EAE23E

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: base of <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCom$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500..\\\.\\?\??adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEEST$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket
API String ID: 0-454971198
Opcode ID: 003cb82f088c14307c2a2af288e7289b9ed8ef3333466970cc8801141aba1d03
Instruction ID: 04031a2b89fb23e54a3af550e116cce8629264a4777e6ff5295d79cd35564b89
Opcode Fuzzy Hash: 003cb82f088c14307c2a2af288e7289b9ed8ef3333466970cc8801141aba1d03
Instruction Fuzzy Hash: 126101B2705B8486DB109F11E9403ADBBB5F34ABC4F486125EF8D2BBA6CB78D594C710

Function 00EC3E00 Relevance: 4.0, Strings: 3, Instructions: 273COMMON

Download Yara Rule

Strings

runtime.preemptM: duplicatehandle failed; errno=runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformRes, xrefs: 00EC4267
self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwrong timers (sensitive)OpenServiceWRevertToSelfCreateEventWGetConsoleCPUnlockFi, xrefs: 00EC42A5
runtime.preemptM: duplicatehandle failedstopTheWorld: broken CPU time accountingglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on t, xrefs: 00EC428F

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformRes$runtime.preemptM: duplicatehandle failedstopTheWorld: broken CPU time accountingglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on t$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchwrong timers (sensitive)OpenServiceWRevertToSelfCreateEventWGetConsoleCPUnlockFi
API String ID: 0-2776919339
Opcode ID: 8656108f7950e3cbcbdeeb9773443bbc09c6c9aa5d8fee014a9fd90dcfc24ea3
Instruction ID: e9e4d0a8e9689595e0224c405c34b06012a94fa911d79349048cd04dd02f8d17
Opcode Fuzzy Hash: 8656108f7950e3cbcbdeeb9773443bbc09c6c9aa5d8fee014a9fd90dcfc24ea3
Instruction Fuzzy Hash: ACC18E76205F8085CB10DB25E9513AF77A0F78AB94F14A23ADAAC537D4DF3AC592CB00

Function 00EC19E0 Relevance: 3.8, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

@/, xrefs: 00EC1A7A
PowerRegisterSuspendResumeNotification, xrefs: 00EC1A49
powrprof.dll, xrefs: 00EC19F9

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: @/$PowerRegisterSuspendResumeNotification$powrprof.dll
API String ID: 0-45191659
Opcode ID: 4f02859c3e870eea82f8bebd1209b8958e89f25c3dd68af0741f0b22cfac939b
Instruction ID: 9b918e85b4c851f445781469e8d967d2866eff36eafae0dd80ce22ec3414faf0
Opcode Fuzzy Hash: 4f02859c3e870eea82f8bebd1209b8958e89f25c3dd68af0741f0b22cfac939b
Instruction Fuzzy Hash: 49217A36208B84C2D700CF11F44539AB7A5F78ABC0F48951AEB8C03BA9DF7AC196CB00

Function 00EB6760 Relevance: 2.9, Strings: 2, Instructions: 358COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime.Pinner: argument is not a pointer: runtime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru, xrefs: 00EB6D34
@F, xrefs: 00EB6AF3

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: @F$grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime.Pinner: argument is not a pointer: runtime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=ru
API String ID: 0-191649796
Opcode ID: 9421588ddac60740c9e84c05d4589e9c33b5ad9096bba1c408b3043e0a8354b7
Instruction ID: 000aac568b7268738a1fdccee0b06843e50b648b649efbb701a0a865236e26bf
Opcode Fuzzy Hash: 9421588ddac60740c9e84c05d4589e9c33b5ad9096bba1c408b3043e0a8354b7
Instruction Fuzzy Hash: 50E17F72209B8485DB21DB25E4903EBBBA0F785BD4F58A126DE9D63B69CF3CC454CB40

Function 00EA3840 Relevance: 1.5, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor, xrefs: 00EA39E4

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor
API String ID: 0-1712010102
Opcode ID: 47a5d68d83da7b87d608ca871256438dc56a67da26444d39ba9f0b00691058f4
Instruction ID: 923e7179204bb3c16b839b57009db57dd2c70e8e1423d7208ea9fbaaf2dab3de
Opcode Fuzzy Hash: 47a5d68d83da7b87d608ca871256438dc56a67da26444d39ba9f0b00691058f4
Instruction Fuzzy Hash: 3CB10832209B4086DF14CB24E4813AEB7A5F78AB54F546125FB8D2B7A9DF3CDA44CB10

Function 00EB5940 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

V, xrefs: 00EB5965

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-4045069856
Opcode ID: f8d703defdc90a8c8e1e83b7b619d5ea0f1231b7cb1433645ac6e8e4c9afc9ef
Instruction ID: e25cc3f4d619e4fe690bd0588a028713441ffdac4537db30eeabb9e799573c24
Opcode Fuzzy Hash: f8d703defdc90a8c8e1e83b7b619d5ea0f1231b7cb1433645ac6e8e4c9afc9ef
Instruction Fuzzy Hash: 8D41B67B308B4591DB48CB19E8D13DA2792E389BC0F809036EE8E67325CE79D24BC340

Function 00ED5520 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebee4267145eeb9ebcd6bf8f5dd66a8c68c7974697097f923180b8541dccc90c
Instruction ID: e6d97e53890598bd8c6521e24f310976846cfbb6d6c4a9d6bb3147068cb4a73e
Opcode Fuzzy Hash: ebee4267145eeb9ebcd6bf8f5dd66a8c68c7974697097f923180b8541dccc90c
Instruction Fuzzy Hash: 8FC1D236309B80C6DB04DF24F4913AAB7A1FB85784F946026EA8DA77A5DF7DC542CB00

Function 00ECE320 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d701f08fb80f3f672b8683fd0ab617f747ac8959c9d6bd6df2074c25a767ae42
Instruction ID: 8e941279434afeca2e78e8c9bd8d5cbbc86bb306147af668b9d3a215bf14fa7b
Opcode Fuzzy Hash: d701f08fb80f3f672b8683fd0ab617f747ac8959c9d6bd6df2074c25a767ae42
Instruction Fuzzy Hash: DC910432701740CADB149F14E9817A97BA1FB85B88F99B039C98D27365DB3BC987C781

Function 00EC2020 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f61aa9e625404c372c5404340c841f4ae2c7f215d91ba1786a191ba4fcc601a9
Instruction ID: 8bb781484cfbc543d5a5648e5ee771d4b65b6f9fc672e93badf070c9b5cedcc8
Opcode Fuzzy Hash: f61aa9e625404c372c5404340c841f4ae2c7f215d91ba1786a191ba4fcc601a9
Instruction Fuzzy Hash: 5C217732504B40C6D700EF20F9467AA77E0F756B80F01A76AEAAC537A2DF3AC552C700

Function 00F03D80 Relevance: 1.6, APIs: 1, Instructions: 52encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32 ref: 00F03E27

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 2525a88f381b6b1ecfbfb687c266decb66c4fc36e0a9b82aa819b4781aa7c3de
Instruction ID: 009f114b7bce25e2e9dbc8054c24e9b3d2a367f61ebbd7d25762ba511385942d
Opcode Fuzzy Hash: 2525a88f381b6b1ecfbfb687c266decb66c4fc36e0a9b82aa819b4781aa7c3de
Instruction Fuzzy Hash: EA11A732A01B40C1DB259B1EE85132D7374E748BE0F244316CFAD53BA0CB29E692D740

Non-executed Functions

Function 00EA8380 Relevance: 17.0, Strings: 13, Instructions: 716COMMON

Download Yara Rule

Strings

failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre, xrefs: 00EA9189
gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatlisten, xrefs: 00EA8452
ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00EA8EC5
ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACE, xrefs: 00EA8C8D
MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=, xrefs: 00EA8F45
gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket, xrefs: 00EA919A
MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 00EA8F85
., xrefs: 00EA8A7D
non-concurrent sweep failed to drain all sweep queuesruntime: NtCancelWaitCompletionPacket failed; errno= exited a goroutine internally locked to the OS threadcompileCallback: argument size is larger than uintptrcrypto/elliptic: attempted operation on invalid , xrefs: 00EA9178
@3, xrefs: 00EA8973
gc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500..\\\.\\?\??adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEESTSAS, xrefs: 00EA8AFA
`4, xrefs: 00EA90DF
, xrefs: 00EA896B

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: $ MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc=$ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACE$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$.$@3$`4$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre$gc %: gp *(in n= ) - P MPC= < end > ]:pc= G204206304400500..\\\.\\?\??adxaesshaavxfmanetMD4MD5RSADSAURIexp): TTLSETopenreadHost<>idlehttp1080DATAPINGPOSTEtag0x%xdateetagfromhostlinkvaryDategzip%xGonefilesyncpipeStatbindJuneJulyEESTSAS$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatlisten$non-concurrent sweep failed to drain all sweep queuesruntime: NtCancelWaitCompletionPacket failed; errno= exited a goroutine internally locked to the OS threadcompileCallback: argument size is larger than uintptrcrypto/elliptic: attempted operation on invalid
API String ID: 0-6979114
Opcode ID: 9da2d1cf635946417b2382cc895b93fd0a05a7d9d423cf89a9dd6b01c54995c4
Instruction ID: 447e5f10cbd0daf227de117665671734916604c5706533f2ef1ea337e64850d6
Opcode Fuzzy Hash: 9da2d1cf635946417b2382cc895b93fd0a05a7d9d423cf89a9dd6b01c54995c4
Instruction Fuzzy Hash: EC729F76609BC485DB21DB25F9813EEB3A4F78AB80F84A126DA8C27766DF3DC145C710

