Edit tour

Windows Analysis Report
https://pdf-ezy.com/pdf-ez.exe

Overview

General Information

Sample URL:	https://pdf-ezy.com/pdf-ez.exe
Analysis ID:	1581050
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Detected potential crypto function

Drops PE files

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64native

cmd.exe (PID: 3236 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

wget.exe (PID: 4268 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

pdf-ez.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\download\pdf-ez.exe" MD5: ADDD963C82C2AA246A853EE7CC114B00)

cleanup

Sigma Signatures

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3716, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1, ProcessId: 3236, ProcessName: cmd.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Desktop\download\pdf-ez.exe

ReversingLabs: Detection: 15%

Bitcoin Miner

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Code function: 4_2_00007FF60AD046E0

4_2_00007FF60AD046E0

Source: unknown

HTTPS traffic detected: 172.67.152.3:443 -> 192.168.11.20:49758 version: TLS 1.2

Source:

Binary string: WebView2Loader.dll.pdb source: pdf-ez.exe, 00000004.00000000.201075089443.00007FF60AEF7000.00000008.00000001.01000000.00000003.sdmp, pdf-ez.exe, 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmp, pdf-ez.exe.2.dr

Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4x nop then shr r10, 0Dh	4_2_00007FF60ACFCB00
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4x nop then lock or byte ptr [rdx], dil	4_2_00007FF60ACF2020
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4x nop then shr r10, 0Dh	4_2_00007FF60ACFDF80
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4x nop then cmp rdx, 40h	4_2_00007FF60ACF18E0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4x nop then cmp rdx, rbx	4_2_00007FF60ACDC860

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /pdf-ez.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: pdf-ezy.comConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: pdf-ezy.com

Source: pdf-ez.exe.2.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crlN
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: pdf-ez.exe.2.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: pdf-ez.exe.2.dr	String found in binary or memory: http://ocsps.ssl.com0_
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: wget.exe, 00000002.00000002.201063601665.0000000001530000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://pdf-ezy.com/pdf-ez.exe
Source: wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pdf-ezy.com/pdf-ez.exeL
Source: wget.exe, 00000002.00000002.201063601665.0000000001530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pdf-ezy.com/pdf-ez.exeM
Source: wget.exe, 00000002.00000002.201063601665.0000000001530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pdf-ezy.com/pdf-ez.exeur
Source: wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: pdf-ez.exe	String found in binary or memory: https://static.pdf-ezy.comUTF16From
Source: pdf-ez.exe, pdf-ez.exe, 00000004.00000000.201074719258.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmp, pdf-ez.exe, 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmp, pdf-ez.exe.2.dr	String found in binary or memory: https://static.pdf-ezy.comUTF16FromString
Source: pdf-ez.exe.2.dr	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758

Source: unknown

HTTPS traffic detected: 172.67.152.3:443 -> 192.168.11.20:49758 version: TLS 1.2

Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD0FFE0	4_2_00007FF60AD0FFE0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF9FE0	4_2_00007FF60ACF9FE0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD17440	4_2_00007FF60AD17440
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF91E0	4_2_00007FF60ACF91E0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACE71A0	4_2_00007FF60ACE71A0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACDE320	4_2_00007FF60ACDE320
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACDD780	4_2_00007FF60ACDD780
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACD2540	4_2_00007FF60ACD2540
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD11C20	4_2_00007FF60AD11C20
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD49BA0	4_2_00007FF60AD49BA0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF3B80	4_2_00007FF60ACF3B80
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4CB40	4_2_00007FF60AD4CB40
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD21CE0	4_2_00007FF60AD21CE0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD0DCC0	4_2_00007FF60AD0DCC0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACEB940	4_2_00007FF60ACEB940
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACDA940	4_2_00007FF60ACDA940
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACFCB00	4_2_00007FF60ACFCB00
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF6AE0	4_2_00007FF60ACF6AE0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD10A60	4_2_00007FF60AD10A60
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4AA40	4_2_00007FF60AD4AA40
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD36029	4_2_00007FF60AD36029
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD00FC0	4_2_00007FF60AD00FC0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACFCFC0	4_2_00007FF60ACFCFC0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD09FC0	4_2_00007FF60AD09FC0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACFDF80	4_2_00007FF60ACFDF80
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4FF80	4_2_00007FF60AD4FF80
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACD40E0	4_2_00007FF60ACD40E0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACE5DA0	4_2_00007FF60ACE5DA0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4AF00	4_2_00007FF60AD4AF00
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF7F20	4_2_00007FF60ACF7F20
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACDEEE0	4_2_00007FF60ACDEEE0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACEBE60	4_2_00007FF60ACEBE60
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4D400	4_2_00007FF60AD4D400
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD0D360	4_2_00007FF60AD0D360
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACFF360	4_2_00007FF60ACFF360
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD1D500	4_2_00007FF60AD1D500
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD4D200	4_2_00007FF60AD4D200
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD00180	4_2_00007FF60AD00180
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACEA2E0	4_2_00007FF60ACEA2E0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACEB280	4_2_00007FF60ACEB280
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACF22A0	4_2_00007FF60ACF22A0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD20820	4_2_00007FF60AD20820
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD2C7E0	4_2_00007FF60AD2C7E0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD507A0	4_2_00007FF60AD507A0
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD09780	4_2_00007FF60AD09780
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60AD06900	4_2_00007FF60AD06900
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: 4_2_00007FF60ACEF660	4_2_00007FF60ACEF660

Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: String function: 00007FF60AD0AD00 appears 687 times
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: String function: 00007FF60AD0A4E0 appears 88 times
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: String function: 00007FF60AD089E0 appears 516 times
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Code function: String function: 00007FF60AD08AC0 appears 31 times

Source: classification engine

Classification label: mal56.evad.mine.win@5/2@1/1

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4700:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4700:120:WilError_03

Source: C:\Users\user\Desktop\download\pdf-ez.exe

File opened: C:\Windows\system32\93d22dc41d1a7fb2d3de7b51de99faa80925ede8bdadf4c2a6bbad7e6b8c759aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: pdf-ez.exe	String found in binary or memory: key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: pdf-ez.exe	String found in binary or memory: key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: pdf-ez.exe	String found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: pdf-ez.exe	String found in binary or memory: ) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: pdf-ez.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: pdf-ez.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser are
Source: pdf-ez.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
Source: pdf-ez.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: pdf-ez.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
Source: pdf-ez.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
Source: pdf-ez.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
Source: pdf-ez.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
Source: pdf-ez.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: pdf-ez.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: pdf-ez.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: pdf-ez.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: pdf-ez.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: pdf-ez.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: pdf-ez.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: pdf-ez.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: pdf-ez.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: pdf-ez.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: pdf-ez.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: pdf-ez.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: pdf-ez.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\pdf-ez.exe "C:\Users\user\Desktop\download\pdf-ez.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\pdf-ez.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source:

Source: pdf-ez.exe.2.dr

Static PE information: section name: .00cfg

Source: C:\Windows\SysWOW64\wget.exe

File created: C:\Users\user\Desktop\download\pdf-ez.exe

Jump to dropped file

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Code function: 4_2_00007FF60AD38D80 rdtscp

4_2_00007FF60AD38D80

Source: C:\Users\user\Desktop\download\pdf-ez.exe

API coverage: 5.9 %

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe, 00000004.00000002.201076741055.00000245BE692000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Code function: 4_2_00007FF60AD38D80 Start: 00007FF60AD38D89 End: 00007FF60AD38D9F

4_2_00007FF60AD38D80

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Code function: 4_2_00007FF60AD38D80 rdtscp

4_2_00007FF60AD38D80

Source: C:\Users\user\Desktop\download\pdf-ez.exe

Code function: 4_2_00007FF60ACD1160 Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,

4_2_00007FF60ACD1160

Source: unknown

Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://pdf-ezy.com/pdf-ez.exe	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Desktop\download\pdf-ez.exe	16%	ReversingLabs	Win64.Trojan.Generic

Source	Detection	Scanner	Label
https://pdf-ezy.com/pdf-ez.exeM	0%	Avira URL Cloud	safe
http://ocsps.ssl.com0	0%	Avira URL Cloud	safe
https://static.pdf-ezy.comUTF16From	0%	Avira URL Cloud	safe
http://ocsp.sectigo.com0	0%	Avira URL Cloud	safe
https://pdf-ezy.com/pdf-ez.exeur	0%	Avira URL Cloud	safe
https://static.pdf-ezy.comUTF16FromString	0%	Avira URL Cloud	safe
http://ocsps.ssl.com0_	0%	Avira URL Cloud	safe
https://pdf-ezy.com/pdf-ez.exeL	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pdf-ezy.com	172.67.152.3	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pdf-ezy.com/pdf-ez.exe	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	pdf-ez.exe.2.dr	false		high
https://pdf-ezy.com/pdf-ez.exeL	wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pdf-ezy.com/pdf-ez.exeM	wget.exe, 00000002.00000002.201063601665.0000000001530000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
https://sectigo.com/CPS0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
http://ocsp.sectigo.com0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
https://static.pdf-ezy.comUTF16FromString	pdf-ez.exe, pdf-ez.exe, 00000004.00000000.201074719258.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmp, pdf-ez.exe, 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmp, pdf-ez.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ssl.com/repository0	pdf-ez.exe.2.dr	false		high
http://ocsps.ssl.com0_	pdf-ez.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://static.pdf-ezy.comUTF16From	pdf-ez.exe	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://www.quovadis.bm	wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	pdf-ez.exe.2.dr	false		high
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
https://pdf-ezy.com/pdf-ez.exeur	wget.exe, 00000002.00000002.201063601665.0000000001530000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com0	wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063362113.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062873041.0000000002EE5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063816299.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201062761186.0000000002EE2000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high
https://ocsp.quovadisoffshore.com	wget.exe, 00000002.00000003.201062795115.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.201063687666.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	wget.exe, 00000002.00000003.201061474582.0000000002EDF000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.201061474582.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp, pdf-ez.exe.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.152.3	pdf-ezy.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581050
Start date and time:	2024-12-26 20:43:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://pdf-ezy.com/pdf-ez.exe
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.evad.mine.win@5/2@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 10 Number of non-executed functions: 46
Cookbook Comments:	Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://pdf-ezy.com/pdf-ez.exe

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	4472
Entropy (8bit):	2.675424700904136
Encrypted:	false
SSDEEP:	48:Yw6t0g0kXFgz13PHI47EQp+aI8tLUExZQ0Oy:ssVfIkvQy
MD5:	0973A58DED70E830E95419914EAB42F9
SHA1:	FCF856B12F949342E9096CBE120C50D0DD3FCFBF
SHA-256:	DFEE235AEAD4A2D7AB038F4FD138EA6401B0CBA6C17BBE699417CE72D28405AF
SHA-512:	6511E14EE89F7CADC2F6BF810D82FF39A2CC2248C873C19263A3684DDB0698B6E886529A52A9F286B973B8BFB5B4512DFB7832820DECC63729CBFC663684D323
Malicious:	false
Reputation:	low
Preview:	--2024-12-26 14:45:47-- https://pdf-ezy.com/pdf-ez.exe..Resolving pdf-ezy.com (pdf-ezy.com)... 172.67.152.3, 104.21.40.135..Connecting to pdf-ezy.com (pdf-ezy.com)\|172.67.152.3\|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 2631856 (2.5M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/pdf-ez.exe'.... 0K .......... .......... .......... .......... .......... 1% 559K 5s.. 50K .......... .......... .......... .......... .......... 3% 1.43M 3s.. 100K .......... .......... .......... .......... .......... 5% 583K 3s.. 150K .......... .......... .......... .......... .......... 7% 2.05M 3s.. 200K .......... .......... .......... .......... .......... 9% 3.17M 2s.. 250K .......... .......... .......... .......... .......... 11% 2.36M 2s.. 300K .......... .......... .......... .......... .......... 13% 2.01M 2s.. 350K .......... .......... .......... .......... .......... 15% 6.70M 2s.. 400K .......... ........

C:\Users\user\Desktop\download\pdf-ez.exe

Download File

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2631856
Entropy (8bit):	6.105549235278512
Encrypted:	false
SSDEEP:	24576:GQFfmjOsaIvRt9hdeX/bn4Y+jCepo81OC8cGLbt0E8T/B8G8Woo3qF+:BFfChaIvR/eXgjCepPCtuT/B+dK
MD5:	ADDD963C82C2AA246A853EE7CC114B00
SHA1:	09A3E5023C4887DBE1156DB7440425F55D13F3CB
SHA-256:	5058A3469D589BDF9279A128DB92C792C9AAA6C041AA20F07C4C090AB2152EFB
SHA-512:	1A530C0F74B808A0E7F67DFFD2B45229D78BE13999EF4FFAA68DBE8A91B09EA27B47CFFB25CDE88AF9F71DFEDE6C2B7490DB37A09DA2BC438DB579A9598D09C9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 16%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d................."......<..........@..........@..............................0......*(...`..........................................\".N...f\".P....p/.........`o....(..$....0.X_..........................XS".(...XZ".8............_".(............................text...F:.......<.................. ..`.rdata.......P... ...@..............@..@.data....b...p"......`".............@....pdata..`o.......p...&&.............@..@.00cfg.......P/.......&.............@..@.tls.........`/.......&.............@....rsrc........p/.......&.............@..@.reloc..X_....0..`....'.............@..B........................................................................................................................................................................................................................................................................................................