Function 00EA6960 Relevance: 15.4, Strings: 12, Instructions: 359COMMON

Download Yara Rule

Strings

runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block, xrefs: 00EA6E9F
Zk, xrefs: 00EA6B50
runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedstopTheWorld: broken, xrefs: 00EA6F86
runtime.SetFinalizer: pointer not at beginning of allocated blockx509: inner and outer signature algorithm identifiers don't matchx509: issuer name does not match subject from issuing certificatecryptobyte: pending child length %d exceeds %d-byte length prefix, xrefs: 00EA6EB0
runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inco, xrefs: 00EA6DAC, 00EA6E03, 00EA6E6B
runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= runtime: NtCreateWaitCompletionPacket failed; errno=, xrefs: 00EA6F34
runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultattempted to trace stack of a goroutine this thread does not own5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b6b17, xrefs: 00EA6F45
, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00EA6E90
nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated RtlGetVersion, xrefs: 00EA6F56
because dotdotdotruntime: npages = invalid skip valueruntime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime., xrefs: 00EA6E30
runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru, xrefs: 00EA6F97
, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed, xrefs: 00EA6F77

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: because dotdotdotruntime: npages = invalid skip valueruntime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.$, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed$Zk$nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated RtlGetVersion$runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inco$runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedstopTheWorld: broken$runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru$runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultattempted to trace stack of a goroutine this thread does not own5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b6b17$runtime.SetFinalizer: pointer not at beginning of allocated blockx509: inner and outer signature algorithm identifiers don't matchx509: issuer name does not match subject from issuing certificatecryptobyte: pending child length %d exceeds %d-byte length prefix$runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= runtime: NtCreateWaitCompletionPacket failed; errno=$runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block
API String ID: 0-3607797821
Opcode ID: dacadf33d4b01189ae1b06ce62f1bef34ac6fc20426a4b8be2646102bb4651d7
Instruction ID: 8bed27d19d0640a80c39a24ed2f62753b7b6e1a12773e8417958db44e73e7a3c
Opcode Fuzzy Hash: dacadf33d4b01189ae1b06ce62f1bef34ac6fc20426a4b8be2646102bb4651d7
Instruction Fuzzy Hash: 60E1BF76305B8485DB209F11E4803EAB7A5F38AB84F4CA536DB9C6BB95EF38D494C710

Function 00EB9C00 Relevance: 14.3, Strings: 11, Instructions: 543COMMON

Download Yara Rule

Strings

, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9amxtilea, xrefs: 00EBA41A
runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket, xrefs: 00EBA4E5
runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00EB9EED, 00EBA332
runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSruntime: mp.lockedInt = runqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockidna: disallowed rune %Uinvalid pattern syntax: x509: malformed vali, xrefs: 00EBA465
, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00EBA505
] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks LockedreadatlistensocketSundayMondayFridayAugustUTC-1, xrefs: 00EB9F26
] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+, xrefs: 00EBA374
runtime: npages = invalid skip valueruntime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding, xrefs: 00EB9FA5
, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyProcessPrngMoveFil, xrefs: 00EBA3FC
bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00EB9FCF, 00EBA72C
, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= bad ts(...) m=nil base CONIN$GetACPrdtscppopcntcmd/gosecretheaderAnswerLengthSTREETavx512rdrandrdseedUpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG, xrefs: 00EBA485

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: , i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= bad ts(...) m=nil base CONIN$GetACPrdtscppopcntcmd/gosecretheaderAnswerLengthSTREETavx512rdrandrdseedUpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG$, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32.5.4.52.5.4.72.5.4.82.5.4.9amxtilea$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyProcessPrngMoveFil$] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+$] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks LockedreadatlistensocketSundayMondayFridayAugustUTC-1$bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$runtime: levelShift[level] = doRecordGoroutineProfile gp1=NtCreateWaitCompletionPacket$runtime: npages = invalid skip valueruntime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupdecoding$runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSruntime: mp.lockedInt = runqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockidna: disallowed rune %Uinvalid pattern syntax: x509: malformed vali$runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-3564299266
Opcode ID: 6997b3603e05c0a1ed20c8c2aa53d8a218d3b73f11965259e39dbcd829ba71af
Instruction ID: 9a3a8813777ba57d48dad2058711999caa50f86d343549bc72770e5dbfe788b3
Opcode Fuzzy Hash: 6997b3603e05c0a1ed20c8c2aa53d8a218d3b73f11965259e39dbcd829ba71af
Instruction Fuzzy Hash: C732BC76318BC881DB20EB11EA417DEA3A5F789BC0F845126DE8D27B5ADF38C946C741

Function 00EE0280 Relevance: 12.9, Strings: 10, Instructions: 364COMMON

Download Yara Rule

Strings

runtime: frame ts set in timertraceback stuckImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDeleteValueWreflectlite.Setjstmpllitinterptarinsecurepathx509usepolicies is unavailable0601021504Z0700invalid pointerinvalid booleannon-minimal tagunknown Go typeavx51, xrefs: 00EE06B4, 00EE0829
missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrite after Closeinv, xrefs: 00EE0719, 00EE0899
args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine traceRegion: alloc too largeinvalid byte in chunk lengthinvalid proxy address %q: %vabi.NewName: name too long: x509: invalid RSA public keyx509: in, xrefs: 00EE060F
untyped args out of range no module data in goroutine runtime: seq1=runtime: goid=need more dataREQUEST_METHODOpenSCManagerWModule32FirstWunreachable: RegSetValueExWmime/multipartRCodeNameErrorResourceHeaderdata truncatedzipinsecurepathnegative updateaccept, xrefs: 00EE06D7
locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangereflect: Len of non-array typeGODEBUG: unknown cpu feature "crypto/rsa: verification errorx509: invalid ECDSA parametersx509: SAN dNSName is, xrefs: 00EE0795
runtime: pcdata is bad ABI descriptionevictCount overflowSetTokenInformationMultiByteToWideCharfile already existsfile does not existfile already closedunknown hash value negative coordinatex509: malformed OIDx509: trailing datax509: unknown errorunsupported A, xrefs: 00EE05D3, 00EE075F
untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrit, xrefs: 00EE084C
and filesimap2imap3imapspop3shosts1562578125utf-8%s*%dtext/defersweeptestRtestWexecWhchanexecRschedsudogtimergscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384, xrefs: 00EE05EF, 00EE077A
(targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyProcessPrngMoveFileExWNetShareAddNetShareDelgocachehashgocachetestarchive/tarcrypto/x509archive/zipSHA-512/224SHA-512/256BLAKE2s-256BLAKE2b-256BLAKE2b-384BLAKE2b-512invalid oidpsk_id_, xrefs: 00EE0637, 00EE07B8
bad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrite after Closeinvalid stream IDTr, xrefs: 00EE066A, 00EE07EA

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: (targetpc= , plugin: runtime: g : frame.sp=created by HTTPS_PROXYhttps_proxyProcessPrngMoveFileExWNetShareAddNetShareDelgocachehashgocachetestarchive/tarcrypto/x509archive/zipSHA-512/224SHA-512/256BLAKE2s-256BLAKE2b-256BLAKE2b-384BLAKE2b-512invalid oidpsk_id_$ and filesimap2imap3imapspop3shosts1562578125utf-8%s*%dtext/defersweeptestRtestWexecWhchanexecRschedsudogtimergscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384$ args stack map entries for invalid runtime symbol tableruntime: no module data for [originating from goroutine traceRegion: alloc too largeinvalid byte in chunk lengthinvalid proxy address %q: %vabi.NewName: name too long: x509: invalid RSA public keyx509: in$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangereflect: Len of non-array typeGODEBUG: unknown cpu feature "crypto/rsa: verification errorx509: invalid ECDSA parametersx509: SAN dNSName is$ untyped args out of range no module data in goroutine runtime: seq1=runtime: goid=need more dataREQUEST_METHODOpenSCManagerWModule32FirstWunreachable: RegSetValueExWmime/multipartRCodeNameErrorResourceHeaderdata truncatedzipinsecurepathnegative updateaccept$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrit$bad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrite after Closeinvalid stream IDTr$missing stackmapbad symbol tablenon-Go function not in ranges:invalid encodingDuplicateTokenExGetCurrentThreadRtlVirtualUnwindGODEBUG: value "invalid dns nameRCodeFormatErrorunpacking headerdivision by zerolength too largeavx512vpclmulqdqWrite after Closeinv$runtime: frame ts set in timertraceback stuckImpersonateSelfOpenThreadTokenRegCreateKeyExWRegDeleteValueWreflectlite.Setjstmpllitinterptarinsecurepathx509usepolicies is unavailable0601021504Z0700invalid pointerinvalid booleannon-minimal tagunknown Go typeavx51$runtime: pcdata is bad ABI descriptionevictCount overflowSetTokenInformationMultiByteToWideCharfile already existsfile does not existfile already closedunknown hash value negative coordinatex509: malformed OIDx509: trailing datax509: unknown errorunsupported A
API String ID: 0-1487520304
Opcode ID: 43d3ba929fc301b035a72eb07bcd4863e046b5d9c758905d5f0bea0e77dc01f0
Instruction ID: 70e5ac62e9035fff19e75133a4df8fe460551626141df7c11e564e374bc961b5
Opcode Fuzzy Hash: 43d3ba929fc301b035a72eb07bcd4863e046b5d9c758905d5f0bea0e77dc01f0
Instruction Fuzzy Hash: 5AE1E572204BC886DB24EF26E68079EB3A5F748B80F546126EF8D63765DF79C585CB00