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 20:45:47.944852114 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:47.944880962 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:47.945277929 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:47.947192907 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:47.947205067 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.151249886 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.151523113 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.153146982 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.153163910 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.153481960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.155386925 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.198211908 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398627996 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398700953 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398745060 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398787022 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398866892 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398916960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.398920059 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.398936033 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.399108887 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.399108887 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.399123907 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.399302006 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.399308920 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.399492025 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.399492025 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.403872967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404316902 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404361963 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404524088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404550076 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.404575109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404726028 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.404750109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.404897928 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.404913902 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.405018091 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.405157089 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.405180931 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.405464888 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.405487061 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.405487061 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.405509949 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.405706882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.406244040 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.406342030 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.406383991 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.406471014 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.406625986 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.406625986 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.406646967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.406996012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.410696030 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.410764933 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.410954952 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.410985947 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411206007 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.411220074 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411346912 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411732912 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411766052 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.411792040 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411806107 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.411952972 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.411966085 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.412149906 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.412149906 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.455780029 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.495486975 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.495670080 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.495738029 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.495759964 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.495779991 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.495924950 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.495924950 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.496148109 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.499588966 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.499782085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.499942064 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.500099897 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.500319958 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.500386000 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.500653982 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.500701904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.501030922 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.501039028 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.501070023 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.501260042 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.501310110 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.501579046 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.501622915 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.501753092 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.506412983 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.506599903 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.506695986 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.506867886 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.506867886 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.506927967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.507050991 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.507278919 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.507391930 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.507528067 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.507587910 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.507725954 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.507822990 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.507940054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.508124113 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.508124113 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.508171082 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.508316994 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.508557081 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.508745909 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.508795977 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.509063005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594165087 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.594417095 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.594515085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594567060 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.594633102 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.594718933 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594718933 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594718933 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594757080 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.594928026 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.594980955 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595022917 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595082045 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595158100 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595247030 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595345020 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595380068 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595432997 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595529079 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595571995 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595607042 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595607042 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595690966 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595793009 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595815897 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595837116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.595987082 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595987082 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595987082 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595987082 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.595999956 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596127033 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596214056 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596240997 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.596293926 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596431971 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.596431971 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.596577883 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596607924 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.596651077 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.596796036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.597166061 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.597379923 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.597430944 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.597593069 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.597635984 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.597666979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.597918987 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.597942114 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.597990990 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.598121881 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.598334074 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.598694086 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.598898888 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.598938942 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.599247932 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.599385977 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.599662066 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.599807024 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.600795984 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.600893974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.600966930 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.601147890 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.601170063 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.601821899 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.601941109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.602025032 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.602076054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.602173090 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.602266073 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.602266073 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.602415085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.602452993 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.603687048 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.603744030 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.604070902 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.604070902 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.604070902 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.604131937 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.604247093 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.605432034 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.605505943 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.605597973 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.605608940 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.605789900 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.605789900 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.607233047 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.607249975 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.607458115 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.607458115 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.607481003 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.607635975 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.608864069 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.608894110 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.609080076 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.609093904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.609240055 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.609240055 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.609452963 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.610707998 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.610738039 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.611052990 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.611071110 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.612576962 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.612600088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.612766981 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.612782001 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.612854004 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.613046885 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.626151085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.647274017 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.691940069 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.691962004 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.692307949 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.692307949 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.692327023 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.692497015 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.695137978 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.695158958 