Function 00EE9180 Relevance: 6.7, Strings: 5, Instructions: 449COMMON

Download Yara Rule

Strings

fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalseErrortls: Ea, xrefs: 00EE97B2
pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845, xrefs: 00EE97F2
non-Go function at pc=hpack: string too longheader field %q = %q%sidna: invalid label %qRtlLookupFunctionEntryCreateEnvironmentBlockWSAGetOverlappedResult%SystemRoot%\system32\reflectlite.Value.Elemoverflowing coordinatex509: malformed issuersha3: Write after , xrefs: 00EE991B
sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalse, xrefs: 00EE97D2
...0,h1SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14 m=StdDltnilkey???///%25intmapptr, xrefs: 00EE95F7

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalseErrortls: Ea$ pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845$ sp= sp: lr: fp= gp= mp=) m=xn--ermssse3avx2bmi1bmi2timebitsNameTypeasn1cx16sse2<nil>&"'https:***@Rangeallowrangeclose:path%s %q%s=%sHTTP/socksFoundwritemkdirLstatntohsMarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocalGreekfalse$...0,h1SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14 m=StdDltnilkey???///%25intmapptr$non-Go function at pc=hpack: string too longheader field %q = %q%sidna: invalid label %qRtlLookupFunctionEntryCreateEnvironmentBlockWSAGetOverlappedResult%SystemRoot%\system32\reflectlite.Value.Elemoverflowing coordinatex509: malformed issuersha3: Write after
API String ID: 0-3836708742
Opcode ID: fe719e4e84117536af76aea6b4c55cdeb870c26d09b89616a7026c352e5a1fd3
Instruction ID: 4f7490b0bacdba3d18ac415aa38cd845da35cc7621796ff0beb299e846ed0eae
Opcode Fuzzy Hash: fe719e4e84117536af76aea6b4c55cdeb870c26d09b89616a7026c352e5a1fd3
Instruction Fuzzy Hash: 3E123932209BC885DB709B22F58479EB7A5F789B84F146119EECD67B6ACF39C445CB00

Function 00EA76C0 Relevance: 6.6, Strings: 5, Instructions: 351COMMON

Download Yara Rule

Strings

runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 00EA7C4C
!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00EA7C85
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRight, xrefs: 00EA7CAA
flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= , xrefs: 00EA7C67
5, xrefs: 00EA7A1C

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ 5$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= $p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRight$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32
API String ID: 0-3184857621
Opcode ID: 1dc477d274ac5dae261b269b0e7ed0931b74e709b2e07ab57ee493d6b92d0ae3
Instruction ID: 160c2aba3525b8de01b31fa571add64691868c7250feb00ac4ebff10b41cc2d1
Opcode Fuzzy Hash: 1dc477d274ac5dae261b269b0e7ed0931b74e709b2e07ab57ee493d6b92d0ae3
Instruction Fuzzy Hash: 3CF1E332209B84CADB10CF20F88039EB7A5F78AB50F45A226EA9D577A5DF3DD545CB00

Function 00F32EE0 Relevance: 5.6, Strings: 4, Instructions: 560COMMON

Download Yara Rule

Strings

invalid pattern syntax (+ after -): no assembly implementation availablex509: zero or negative DSA parameterx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifiercrypto/cipher: input not full blockscrypto/s, xrefs: 00F33503
pattern bits too long: invalid PrintableStringx509: malformed UTCTimex509: invalid key usagex509: malformed versiontoo many pointers (>10)segment length too longunpacking Question.Nameunpacking Question.Typeskipping Question Classexit hook invoked panicP224 po, xrefs: 00F335D2
-, xrefs: 00F3319D
invalid pattern syntax: x509: malformed validityaddress string too shortresource length too longunpacking Question.ClassstreamSafe was not resetGODEBUG sys/cpu: value "", required CPU featurechacha20: wrong key sizezip: not a valid zip filehttp: invalid cooki, xrefs: 00F32F7B, 00F33037, 00F330E2, 00F3356A, 00F33639, 00F336A0, 00F3370A, 00F33772

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: -$invalid pattern syntax (+ after -): no assembly implementation availablex509: zero or negative DSA parameterx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifiercrypto/cipher: input not full blockscrypto/s$invalid pattern syntax: x509: malformed validityaddress string too shortresource length too longunpacking Question.ClassstreamSafe was not resetGODEBUG sys/cpu: value "", required CPU featurechacha20: wrong key sizezip: not a valid zip filehttp: invalid cooki$pattern bits too long: invalid PrintableStringx509: malformed UTCTimex509: invalid key usagex509: malformed versiontoo many pointers (>10)segment length too longunpacking Question.Nameunpacking Question.Typeskipping Question Classexit hook invoked panicP224 po
API String ID: 0-1036030083
Opcode ID: 92ec460fbd8673369eff7a341d21cf0125108ef0229a1e129c0a07483bf83435
Instruction ID: 92e1e63214efee7ae13f0d0703d9f5f1365c4e7f32df2bd676cccb445bb35d9c
Opcode Fuzzy Hash: 92ec460fbd8673369eff7a341d21cf0125108ef0229a1e129c0a07483bf83435
Instruction Fuzzy Hash: B732D172A08B8085DB11DF24E80039EB7A4F344BB4F599225DBAD477E9DF79CA94D700

Function 00E93E40 Relevance: 5.3, Strings: 4, Instructions: 294COMMON

Download Yara Rule

Strings

nd 3, xrefs: 00E93E57
te k, xrefs: 00E93E75
expa, xrefs: 00E93E48
2-by, xrefs: 00E93E66

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: 2-by$expa$nd 3$te k
API String ID: 0-3581043453
Opcode ID: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
Instruction ID: 1fcf72f7b157271721cd709ab080ebf10e4ab4247f8a585ca6dab30d6409b450
Opcode Fuzzy Hash: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
Instruction Fuzzy Hash: E1B1B066F25FD94AF323A63810036B7EB185FFB9C9A40E327FC9474A87D72095036254

Function 00ECBF80 Relevance: 5.3, Strings: 4, Instructions: 289COMMON

Download Yara Rule

Strings

stopTheWorld: not stopped (stopwait != 0)idna: internal error in punycode encodingx509: cannot parse URI %q: invalid domaincrypto/md5: invalid hash state identifiercolon must be followed by more charactersasn1: internal error in parseTagAndLengthGODEBUG sys/cp, xrefs: 00ECC32A
stopTheWorld: broken CPU time accountingglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on table with %v entriescrypto/rsa: input mu, xrefs: 00ECC3FE
stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin, xrefs: 00ECC3E4
stopTheWorld: holding locksgcstopm: not waiting for gcruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a , xrefs: 00ECC445

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: stopTheWorld: broken CPU time accountingglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsgoroutine stack size is not a power of 2evictOldest(%v) on table with %v entriescrypto/rsa: input mu$stopTheWorld: holding locksgcstopm: not waiting for gcruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len out of rangestack size not a $stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin$stopTheWorld: not stopped (stopwait != 0)idna: internal error in punycode encodingx509: cannot parse URI %q: invalid domaincrypto/md5: invalid hash state identifiercolon must be followed by more charactersasn1: internal error in parseTagAndLengthGODEBUG sys/cp
API String ID: 0-2533788159
Opcode ID: 889f18f19c8ee34ded71cd8104397e31333d8ffe6651274756265d7a1d3ce96e
Instruction ID: 49ea508b330ae101b9adb3df97405ef8e372d47cfc09da4e15c3ddc47bef26b4
Opcode Fuzzy Hash: 889f18f19c8ee34ded71cd8104397e31333d8ffe6651274756265d7a1d3ce96e
Instruction Fuzzy Hash: D5C1C432209B84C6DB14CF22E5407AAB7B1F789B84F58A12ADE9D63765CF3EC546C701

Function 00EC8120 Relevance: 5.2, Strings: 4, Instructions: 221COMMON

Download Yara Rule

Strings

runtime., xrefs: 00EC82B2
runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWinvalid BMPStringinvalid IA5String060102150405Z0700%%!%c, xrefs: 00EC82E5
reflect., xrefs: 00EC830C
bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine runtime: seq1=runtime: goid=need more dataREQUEST_, xrefs: 00EC83D3

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine runtime: seq1=runtime: goid=need more dataREQUEST_$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWinvalid BMPStringinvalid IA5String060102150405Z0700%%!%c
API String ID: 0-1642151186
Opcode ID: 5cc72744e150732468972cf1ee99c84d4296606b1cc99914ae893cf64d197967
Instruction ID: c6965ea4a1ac3ef152de54b606145ea81327572e809a5e93a2f6f71162c22cc8
Opcode Fuzzy Hash: 5cc72744e150732468972cf1ee99c84d4296606b1cc99914ae893cf64d197967
Instruction Fuzzy Hash: F271C072704A8086DB148B25E7807BAB7A5F385F98F48B139DB4D67B54DF3AD8928700

Function 00EC1320 Relevance: 5.1, Strings: 4, Instructions: 138COMMON

Download Yara Rule

Strings

runtime: NtAssociateWaitCompletionPacket failed; errno= b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34x509: subject key identifier incorre, xrefs: 00EC14C6
runtime: netpoll failedpanic during preemptoffnanotime returning zerofatal: morestack on g0the current g is not g0schedule: holding locksprocresize: invalid argspan has no free stacksstack growth after forkshrinkstack at bad timereflect.methodValueCallvarint , xrefs: 00EC14EF, 00EC154F, 00EC1599
runtime: NtCancelWaitCompletionPacket failed; errno= exited a goroutine internally locked to the OS threadcompileCallback: argument size is larger than uintptrcrypto/elliptic: attempted operation on invalid pointx509: certificate specifies an incompatible key , xrefs: 00EC156F
runtime: SetWaitableTimer failed; errno= stopTheWorld: not stopped (stopwait != 0)idna: internal error in punycode encodingx509: cannot parse URI %q: invalid domaincrypto/md5: invalid hash state identifiercolon must be followed by more charactersasn1: internal, xrefs: 00EC1529

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: runtime: NtAssociateWaitCompletionPacket failed; errno= b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34x509: subject key identifier incorre$runtime: NtCancelWaitCompletionPacket failed; errno= exited a goroutine internally locked to the OS threadcompileCallback: argument size is larger than uintptrcrypto/elliptic: attempted operation on invalid pointx509: certificate specifies an incompatible key $runtime: SetWaitableTimer failed; errno= stopTheWorld: not stopped (stopwait != 0)idna: internal error in punycode encodingx509: cannot parse URI %q: invalid domaincrypto/md5: invalid hash state identifiercolon must be followed by more charactersasn1: internal$runtime: netpoll failedpanic during preemptoffnanotime returning zerofatal: morestack on g0the current g is not g0schedule: holding locksprocresize: invalid argspan has no free stacksstack growth after forkshrinkstack at bad timereflect.methodValueCallvarint
API String ID: 0-1427823586
Opcode ID: d4ddd412390116f2fab450ab4984d457759a9acbc98c52812da79a574652ef03
Instruction ID: f31c76feb89cffd9685e85d1d41042fbe21c3da2718877ef5142bfde791bfcee
Opcode Fuzzy Hash: d4ddd412390116f2fab450ab4984d457759a9acbc98c52812da79a574652ef03
Instruction Fuzzy Hash: D3519436208B84C5D600DB61FA4179EB7A4F789BD0F44A229EE9C53BA6DF3DC552CB40

Function 00E9BE60 Relevance: 5.1, Strings: 4, Instructions: 80COMMON

Download Yara Rule

Strings

packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes status= etypes if-rangeNO_PROXYno_proxyavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3, xrefs: 00E9BF25
cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatl, xrefs: 00E9BF05
-> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00E9BF45
runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00E9BEE5

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatl$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes status= etypes if-rangeNO_PROXYno_proxyavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1MD5+SHA1SHA3-224SHA3-256SHA3-384SHA3$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
API String ID: 0-97673760
Opcode ID: 79e8c94fd25e8b3fc8768350cc8e2c07e8c2fb9a553b3169c7ba3bd108ff1e4e
Instruction ID: ca674fa545165db9fdfd647ee8a3222d2cdfa09f52cd407e66983587ab14c93f
Opcode Fuzzy Hash: 79e8c94fd25e8b3fc8768350cc8e2c07e8c2fb9a553b3169c7ba3bd108ff1e4e
Instruction Fuzzy Hash: CB215C32215B48CADB00EF10FA817ADA7A8F749B80F48A525EF9D27766CF39C4028750

Function 00EAE980 Relevance: 3.9, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

(scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32, xrefs: 00EAEBA5
MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from runtime: pid=gzip, deflateGetTempPath2W, xrefs: 00EAEC05
pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubtrace: out of memory, xrefs: 00EAEB86

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocs m->g0= pad1= pad2= text= minpc= value= (scan)types : type CONOUT$\\.\UNCavx512fos/execruntimeSHA-224SHA-256SHA-384SHA-512Ed25519MD5-RSAserial:eae_prkanswers2.5.4.62.5.4.32$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= : unknown pc called from runtime: pid=gzip, deflateGetTempPath2W$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valueselectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubtrace: out of memory
API String ID: 0-165056016
Opcode ID: a9ac78509ef1080a9a0fb07f4ec39b6f46bb9396ad5792adb1f6de97ef6cd1e4
Instruction ID: ec29d76911a54ecca5e2b346b2f07be7203ee2d4f80f07bf509b2f439875cbae
Opcode Fuzzy Hash: a9ac78509ef1080a9a0fb07f4ec39b6f46bb9396ad5792adb1f6de97ef6cd1e4
Instruction Fuzzy Hash: 4971B332508F9889D712EF65E54039AB7A4FB8ABC0F44A325EA8D37725CF38D492C740

Function 00ED9D20 Relevance: 3.7, Strings: 2, Instructions: 1165COMMON

Download Yara Rule

Strings

selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubtrace: out of memorywirep: already in goheader line too longGetAdaptersAddressesGetProcessMemoryInfobcryptprimitives.dllx509usefallbackrootsgetCert can't be nilinvalid UTF-8 stringx509: malformed spki, xrefs: 00EDAA67
gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWinvalid BMPStringinvalid IA5String060102150405Z0700%%!%c(big.Int=%s)integer too largehttp: blank cookiereceived from peerFLOW_CONTROL_ERRORfr, xrefs: 00EDAA90

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: gp.waiting != nilunknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff RegLoadMUIStringWinvalid BMPStringinvalid IA5String060102150405Z0700%%!%c(big.Int=%s)integer too largehttp: blank cookiereceived from peerFLOW_CONTROL_ERRORfr$selectgo: bad wakeupsemaRoot rotateRightreflect.makeFuncStubtrace: out of memorywirep: already in goheader line too longGetAdaptersAddressesGetProcessMemoryInfobcryptprimitives.dllx509usefallbackrootsgetCert can't be nilinvalid UTF-8 stringx509: malformed spki
API String ID: 0-2867586602
Opcode ID: 2fcc1f6576c0cb54c9d6313b9822fa70c778b52a289cb13855ee9ec60318dcd3
Instruction ID: e82f8bbcee600162dd538c125335e5e45c23847f222ab5abbde7d802e5911638
Opcode Fuzzy Hash: 2fcc1f6576c0cb54c9d6313b9822fa70c778b52a289cb13855ee9ec60318dcd3
Instruction Fuzzy Hash: 2FB2AA32204B80C2C720CF12E84479EB7A4F389BD4F5AA126DEAD57B95CF79C995D701

Function 00EFE6A0 Relevance: 3.0, Strings: 2, Instructions: 498COMMON

Download Yara Rule

Strings

&, xrefs: 00EFEE34
", xrefs: 00EFEE2C

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: "$&
API String ID: 0-813396965
Opcode ID: 9c94b1f038b85293dce518209918a61839c498a4752364382649f694cd7bb6be
Instruction ID: e440dd106c6296cddbcb4f603a3d8f28b2921cc073e243d2faa96da5a4f3d659
Opcode Fuzzy Hash: 9c94b1f038b85293dce518209918a61839c498a4752364382649f694cd7bb6be
Instruction Fuzzy Hash: 7932E372208BC885DB24CF61E4803EEB7A1F785B94F499226DBAC27BA5DF39D545C700

Function 00ED7BC0 Relevance: 2.9, Strings: 2, Instructions: 423COMMON

Download Yara Rule

Strings

runtime: malformed profBuf buffer - tag and data out of synctls: unsupported certificate: private key is %T, expected *%Ttls: EncryptedClientHelloConfigList contains no valid configstls: server sent a ServerHello extension forbidden in TLS 1.3go package net: G, xrefs: 00ED7F65
runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformResourceIdentifier is malformedx509: IP constraint , xrefs: 00ED7F35

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: runtime: malformed profBuf buffer - invalid sizeattempt to trace invalid or unsupported P statusruntime: waitforsingleobject wait_failed; errno=x509: X25519 key encoded with illegal parametersx509: SAN uniformResourceIdentifier is malformedx509: IP constraint $runtime: malformed profBuf buffer - tag and data out of synctls: unsupported certificate: private key is %T, expected *%Ttls: EncryptedClientHelloConfigList contains no valid configstls: server sent a ServerHello extension forbidden in TLS 1.3go package net: G
API String ID: 0-3024787705
Opcode ID: 569c2bc3eb9d8ec5eac9fc8284961cbaa92eea96e755df91dfd3600cd8a419a1
Instruction ID: fb47a4c0b007d13fbba90751d30c59fcbb0f7f6850e4e3e814642e1b2437cd38
Opcode Fuzzy Hash: 569c2bc3eb9d8ec5eac9fc8284961cbaa92eea96e755df91dfd3600cd8a419a1
Instruction Fuzzy Hash: 74D1476271965485CB24DF26E80176AA761F389FC8F59B426EE8E6B750EF78CC43D300