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.695353031 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.695440054 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.695456982 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.695599079 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.695647001 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.697798967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.697822094 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.698146105 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.698146105 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.698159933 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.698335886 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.699420929 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.699440002 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.699640036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.699640036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.699659109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.699722052 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.699953079 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.701157093 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.701173067 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.701373100 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.701373100 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.701394081 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.701615095 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.701615095 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.703448057 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.703464985 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.703789949 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.703811884 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.704175949 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.704606056 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.704622984 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.704756021 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.704808950 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.704817057 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.704987049 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.705178976 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.706552029 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.706568956 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.706921101 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.706921101 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.706921101 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.706921101 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.706943035 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.707295895 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.708071947 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.708090067 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.708241940 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.708482981 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.708482981 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.708492994 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.708777905 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.709566116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.709582090 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.709745884 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.709954023 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.709954023 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.709965944 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.710103035 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.710540056 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.710557938 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.710716963 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.710923910 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.710923910 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.710942030 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.711146116 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.711850882 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.711868048 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.712059975 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.712146044 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.712157011 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.712306023 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.712502003 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.712939978 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.712956905 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.713135958 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713135958 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713135958 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713149071 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.713324070 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713541985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713541985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713541985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.713743925 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.713761091 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.713905096 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.714088917 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.714095116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.714306116 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.715675116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.715694904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.716130972 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.716145039 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.716325998 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.717317104 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.717334032 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.717776060 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.717793941 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.718156099 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.718874931 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.718893051 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.719055891 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.719286919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.719286919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.719306946 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.719486952 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.720318079 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.720451117 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.720699072 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.720699072 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.720705986 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.721071005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.721322060 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.722218037 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.722229004 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.722574949 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.722588062 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.722795010 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.722795010 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.723938942 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.723949909 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.724148989 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.724148989 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.724158049 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.724211931 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.724585056 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.725641012 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.725651979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.725816965 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.726022959 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.726031065 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.726171017 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.727041960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.727056026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.727263927 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.727272034 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.727448940 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.727730036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.729486942 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.729501009 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.729866028 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.729875088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.730272055 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.730900049 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.730914116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.731126070 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.731126070 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.731138945 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.731295109 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.731503963 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.732599974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.732611895 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.732960939 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.732960939 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.732968092 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.733324051 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.734349966 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.734360933 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.734548092 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.734730005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.734730005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.734730005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.734736919 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.734918118 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.736437082 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.736449957 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.736892939 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.736903906 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.737082005 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.738131046 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.738142014 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.738349915 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.738362074 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.738425970 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.738621950 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.739341974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.739356041 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.739567995 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.739613056 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.739618063 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.739871979 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.786103964 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.786123991 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.786350012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.786369085 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.786537886 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.786725044 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.787400961 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.787420988 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.787632942 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.787651062 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.787785053 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.788003922 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.789180040 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.789199114 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.789524078 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.789541960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.789740086 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.790915012 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.790935993 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.791131973 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.791131973 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.791152000 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.791379929 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.791433096 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.792537928 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.792557955 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.792881012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.792881012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.792881012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.792897940 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.793286085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.793674946 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.793694973 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.793842077 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.794058084 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.794064999 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.794440985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.795571089 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.795589924 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.795984983 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.796001911 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.796361923 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.797521114 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.797537088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.797777891 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.797796011 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.797988892 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.797988892 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.799693108 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.799709082 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.799988031 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.800012112 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.800379992 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.801122904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.801137924 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.801300049 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.801532984 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.801532984 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.801552057 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.801723957 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.802483082 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.802501917 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.802700996 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.802782059 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.802793980 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.802962065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.803133011 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.804245949 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.804265022 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.804476023 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.804493904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.804661036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.804856062 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.806997061 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.807017088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.807291985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.807311058 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.807658911 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.808312893 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.808331966 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.808716059 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.808716059 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.808731079 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.808881998 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.809689045 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.809705019 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.809900999 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.809900999 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.809967041 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.809973955 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.810363054 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.812520981 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.812541008 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.812674999 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.812752962 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.812761068 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.812939882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.813036919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.813910007 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.813925982 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.814057112 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.814105988 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.814112902 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.814291954 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.814291954 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.815597057 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.815613985 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.815901041 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.815901041 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.815920115 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.816267967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.817334890 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.817353010 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.817482948 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.817568064 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.817568064 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.817588091 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.817735910 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.817929983 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.819371939 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.819389105 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.819751978 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.819751978 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.819771051 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.819808006 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.820118904 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.820137024 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.821284056 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.821304083 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.821657896 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.821657896 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.821672916 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.823003054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.823018074 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.823177099 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.823189974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.823376894 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.823376894 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.824810028 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.824826002 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.825150967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.825150967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.825165987 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.826658010 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.826677084 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.826848030 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.826859951 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.826957941 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.827145100 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.828919888 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.828936100 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.829082012 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.829261065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.829261065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.829261065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.829271078 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.831310034 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.831327915 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.831557035 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.831569910 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.831624031 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.833452940 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.833467960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.833591938 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.833604097 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.833832979 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.835278034 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.835293055 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.835438967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.835642099 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.835653067 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.836451054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.836469889 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.836662054 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.836674929 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.836757898 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.836918116 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.837699890 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.837716103 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.837891102 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.837903023 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.838078976 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.838078976 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.839436054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.839456081 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.839792967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.839792967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.839807987 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.840591908 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.840606928 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.840753078 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.840765953 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.840970039 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.840970039 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.841864109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.841881037 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.842025042 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.842277050 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.842288017 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.843696117 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.843714952 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.843908072 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.843920946 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.843976021 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.844167948 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.845067978 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.845082998 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.845231056 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.845242977 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.845421076 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.846503019 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.846518993 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.846868038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.846868038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.846882105 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.848247051 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.848272085 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.848458052 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.848470926 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.848732948 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.849534035 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.849549055 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.849704027 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.849716902 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.849919081 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.850786924 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.850802898 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.850923061 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.851150990 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.851161003 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.851747990 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.851766109 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.852047920 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.852060080 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.852238894 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.853867054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.853882074 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.854048014 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.854060888 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.854221106 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.854412079 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.855777979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.855793953 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.856122017 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.856122017 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.856134892 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.857230902 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.857249975 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.857419014 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.857429981 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.857506037 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.857697964 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.858480930 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.858496904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.858642101 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.858891010 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.858897924 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.859879017 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.859896898 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.860070944 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.860080004 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.860153913 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.860348940 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.861150026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.861165047 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.861504078 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.861504078 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.861525059 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.862752914 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.862771988 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.862898111 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.862915039 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.863142967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.863142967 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.863979101 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.863995075 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.864166975 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.864343882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.864343882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.864356995 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.865303993 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.865329981 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.865490913 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.865500927 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.865601063 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.865767956 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.866455078 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.866471052 