Function 00EF9A40 Relevance: 2.8, Strings: 2, Instructions: 302COMMON

Download Yara Rule

Strings

, xrefs: 00EF9D3D, 00EF9DCB
, xrefs: 00EF9B8F

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-4236759867
Opcode ID: fcafe2130370c3b2f6bffedf2411db761ca87aeaccd37b78430a242f73ae1bfc
Instruction ID: 24cc302921c91235511aedddacbcfa43829aa4e03d232576172e937a3c066b7d
Opcode Fuzzy Hash: fcafe2130370c3b2f6bffedf2411db761ca87aeaccd37b78430a242f73ae1bfc
Instruction Fuzzy Hash: D0D17132309B8885DB64CB15E4403FABBA1F386B84F59A126DBCD63B5ADF79C484D700

Function 00EC06C0 Relevance: 2.7, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:, xrefs: 00EC085E
runtime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table s, xrefs: 00EC08CD

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: runtime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=hpack: invalid Huffman-encoded datadynamic table s$runtime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnableruntime:
API String ID: 0-677866980
Opcode ID: 15ccb5f177e5499d037e6048ebd111b5e1b32256bbcf34e9fd33cd4785bed581
Instruction ID: ad5c6128f2a2dfb9c85bf5cb1a79aab90eeb17a49e8bef065298f241f4ee26d6
Opcode Fuzzy Hash: 15ccb5f177e5499d037e6048ebd111b5e1b32256bbcf34e9fd33cd4785bed581
Instruction Fuzzy Hash: F751073320A750C5DB68DB25E14077BBBB0F785B94F18A52DEB9D63795CB3AC4428B80

Function 00F22EE0 Relevance: 1.8, Strings: 1, Instructions: 520COMMON

Download Yara Rule

Strings

\, xrefs: 00F23107

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 18509598b5fdb150593e170177a73df1ee2359ce593e315204ee1711a7a85d44
Instruction ID: b7663a21e7bcce08c2ecdecc2dffbf52749d176186ee7e2b32f00e2d6d1e72c0
Opcode Fuzzy Hash: 18509598b5fdb150593e170177a73df1ee2359ce593e315204ee1711a7a85d44
Instruction Fuzzy Hash: 38226DB2709AD481DB20CB26F8507AAAB61F389BD0F488126DF9D57B99DF3CC545DB00

Function 00EFBF40 Relevance: 1.7, Strings: 1, Instructions: 440COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00EFC04D, 00EFC156, 00EFC297, 00EFC3BF

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: d5d030e9d449dcbb3d8365442d6195c0300aeed74510757c4aca27228618fccc
Instruction ID: 22e37c58c750013b0fd7fc56ac40526f8f68c70b759b5835dbd0df496b63ad8f
Opcode Fuzzy Hash: d5d030e9d449dcbb3d8365442d6195c0300aeed74510757c4aca27228618fccc
Instruction Fuzzy Hash: 06F10072315A8C82EA14DB25EA043FAA766F344BD0FB96021EB5E677D4CB7CC941E700

Function 00F1C7E0 Relevance: 1.7, Strings: 1, Instructions: 430COMMON

Download Yara Rule

Strings

ParseUint[%v = %d]websocketsucceededSee OtherUse ProxyForbiddenNot FoundToo EarlyTrailer: protocol nil errorFindCloseLocalFreeMoveFileWWriteFileWSASendToWednesdaySeptemberrwxrwxrwxInheritedtlsrsakex%s %x %xHandshake%s %q: %sempty urlcomplex64interfaceinvalid , xrefs: 00F1C95E, 00F1C992, 00F1C9C4, 00F1CADD, 00F1CB9D, 00F1CC5D, 00F1CD1D, 00F1CE03

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: ParseUint[%v = %d]websocketsucceededSee OtherUse ProxyForbiddenNot FoundToo EarlyTrailer: protocol nil errorFindCloseLocalFreeMoveFileWWriteFileWSASendToWednesdaySeptemberrwxrwxrwxInheritedtlsrsakex%s %x %xHandshake%s %q: %sempty urlcomplex64interfaceinvalid
API String ID: 0-983234819
Opcode ID: 446bea9dbe2e45d5ec3010078ae10dc047093b226afcfaaf2df8ff383e763038
Instruction ID: 69ff0ef25e0a6c12e759c619d9a0147f7b812320b3a06191b76c188544faf3b7
Opcode Fuzzy Hash: 446bea9dbe2e45d5ec3010078ae10dc047093b226afcfaaf2df8ff383e763038
Instruction Fuzzy Hash: 64029D72644B5485DB14DF51E8813EEB7A5F388BE0F459026EA8E47769EF7CC980E380

Function 00F1CEE0 Relevance: 1.5, Strings: 1, Instructions: 279COMMON

Download Yara Rule

Strings

ParseIntscavengepollDesctraceBufdeadlockraceFinipanicnilcgocheckrunnable procid rax rbx rcx rdx rdi rsi rbp rsp r8 r9 r10 r11 r12 r13 r14 r15 rip rflags cs fs gs is not poi, xrefs: 00F1D0A3, 00F1D183, 00F1D228, 00F1D2B9

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: ParseIntscavengepollDesctraceBufdeadlockraceFinipanicnilcgocheckrunnable procid rax rbx rcx rdx rdi rsi rbp rsp r8 r9 r10 r11 r12 r13 r14 r15 rip rflags cs fs gs is not poi
API String ID: 0-4012776879
Opcode ID: 7046fd93252241b5dcc95397454b1f788cbae5a5d3a342c62639b746837cf865
Instruction ID: 8bbd14e61e37fc46ae8ffcd03eeec39cd18dcd13751e3b217908bf8ffc968ebc
Opcode Fuzzy Hash: 7046fd93252241b5dcc95397454b1f788cbae5a5d3a342c62639b746837cf865
Instruction Fuzzy Hash: 52C17AB2609B5481DB14DF11F8803AAB7B5F788BD0F499126EB8C57B68EF38C981D740

Function 00EBCE20 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listruntime.Pinner: argument is nilcasgstatus: , xrefs: 00EBD1C5

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listruntime.Pinner: argument is nilcasgstatus:
API String ID: 0-1312986596
Opcode ID: 2852051eef0f452754b6b49ba67e4725a494837ff298f5e80d36827314abf9dc
Instruction ID: e09f8492397be84e62e1252e336de6a60da3baff4bfa05bb285fb33f07868e70
Opcode Fuzzy Hash: 2852051eef0f452754b6b49ba67e4725a494837ff298f5e80d36827314abf9dc
Instruction Fuzzy Hash: A5A15E76709B9482CA10DF56E8402ABB766F389BC4F546122EF8D67B29DF38C591CB40

Function 00EA1760 Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

bulkBarrierPreWrite: unaligned argumentsruntime: typeBitsBulkBarrier with type refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn, xrefs: 00EA1B07

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: bulkBarrierPreWrite: unaligned argumentsruntime: typeBitsBulkBarrier with type refill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unkn
API String ID: 0-2740983204
Opcode ID: 4f52235854af02d5301b233a7fbeb7920b834ce3c2824d3ced0a77b64350a1a6
Instruction ID: aee46c02b167c93ed2b1bc4df2b1136fd9bd4f7f5d3c6626d6a69f3379daf333
Opcode Fuzzy Hash: 4f52235854af02d5301b233a7fbeb7920b834ce3c2824d3ced0a77b64350a1a6
Instruction Fuzzy Hash: 0B91E9B6709B9481DB148F56E44039AA7A5F38EFC4F18A166EF8C2BB18DF38D495C700

Function 00ECB5C0 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

H, xrefs: 00ECB717

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-762331664
Opcode ID: 28d59c39c03ef32d80098f42c2bc2289cebfceb396f4cc8d56fc7a43ca58074c
Instruction ID: ea9e3065549455863e778592d2460c0bc5e3da6cd49cc32787eccbe77ff351d7
Opcode Fuzzy Hash: 28d59c39c03ef32d80098f42c2bc2289cebfceb396f4cc8d56fc7a43ca58074c
Instruction Fuzzy Hash: 42A1D036605B84C6DB04CF26E58276EBB61F38AB84F089226DF9C53B55CB7ED456CB00

Function 00EBBF80 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00EBC247

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
API String ID: 0-2099802129
Opcode ID: c90a4eecfbc563e1c8fbb689cf7a8cc4814be2dd0de6275900a74159f0b5a4fe
Instruction ID: 78693be6132c786135522d078dbd5c7714bfcee94eb095b65171ce7b114e700b
Opcode Fuzzy Hash: c90a4eecfbc563e1c8fbb689cf7a8cc4814be2dd0de6275900a74159f0b5a4fe
Instruction Fuzzy Hash: FA61F0B3714B8882DB009B55E48039A7766F78ABD4F54A236EF9D2779ACB7CC585C300

Function 00EA7FA5 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatlisten, xrefs: 00EA7FB4