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.866600990 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.866626024 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.866835117 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.866852999 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.867023945 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.867325068 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.867343903 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.867516041 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.867527008 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.867600918 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.867794991 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.868947029 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.868962049 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.869110107 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.869110107 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.869287968 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.869293928 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.869507074 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.870702028 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.870721102 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.870893002 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.870910883 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.871005058 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.871165991 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.871881962 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.871897936 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.872044086 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.872055054 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.872236013 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.873377085 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.873471975 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.873554945 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.873738050 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.873747110 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.882019997 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.882039070 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.882404089 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.882404089 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.882424116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.882961035 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.882980108 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.883496046 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.883513927 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.883536100 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.884138107 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.884138107 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.884157896 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.884603024 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.884603024 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.884649038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.884718895 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.884740114 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.885126114 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.885134935 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.885507107 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.885514975 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.885523081 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.885670900 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.885689974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.885941029 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.885941029 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.885953903 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.886214018 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.886894941 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.886913061 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.887070894 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.887116909 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.887129068 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.887278080 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.887490034 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.888030052 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.888046980 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.888374090 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.888386011 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.888755083 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.889229059 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.889245033 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.889461040 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.889478922 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.889647961 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.889836073 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.889952898 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.889969110 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.890355110 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.890355110 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.890368938 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.890734911 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.891443968 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.891458988 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.891665936 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.891665936 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.891680002 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.891848087 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.892035007 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.892416954 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.892432928 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.892760992 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.892760992 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.892774105 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.892952919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.893141985 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.893537045 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.893553972 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.893676043 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.893728018 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.893737078 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.894069910 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.894069910 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.894396067 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.894412041 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.894768953 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.894768953 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.894782066 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.894953966 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.894953966 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.895620108 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.895638943 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.895920038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.895920038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.895930052 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.896270037 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.896919966 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.896936893 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.897125006 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.897135019 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.897306919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.897512913 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.897805929 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.897821903 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.898109913 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.898119926 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.898433924 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.898499966 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.898509979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.898641109 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.898641109 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.898650885 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.898860931 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.898869991 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.899038076 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.899482012 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.899498940 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.899648905 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.899904013 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.899913073 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.900213957 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.900286913 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.900293112 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.900419950 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.900615931 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.901732922 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.901757002 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.901948929 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.901957989 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.902206898 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.902206898 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.902896881 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.902916908 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.903259039 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.903270006 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.903454065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.903454065 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.903878927 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.903907061 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.904153109 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.904162884 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.904340982 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.904522896 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.905546904 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.905563116 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.906646013 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.906656981 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.906668901 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.907286882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.907286882 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.908065081 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.908081055 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.908226013 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.908482075 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.908492088 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.908746958 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.908765078 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.908960104 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.908967018 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.909022093 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.909214973 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.909357071 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.909372091 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.909473896 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.909574986 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.909584045 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.909761906 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.910052061 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.910069942 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.910263062 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.910273075 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.910346031 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.910520077 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.911103010 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.911122084 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.911480904 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.911480904 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.911490917 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.912363052 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.912384033 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.912717104 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.912718058 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.912718058 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.912729979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.913224936 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.913239002 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.913386106 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.913393021 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.913578987 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.913578987 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.914354086 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.914371014 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.914515018 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.914697886 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.914704084 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.915261984 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.915281057 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.915537119 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.915537119 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.915545940 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.916380882 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.916395903 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.916544914 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.916553020 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.916737080 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.916949034 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.917319059 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.917335033 