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:bad nsse41sse42ssse3SHA-1P-224P-256P-384P-521ECDSA (at Classactiveclosedsocks5CANCELGOAWAYPADDEDBasic CookieacceptcookieexpectoriginserverExpectstatusPragmasocks Lockedreadatlisten
API String ID: 0-2436898650
Opcode ID: 52d1c2a848c24b8e14b542b51775eeee3df515208ff3d5d210ccea898cbc7847
Instruction ID: 0742c48baf1ff48cc095d8e30d942639f415ad7dc9317f2c6e0aaaa5425d4a12
Opcode Fuzzy Hash: 52d1c2a848c24b8e14b542b51775eeee3df515208ff3d5d210ccea898cbc7847
Instruction Fuzzy Hash: 60519032209B80C5E710CF20F88139ABBA5F79A784F859226DACC577A4DF7DD549CB00

Function 00EAE700 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00EAE7F0

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
API String ID: 0-3110597650
Opcode ID: f3c5946e8a55f61ca020a2865c92d36e9fad5c8f685cf3f1ac6b1e0133e18be6
Instruction ID: 7ad36ab8305ecd19310304129714dd56c9c6f57207e566422605f823bb89a15a
Opcode Fuzzy Hash: f3c5946e8a55f61ca020a2865c92d36e9fad5c8f685cf3f1ac6b1e0133e18be6
Instruction Fuzzy Hash: C221D3F3B12A8442DF058F15D4803E86762E79AFD8F49A076CF4D1B796CA68C592C300

Function 00F0A040 Relevance: .6, Instructions: 606COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ca1c1244aceae347a8f9ac2eb15ec554e18c3a904a675dc9cf4aa7368306a0
Instruction ID: 34ecd2c3fd187fbd1676bbd50f7f3d57ed20106710a2b75c74629ae771d79372
Opcode Fuzzy Hash: 12ca1c1244aceae347a8f9ac2eb15ec554e18c3a904a675dc9cf4aa7368306a0
Instruction Fuzzy Hash: 1C220033A18B94C6DF608B26D4003AA6765F385FE0F595062EE8D177DADA2DC8D1F702

Function 00F284C0 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb25203ee6f24420e874b2e80166cd381200bd13bd99e2f799229fd6842e1323
Instruction ID: 7a59741d535f2aecbf66292b808df64855ea65536abeb2f14e78b6b13f025ca1
Opcode Fuzzy Hash: cb25203ee6f24420e874b2e80166cd381200bd13bd99e2f799229fd6842e1323
Instruction Fuzzy Hash: 4D02A273B16AA082DB609B26F44036A7B61F395FE4F585051EB8D1BB59DF2CC8D2A700

Function 00F24BE0 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5001242603aa610dcf706d69ccfb74ee8961d5fdab412ef14e520306ab824b7d
Instruction ID: 538347bc19e7651677011d57b009033d45249ead5dfd2aa062a183b9b16e3c25
Opcode Fuzzy Hash: 5001242603aa610dcf706d69ccfb74ee8961d5fdab412ef14e520306ab824b7d
Instruction Fuzzy Hash: 90129A73A18BD081D6258B24F8403EAB360F399B94F44A216DB9D17B99DF78D9D4EB00

Function 00F2E620 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51102e8258aca7f69ba5a12ad5996b96d05771f8455a53d0eb041ef0c5de53c0
Instruction ID: d764037c050282464f0391e97ab3afe9b86eee29a8ba451f4cec09d8e3d07ff6
Opcode Fuzzy Hash: 51102e8258aca7f69ba5a12ad5996b96d05771f8455a53d0eb041ef0c5de53c0
Instruction Fuzzy Hash: 79E1D372E14A74C9EF648B16F4913E93726F381BA4FA85013D79D1B39ACA28C8D5F700

Function 00F29300 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a959873c548300657bc9e9914e1d20bdf8a9fdf53dd6a53edc1328b184b98ef2
Instruction ID: 7a5899efe38998b39d099cfbb4ebf3a132b45bf2ba75465aa8f9cbd4e322c3ee
Opcode Fuzzy Hash: a959873c548300657bc9e9914e1d20bdf8a9fdf53dd6a53edc1328b184b98ef2
Instruction Fuzzy Hash: 34E19C73A08B94C5CB14DF15E84036DBBA5F389BD0F589126DB9E07759DBB8C891E340

Function 00F20800 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aaa0e8dd1596dc74e704b370af8238fc72b219de252742429ec140c862ad16b
Instruction ID: c875f2cc4fea3a07e98a3a05e2bdc7e0ce9359a66044a4f17bcaea23c6cd2d13
Opcode Fuzzy Hash: 2aaa0e8dd1596dc74e704b370af8238fc72b219de252742429ec140c862ad16b
Instruction Fuzzy Hash: 92C1D673B08AA482CA24CF16F4017AAB761F395FD4F584121EE8E87B1ACE7CC945DB40

Function 00EEB920 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a0ebbd6e1204fe0712c4f3124aec735af9cd589f0d7a5d69f9d03c23b72ff0
Instruction ID: 2de7fb07ec1a3b9531f860d2d8aa3b490e7b5ada7c341d223e17a1f1088f3da9
Opcode Fuzzy Hash: a8a0ebbd6e1204fe0712c4f3124aec735af9cd589f0d7a5d69f9d03c23b72ff0
Instruction Fuzzy Hash: B1D1F1B2719BC9C2DA648B12E8003EB77A4F785B84F846122DB8E27B98CF7CC545D745

Function 00F229E0 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb12c21f0e3af71169d5f177604625687ed4998b83fce721931b984a8dbc3db
Instruction ID: 268595f4740cb8af402b0aae6321b3a697f561fe8eafc0e58fd69b9f5362f1cd
Opcode Fuzzy Hash: ecb12c21f0e3af71169d5f177604625687ed4998b83fce721931b984a8dbc3db
Instruction Fuzzy Hash: A4B1F673F08574AAE7A48F34B8613EE6343E388760FC68826C90E57B81D97CC995E740

Function 00EEEC00 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77135d60143943b1ae3e4bc102a6f980ec5da1389148eef60578cdd39220d515
Instruction ID: a607a61f0b1d0ecf0ed98f745b410f9ff9729074e25c9726777336692db447ba
Opcode Fuzzy Hash: 77135d60143943b1ae3e4bc102a6f980ec5da1389148eef60578cdd39220d515
Instruction Fuzzy Hash: E3D12432314BC9C2CB20DB16E404BAA7765F34ABC0FA5A526EE9D67759CF78C801D744

Function 00F09920 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e2ffe62298926e420a286646774cc365aa228636b7c336908dee3fcedd2297
Instruction ID: 071a5aea5adb9255784027049b9e1f1463fc7d1cff6a363ee6ff9e39dabd65aa
Opcode Fuzzy Hash: 83e2ffe62298926e420a286646774cc365aa228636b7c336908dee3fcedd2297
Instruction Fuzzy Hash: 6DD16D72609B8486CB64DB15F48036EB3A5F785BD0F549025EB8E17B6AEF7CC845EB00

Function 00F27C00 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 608b0a9737f4b9f8d63c205e4b85a8633199b8b6fb577f957fe13ee5569e7e92
Instruction ID: 921712b251b5f2387318f13e67d8b6f3047050bad4da4271b0b44d0d614d007c
Opcode Fuzzy Hash: 608b0a9737f4b9f8d63c205e4b85a8633199b8b6fb577f957fe13ee5569e7e92
Instruction Fuzzy Hash: 46D16832209B94C6CB20EB25F88036EB7A1F785BD4F549021EB8E47B59DF39C891DB10

Function 00EF0660 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afb782896c4c4b2993ed6d2dcbcf7eb13a64801e8cb097949a43ffb6a7ddfd80
Instruction ID: d5ad7748f1c01c1f8944755f020fc6bec314b3d6f63bca2b8935bf01606f3b90
Opcode Fuzzy Hash: afb782896c4c4b2993ed6d2dcbcf7eb13a64801e8cb097949a43ffb6a7ddfd80
Instruction Fuzzy Hash: A1B1DD63204B89C6CA50DF65E4007B977A0F39ABC4F94A122EB8E2775ACF78C519D781

Function 00ECFE60 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c040dec99c8a9bddcbe3f2d6b0b66b70241086656905f805d50e162b9b2a41d5
Instruction ID: d647ea3f2d93f894597da97347d5bc132eaab29ea5ad8b1b36762b7ac485f935
Opcode Fuzzy Hash: c040dec99c8a9bddcbe3f2d6b0b66b70241086656905f805d50e162b9b2a41d5
Instruction Fuzzy Hash: E7912C7331969086C724CF66B540BAABB62F789BC4F4C612AEF8D53F15CB39C9518B40

Function 00EFF729 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 759ca9126c4f8afbabc0fd661f81b82394b3d051df9db6df12ac043aa6c60282
Instruction ID: a5a01f203d049dce0d7f736eddbd5b71a715e8655a7c3f5cf709ca83fa75133a
Opcode Fuzzy Hash: 759ca9126c4f8afbabc0fd661f81b82394b3d051df9db6df12ac043aa6c60282
Instruction Fuzzy Hash: 69B10A16D18FCF50E61357789403B766A106FF36D4F01D73ABAC2F16A3D7166A00BA22

Function 00EB9720 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb130fd746afac1ee847c6001b18ced2062d730f18f644d5d9280f3f09a4833
Instruction ID: d73a36fbc30e452a86a6f5de1b696e2bff49a1e80d4b13a724f131108f8a3c76
Opcode Fuzzy Hash: beb130fd746afac1ee847c6001b18ced2062d730f18f644d5d9280f3f09a4833
Instruction Fuzzy Hash: 03A13476618B8482DB608B15F48039BB7A5F78ABD4F146226EBDD53B6ACF7CD054CB00

Function 00EBABC0 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f344743b15ff70daff195f9d47f44da65f090238d139697089b563cac1a088db
Instruction ID: 528f69671eb095d80c22ea9c3b15f6b342844127a90aefc2c1c0c9392e6b5ff1
Opcode Fuzzy Hash: f344743b15ff70daff195f9d47f44da65f090238d139697089b563cac1a088db
Instruction Fuzzy Hash: 31818F73718B8482DB108B15E4803EEB7A2F79ABD0F586126EF9D27B59CB78D491C740

Function 00EEC0A0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea295f6a454d64c73e65b9be7b51afd2df6806965c4ad13861ad712faea1492c
Instruction ID: e37793c1c78f74e230b497879403db76f70b2e6bfb9d74daf25a6d7c0facf1f0
Opcode Fuzzy Hash: ea295f6a454d64c73e65b9be7b51afd2df6806965c4ad13861ad712faea1492c
Instruction Fuzzy Hash: E161E0F2304BD885CA058A1AD4803CA77E6F789FD4F98E225DF9D0BB98DA79C559C340

Function 00F21020 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f136a16628a5e286eaeecfe6530122f72284b6aa965f5916482d7ca76f29824
Instruction ID: 7d2e9c683a2229ee2f0dc7f7880e8b7bfb222d54e5359f6cf068d14885127206
Opcode Fuzzy Hash: 3f136a16628a5e286eaeecfe6530122f72284b6aa965f5916482d7ca76f29824
Instruction Fuzzy Hash: D4413A33B086F482DB18C759B411769B625F3A5BA0F999219DF0B07781CE39CD91F358

Function 00EE19C0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f5aa9cc1a922cbbbb9015e91aca71fe1beaf743049d4661b14f468facd1dae
Instruction ID: 9d41c3ece1ba73787ca4ede1906bc18d3b1f53af7c6200cbe01c52adfca527e4
Opcode Fuzzy Hash: b7f5aa9cc1a922cbbbb9015e91aca71fe1beaf743049d4661b14f468facd1dae
Instruction Fuzzy Hash: 7A41FB32B82ACC8ADB109E76A4513BA6286D3407B8FCC66F4CF2D573C2E67C85D59610

Function 00E9A400 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7d8f6681d35b4d1adde35ee6bc5394262964b64daad2281801e0e9fff281f32
Instruction ID: 009cc4d0c3ee5ac93464135295c9a3516059ec5dd6a0fdc5c8c9a6f3cb6d45e3
Opcode Fuzzy Hash: b7d8f6681d35b4d1adde35ee6bc5394262964b64daad2281801e0e9fff281f32
Instruction Fuzzy Hash: 2C4188A1701A5981EF04CF1689542A9E362EB4DFE4B4DB133CE2D77BA8C66CD9028385

Function 00EE5640 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc85d00aedab086478e882c67554de083e8ab416d13a57cc54ff50c54144c7c
Instruction ID: 6946d213d0d457a998a6ea672316be3dc1c8c62e8faddd6de3a4f46a3dd4ec19
Opcode Fuzzy Hash: 6fc85d00aedab086478e882c67554de083e8ab416d13a57cc54ff50c54144c7c
Instruction Fuzzy Hash: 32519277709E98C2CB24CB16E04036AB761F789BD8F58A416EF8D27B49CB38C491CB00

Function 00EB46A0 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2278334b958efe7e9ec0cb1b1c95f7d412b3ffebae32bb8de686d1c29ee35c
Instruction ID: 2926feaace3ccf9f10cfe328d89bd5308d6acc29c32f3cb38d285a4a223a5062
Opcode Fuzzy Hash: fb2278334b958efe7e9ec0cb1b1c95f7d412b3ffebae32bb8de686d1c29ee35c
Instruction Fuzzy Hash: FC51EAB2604B94C5DA15CB35E44439AB3A2FB46BE4F18A726EB6D237D6DF38D0918700

Function 00EB0260 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b641f17316b22168d311f53b5c193c9c8344a8dc47f771d157c773e95f6bad
Instruction ID: 9c942a209a07c7da97cf944caecda9c3f1a3431e51e46efcf3d1520640c5a29b
Opcode Fuzzy Hash: a0b641f17316b22168d311f53b5c193c9c8344a8dc47f771d157c773e95f6bad
Instruction Fuzzy Hash: 75315AB1A0BF088ACD07D77A54653E3934A6F93BE4F54E7219C2B721E9EB1991528200

Function 00F32D00 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639af035fc332b0107731b9813af852d33629e87c29de4fef2274eaf7c87143b
Instruction ID: c108b32a2b29baf1cac8bbbb056dc63cc6bc6a9907276071f25c724418e0feba
Opcode Fuzzy Hash: 639af035fc332b0107731b9813af852d33629e87c29de4fef2274eaf7c87143b
Instruction Fuzzy Hash: 503152EBD19FCD05F613473994432926650AFF76E4A10E743FEF132A12EB54B5A06324

Function 00EBDEC0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2d3871379ef4234a58a4aca6178531caa16d61f67b9b99e0eef8b4734e8d601
Instruction ID: c31a415f8eee56095d8c192599cd7360f032bd6da529a70ddc7e6886bb0b55dd
Opcode Fuzzy Hash: c2d3871379ef4234a58a4aca6178531caa16d61f67b9b99e0eef8b4734e8d601
Instruction Fuzzy Hash: 2F31F9B5302B844ADB94CB325A54AC9636BF79CBC4B15A235DF0DA3724FB35D4A5C300

Function 00E9DB60 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14a4f48327ce3ec7adb7958960484d701508eb588ab7c4ce527576c287461d02
Instruction ID: 20ec270bcf6954c8037467abab6cc9864ffc91397d6ed621a5463ce978845a72
Opcode Fuzzy Hash: 14a4f48327ce3ec7adb7958960484d701508eb588ab7c4ce527576c287461d02
Instruction Fuzzy Hash: 6B1130F2E26F480ADE47C73A5851351820B5FD6BD4F28D322BD1BB6796EB2590D38100

Function 00F32BE0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156a7beeb203a26e7f0815e4bb70240e6ef6d90e906f0264561fffd1184a11a6
Instruction ID: 6607110e5f40cdca0474f7be68d558844c314f82d561d137350153b4e0ccf73d
Opcode Fuzzy Hash: 156a7beeb203a26e7f0815e4bb70240e6ef6d90e906f0264561fffd1184a11a6
Instruction Fuzzy Hash: 33119D779111B056E346CB3EDC0076E7BA2F389BADF6AC340DFD253089D6255903A6A1

Function 00F02480 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.6999139044.0000000000E91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E90000, based on PE: true

Associated: 00000000.00000002.6999063457.0000000000E90000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.6999706917.00000000010F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000267783.000000000136E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000299430.0000000001371000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000329176.0000000001372000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000356383.0000000001373000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000404957.0000000001396000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000432027.0000000001397000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000461901.0000000001399000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000495147.00000000013A0000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000525651.00000000013EF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000648488.00000000013F2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000681607.0000000001402000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.7000706600.0000000001403000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e90000_LZ_109186961250811H#U00ae.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5afcc2ab062dae4b67b4edd6e32684f8055f5937d835546d78d8531cd07aa9ca
Instruction ID: 6b834dd71a914f561bc6bbbabcdcac93d4c08c6555bf5e80ab7e41decac6ee7f
Opcode Fuzzy Hash: 5afcc2ab062dae4b67b4edd6e32684f8055f5937d835546d78d8531cd07aa9ca
Instruction Fuzzy Hash: 9BC02BF5D07BC218FB54C300B145384B9C18F043D0E80C08492480029ADA3CC3807134

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.59.92	https://ai-arbitrage.pro/	Get hash	malicious	HTMLPhisher	Browse
104.21.80.152	http://conrasty.pro/rd/4GZfNu661Wcuf128ryymsulvqg219KJAPMAHPZPNXNLR15619WARW973R13	Get hash	malicious	Phisher	Browse
104.21.80.152	http://conrasty.pro/rd/4GZfNu661Wcuf128ryymsulvqg219KJAPMAHPZPNXNLR15619WARW973R13	Get hash	malicious	Phisher	Browse
172.67.158.215	GJXZRPhgm4.exe	Get hash	malicious	RedLine SmokeLoader Tofsee Vidar	Browse
172.67.158.215	4f4deRCUD7.exe	Get hash	malicious	RedLine SmokeLoader Tofsee Vidar	Browse
172.67.154.4	cdwoTY6HPY.exe	Get hash	malicious	Glupteba RedLine SmokeLoader Vidar	Browse	mazama.xyz/addInstallImpression.php?key=125478824515ADNxu2ccbwe&ip=&oid=139
172.67.159.186	ArT23Ix6Ox.exe	Get hash	malicious	Unknown	Browse
172.67.159.186	cqKYl7T4CR.exe	Get hash	malicious	Unknown	Browse
18.238.49.52	http://earnandexcel.com	Get hash	malicious	Unknown	Browse
	https://dfv.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse
	https://aolserv.pages.dev/robots.txtIP:	Get hash	malicious	HTMLPhisher	Browse
	https://qrco.de/beoXnp	Get hash	malicious	HTMLPhisher	Browse
	https://o365aqzkadahajmsditmwjlo-987555.webflow.io/	Get hash	malicious	HTMLPhisher	Browse
	https://gbhs.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	Doc Copy - Lingo Construction Services Inc. - RNP58382637F255-1.msg	Get hash	malicious	HTMLPhisher	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atc.spotify.map.fastly.net	https://maxask.com	Get hash	malicious	Unknown	Browse	151.101.131.42
	http://clone-of-spotify.freewebhostmost.com/	Get hash	malicious	Unknown	Browse	151.101.131.42
	https://hoo.be/	Get hash	malicious	Unknown	Browse	151.101.195.42
	http://pflwh.pomeryan.com/4HpNTt15553xtqa1382knsykfmuvm25912PUWUJAJOPLPWWDM2837EWZP17387i18	Get hash	malicious	Unknown	Browse	151.101.131.42
	https://misionerosdigitales.com/2024/07/sabado-mariano-su-misericordia-se-extiende-de-generacion-en-generacion-lucas-150/	Get hash	malicious	Unknown	Browse	151.101.67.42
terra.com.br	27LRj7d24b.exe	Get hash	malicious	Unknown	Browse	52.20.33.255
	I3e0qMoSym.exe	Get hash	malicious	Unknown	Browse	52.20.33.255
	97mXsk0is7.exe	Get hash	malicious	Unknown	Browse	52.20.33.255
	2DxYUGwnkE.exe	Get hash	malicious	Unknown	Browse	52.20.33.255
	6gMbkS5rX7.exe	Get hash	malicious	Unknown	Browse	52.20.33.255
letras.mus.br	eqqjbbjMlt.elf	Get hash	malicious	Unknown	Browse	177.54.145.110
weather.com	statment-document.scr.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	104.140.119.101
	co-trustee delegation agreement 66445.js	Get hash	malicious	Unknown	Browse	104.21.73.20
	SecuriteInfo.com.Trojan.GenericKD.70689352.25194.12145.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.140.119.101
	https://gem.godaddy.com/signups/activate/MS0td052eVQzVHdTK0hOeWUwWVVLdUtCK1RwWUxPREcwUlVla2hyNUhUVzg4N09Xd3YzdUlwSUJHY2Zra3czbDhvbDVmUlRXTjN6eU9KMDNxUXU5Zz09LS12emhpTmQyZGdJQ1dGQk55LS1xcXR5cTZwOC9NWUJ5cjIwTkRqdEhBPT0=?signup=6951345#Y2Jpc2hvcEBidXJiYW5rY2EuZ292	Get hash	malicious	HTMLPhisher	Browse	162.0.229.125

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	GsZkXAmf61.exe	Get hash	malicious	Celestial Rat, EICAR	Browse	162.159.135.232
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	https://entertainsyncfusionlo.ru/Upb5v/#tasteegoats@hscpoly.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	2JHGWjmJ46.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	h9nuWiQZi6.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	GsZkXAmf61.exe	Get hash	malicious	Celestial Rat	Browse	162.159.135.232
	bpdv3trzkv.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	kNyZqDECXJ.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	https://rb.gy/pe5mbu	Get hash	malicious	Unknown	Browse	172.67.166.63
	MiLa0yslQQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
COMMCORPCOMUNICACOESLTDABR	http://www.indeks.pt/	Get hash	malicious	Unknown	Browse	186.211.255.24
	IZ4Om6WI3Q.elf	Get hash	malicious	Unknown	Browse	186.211.180.173
	huhu.mpsl.elf	Get hash	malicious	Mirai	Browse	186.211.162.119
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	186.211.162.128
	dzSjxDbolz.elf	Get hash	malicious	Mirai	Browse	186.211.162.129
	h6v6R2JD0X.exe	Get hash	malicious	Wannacry	Browse	200.143.106.88
	u25HmIWOKl.dll	Get hash	malicious	Wannacry	Browse	186.211.148.170
	nvXPToKtZM	Get hash	malicious	Mirai	Browse	186.211.236.182
	vZHchHINIm	Get hash	malicious	Unknown	Browse	186.211.162.131
	pandora.arm	Get hash	malicious	Mirai	Browse	186.211.132.252
CLOUDFLARENETUS	GsZkXAmf61.exe	Get hash	malicious	Celestial Rat, EICAR	Browse	162.159.135.232
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	https://entertainsyncfusionlo.ru/Upb5v/#tasteegoats@hscpoly.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	2JHGWjmJ46.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	h9nuWiQZi6.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	GsZkXAmf61.exe	Get hash	malicious	Celestial Rat	Browse	162.159.135.232
	bpdv3trzkv.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	kNyZqDECXJ.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	https://rb.gy/pe5mbu	Get hash	malicious	Unknown	Browse	172.67.166.63
	MiLa0yslQQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
ALGARTELECOMSABR	na.elf	Get hash	malicious	Mirai	Browse	189.112.150.137
	0wG3Y7nLHa.elf	Get hash	malicious	Mirai, Okiru	Browse	186.210.235.24
	xd.x86.elf	Get hash	malicious	Mirai	Browse	177.106.110.64
	z3hir.arm7.elf	Get hash	malicious	Mirai	Browse	187.32.189.90
	MOfHb44mph.elf	Get hash	malicious	Unknown	Browse	187.32.177.42
	ZgBCG135hk.elf	Get hash	malicious	Mirai, Moobot	Browse	189.112.150.186
	tVdq8lEt3e.elf	Get hash	malicious	Mirai, Okiru	Browse	201.48.232.174
	154.213.187.80-x86-2024-09-01T00_09_56.elf	Get hash	malicious	Mirai	Browse	191.54.177.166
	mirai.ppc.elf	Get hash	malicious	Mirai	Browse	187.32.94.52
	firmware.armv7l.elf	Get hash	malicious	Unknown	Browse	186.210.247.25

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.243459943615339
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LZ_109186961250811H#U00ae.exe
File size:	5'423'616 bytes
MD5:	1e882dbe5b3ed8af455c98400eed4613
SHA1:	5e655d9c6ece1a0e4875608955053d465315dcf4
SHA256:	f93ded1b0010b80cac7185b9c019d2fad5c94118b4fd7e558e404b26a832634f
SHA512:	d8ebbb98830d8605364d872b79c9ab2143eb8d7fe42dcadefcc604c14ed7e35d38d2adbd912aede0efc870ceb02925856f7978c66d31c98f2d01a430d226099d
SSDEEP:	49152:iZ9g2ySaP/VOQGYCoB9dx4c/pTrvzz5cI5MzBx35EV4QYqyE3rT+TeTYN:1SGJ//pXGEdV3vp
TLSH:	34464A07FC9545E9C4AED2348A629263BA717C495B3023D32F50F7782F76BD0AAB9704
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........R.......".......&..X...... <........@...............................X...........`... ............................

Entrypoint:	0x473c20
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	d42595b695fc008ef2c56aabd8efd68e

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x572000	0x53e	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x562000	0xe0a0	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x573000	0xb63c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4de100	0x178	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x260aec	0x260c00	1be182c475202ff89b9f76281851524f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x262000	0x27b248	0x27b400	5cdfbeaa64caa15806876983a04ed318	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4de000	0x831e0	0x35800	cdb1f30570010de8e9bf406b5c14cc2e	False	0.4116986711448598	data	5.171963311294198	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x562000	0xe0a0	0xe200	053eadf43c4153ee37a00b7c3ac39ddc	False	0.40353636615044247	data	5.448873406066067	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x571000	0xb4	0x200	dfef5875a40cf2be2f3d024ecc71c230	False	0.224609375	shared library	1.7635806726373504	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x572000	0x53e	0x600	95a98549c294805b9d28c033057b900e	False	0.375	OpenPGP Public Key	3.97654664850235	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x573000	0xb63c	0xb800	868c282d4e87c58e44fd1bc6ea5aa97c	False	0.2601902173913043	data	5.428937415750575	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0x57f000	0x4	0x200	07b5472d347d42780469fb2654b7fc54	False	0.02734375	data	0.020393135236084953	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LZ_109186961250811H#U00ae.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Windows Analysis Report
LZ_109186961250811H#U00ae.exe

Function 00EC1720 Relevance: 13.9, Strings: 11, Instructions: 138
COMMON

Function 00E9CD80 Relevance: 12.9, Strings: 10, Instructions: 384
COMMON

Function 00EC2F60 Relevance: 12.7, Strings: 10, Instructions: 247
COMMON

Function 00EB3630 Relevance: 10.4, Strings: 8, Instructions: 375
COMMON

Function 00E92260 Relevance: 9.2, Strings: 7, Instructions: 430
COMMON

Function 00EC78E0 Relevance: 7.8, Strings: 6, Instructions: 301
COMMON

Function 00EADFC0 Relevance: 6.4, Strings: 5, Instructions: 177
COMMON