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.917483091 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.917705059 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.917714119 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.918464899 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.918488026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.918651104 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.918663979 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.918740988 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.918932915 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.919373035 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.919393063 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.919714928 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.919714928 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.919729948 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.920727015 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.920747995 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.921600103 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.921601057 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.921617985 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.921633959 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.921650887 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.921981096 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.922233105 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.922245026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.923079967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.923099995 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.923240900 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.923254967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.923623085 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.923966885 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.923985004 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.924128056 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.924313068 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.924326897 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.925079107 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.925098896 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.926223993 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.926244974 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.926433086 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.926433086 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.926450014 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.927155972 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.927175045 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.927196026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.927611113 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.927611113 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.927627087 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.927774906 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.928065062 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.928137064 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.928154945 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.928508043 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.928519964 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.928889036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.929564953 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.929584026 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.929769039 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.929780006 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.929954052 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.930135965 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.931065083 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.931086063 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.931474924 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.931493998 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.931833029 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.932904959 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.932923079 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.933104038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.933104038 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.933283091 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.933291912 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.933507919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.933507919 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.934082985 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.934098959 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.934295893 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.934381962 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.934381962 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.934400082 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.934614897 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.934869051 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.934887886 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.935213089 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.935224056 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.935405970 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.935622931 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.935993910 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.936011076 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.936192036 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.936204910 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.936395884 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.936593056 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.937216997 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.937232971 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.937630892 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.937650919 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.938282967 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.938302040 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.938775063 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.938792944 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.939225912 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.939608097 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.939719915 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.939735889 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.939882040 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.940221071 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.940232038 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.940665960 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.940666914 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.940677881 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.940757036 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.941052914 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.941071987 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.941323042 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.942245960 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.942261934 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.942574024 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.942588091 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.942943096 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.942992926 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.943061113 CET	443	49758	172.67.152.3	192.168.11.20
Dec 26, 2024 20:45:48.943249941 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.943758011 CET	49758	443	192.168.11.20	172.67.152.3
Dec 26, 2024 20:45:48.943773031 CET	443	49758	172.67.152.3	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 20:45:47.753865004 CET	58978	53	192.168.11.20	1.1.1.1
Dec 26, 2024 20:45:47.938648939 CET	53	58978	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 20:45:47.753865004 CET	192.168.11.20	1.1.1.1	0x985c	Standard query (0)	pdf-ezy.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 20:45:47.938648939 CET	1.1.1.1	192.168.11.20	0x985c	No error (0)	pdf-ezy.com		172.67.152.3	A (IP address)	IN (0x0001)	false
Dec 26, 2024 20:45:47.938648939 CET	1.1.1.1	192.168.11.20	0x985c	No error (0)	pdf-ezy.com		104.21.40.135	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pdf-ezy.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49758	172.67.152.3	443	4268	C:\Windows\SysWOW64\wget.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 19:45:48 UTC	197	OUT	GET /pdf-ez.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko Accept: / Accept-Encoding: identity Host: pdf-ezy.com Connection: Keep-Alive
2024-12-26 19:45:48 UTC	1173	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 19:45:48 GMT Content-Type: application/octet-stream Content-Length: 2631856 Connection: close Access-Control-Allow-Origin: pdf-ezy.com Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD Access-Control-Allow-Credentials: true Cache-Control: no-store Etag: "09a3e5023c4887dbe1156db7440425f55d13f3cb" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3kHLzhQXF864SCm1utQVrH1oq0nEPVX0WYT5DLipi4v9edVl4gSbQiYAq6tDgZskygY%2BRQu91%2FHOhi6a0UhBXIHBjLp%2FYPCZcGZYkHclK%2F%2FzWP3vQuamYc%2FfQTQhA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8392c50db442bc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=94638&min_rtt=94574&rtt_var=20051&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=784&delivery_rate=40406&cwnd=252&unsent_bytes=0&cid=f6b7989103062780&ts=260&x=0"
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 3c 10 00 00 c4 17 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 30 00 00 04 00 00 f2 2a 28 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd"<@@0*(`
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 48 83 c4 28 c3 66 90 41 57 41 56 56 57 53 48 83 ec 20 65 48 8b 04 25 30 00 00 00 48 8b 78 08 48 8b 35 c9 3e 10 00 31 c0 f0 48 0f b1 3e 0f 94 c3 74 2e 48 39 c7 74 29 4c 8b 35 a1 4f 22 00 66 0f 1f 84 00 00 00 00 00 b9 e8 03 00 00 41 ff d6 31 c0 f0 48 0f b1 3e 0f 94 c3 74 05 48 39 c7 75 e7 48 8b 3d 90 3e 10 00 8b 07 83 f8 01 75 0c b9 1f 00 00 00 e8 ff 35 10 00 eb 27 83 3f 00 74 09 c6 05 b9 23 26 00 01 eb 19 c7 07 01 00 00 00 48 8b 0d 7a 3e 10 00 48 8b 15 7b 3e 10 00 e8 16 36 10 00 8b 07 83 f8 01 75 19 48 8b 0d 50 3e 10 00 48 8b 15 51 3e 10 00 e8 fc 35 10 00 c7 07 02 00 00 00 84 db 74 05 31 c0 48 87 06 48 8b 05 e6 3d 10 00 48 8b 00 48 85 c0 74 10 31 c9 ba 02 00 00 00 45 31 c0 ff 15 c6 3d 2f 00 e8 a9 d3 0f 00 48 8d 0d 32 d9 0f 00 ff 15 d4 4e 22 00 48 8b 0d e5 Data Ascii: H(fAWAVVWSH eH%0HxH5>1H>t.H9t)L5O"fA1H>tH9uH=>u5'?t#&Hz>H{>6uHP>HQ>5t1HH=HHt1E1=/H2N"H
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 06 31 c9 31 d2 eb 0d 31 c0 31 db 5d c3 48 8d 4b 01 48 89 f8 48 8d 34 49 48 8d 34 71 48 89 c7 90 4c 8d 04 01 4d 8d 40 01 48 85 f6 7c 59 45 0f b6 00 45 89 c1 41 83 e0 7f 48 89 cb 48 89 f1 49 d3 e0 48 83 f9 40 48 19 f6 49 21 f0 4c 01 c2 41 f6 c1 80 75 b9 90 48 8d 04 03 48 8d 40 02 48 85 d2 7c 1f 48 89 c1 48 f7 d9 48 39 d1 72 05 48 89 d3 5d c3 48 85 c0 74 05 e8 b2 eb 05 00 e8 ed eb 05 00 e8 a8 eb 05 00 e8 83 5e 03 00 90 48 89 44 24 08 e8 98 58 06 00 48 8b 44 24 08 e9 4e ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 f0 00 00 00 55 48 89 e5 0f b6 10 f6 c2 02 74 06 31 c9 31 d2 eb 0d 31 c0 31 db 5d c3 48 8d 4b 01 48 89 f8 48 8d 34 49 48 8d 34 71 48 89 c7 90 4c 8d 04 01 4d 8d 40 01 0f 1f 00 48 85 f6 0f 8c ab 00 00 00 45 0f b6 00 45 89 c1 41 Data Ascii: 1111]HKHH4IH4qHLM@H\|YEEAHHIH@HI!LAuHH@H\|HHH9rH]Ht^HD$XHD$NI;fUHt1111]HKHH4IH4qHLM@HEEA
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 00 00 e8 ce 76 06 00 4c 89 c8 b9 0a 00 00 00 e8 c1 76 06 00 4c 89 c8 b9 0a 00 00 00 e8 b4 76 06 00 31 c0 48 8d 1d 59 1b 14 00 48 89 cf be 00 04 00 00 4c 8d 05 ff a2 13 00 41 b9 03 00 00 00 b9 1b 00 00 00 e8 0c f6 04 00 e8 c7 a1 00 00 48 89 c3 48 8d 05 3d 24 11 00 e8 b8 61 03 00 48 8d 1d 22 21 14 00 b9 1c 00 00 00 48 89 c7 be 00 04 00 00 4c 8d 05 c0 a2 13 00 41 b9 03 00 00 00 31 c0 e8 d0 f5 04 00 e8 8b a1 00 00 48 89 c3 48 8d 05 01 24 11 00 90 e8 7b 61 03 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 40 88 74 24 28 44 88 44 24 29 e8 17 53 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 0f b6 74 24 28 44 0f b6 44 24 29 e9 93 fb ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 10 4d 8b Data Ascii: vLvLv1HYHLAHH=$aH"!HLA1HH${aHD$H\$HL$H\|$ @t$(DD$)SHD$H\$HL$H\|$ t$(DD$)UHHM
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 75 26 44 0f b7 1c 07 66 41 81 fb 61 6c 75 19 0f b6 7c 07 02 40 80 ff 6c 75 0e 48 8b 3d 33 1c 26 00 31 c0 e9 08 03 00 00 44 88 54 24 1f 48 8b 15 20 1c 26 00 48 89 54 24 40 31 c0 90 e9 bb 01 00 00 e8 d6 82 03 00 48 8d 05 95 cc 13 00 bb 10 00 00 00 e8 45 8b 03 00 48 8b 44 24 58 48 8b 5c 24 20 e8 36 8b 03 00 48 8d 05 34 32 14 00 bb 20 00 00 00 e8 25 8b 03 00 48 8b 44 24 60 48 8b 5c 24 48 e8 16 8b 03 00 48 8d 05 32 9d 13 00 bb 02 00 00 00 e8 05 8b 03 00 0f 1f 44 00 00 e8 db 82 03 00 48 8b 74 24 70 4c 8b 44 24 50 e9 0e fe ff ff 48 89 44 24 68 48 89 4c 24 28 66 90 e8 5b 82 03 00 48 8d 05 a4 37 14 00 bb 21 00 00 00 e8 ca 8a 03 00 48 8b 44 24 68 48 8b 5c 24 28 e8 bb 8a 03 00 48 8d 05 d7 9c 13 00 bb 02 00 00 00 e8 aa 8a 03 00 e8 85 82 03 00 48 8b 74 24 70 4c 8b 44 Data Ascii: u&DfAalu\|@luH=3&1DT$H &HT$@1HEHD$XH\$ 6H42 %HD$`H\$HH2DHt$pLD$PHD$hHL$(f[H7!HD$hH\$(HHt$pLD
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 0d fe 16 26 00 83 3d 37 66 2e 00 00 74 13 e8 70 68 06 00 49 89 03 48 8b 15 d6 16 26 00 49 89 53 08 48 89 05 cb 16 26 00 48 89 c2 8b 44 24 48 48 89 1d c5 16 26 00 4c 8d 43 fb 49 c1 e0 05 4a c7 44 02 08 06 00 00 00 42 c6 44 02 18 00 42 c6 44 02 19 00 83 3d e9 65 2e 00 00 74 18 4e 8b 0c 02 0f 1f 00 e8 1b 68 06 00 4d 89 0b 4e 8b 4c 02 10 4d 89 4b 08 4c 8d 0d b4 9d 13 00 4e 89 0c 02 4c 8d 0d ca 6b 2e 00 4e 89 4c 02 10 4a c7 44 02 28 04 00 00 00 42 c6 44 02 38 00 42 c6 44 02 39 00 83 3d 9c 65 2e 00 00 74 16 4e 8b 4c 02 20 e8 d0 67 06 00 4d 89 0b 4e 8b 4c 02 30 4d 89 4b 08 4c 8d 0d 43 9a 13 00 4e 89 4c 02 20 4c 8d 0d 81 6b 2e 00 4e 89 4c 02 30 4a c7 44 02 48 05 00 00 00 42 c6 44 02 58 00 42 c6 44 02 59 00 83 3d 50 65 2e 00 00 74 16 4e 8b 4c 02 40 e8 84 67 06 00 Data Ascii: &=7f.tphIH&ISH&HD$HH&LCIJDBDBD=e.tNhMNLMKLNLk.NLJD(BD8BD9=e.tNL gMNL0MKLCNL Lk.NL0JDHBDXBDY=Pe.tNL@g
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 36 8b 44 24 08 0f 1f 44 00 00 85 c0 0f 84 54 02 00 00 89 44 24 44 b8 00 00 00 80 48 89 04 24 e8 66 02 00 00 45 0f 57 ff 4c 8b 35 3b 60 2e 00 65 4d 8b 36 4d 8b 36 8b 44 24 08 89 05 6a 5e 2e 00 48 c7 04 24 01 00 00 00 66 90 e8 3b 02 00 00 45 0f 57 ff 4c 8b 35 10 60 2e 00 65 4d 8b 36 4d 8b 36 8b 44 24 10 0f ba e0 00 0f 92 05 8a 66 2e 00 0f ba e0 01 0f 92 05 7b 66 2e 00 0f ba e0 09 0f 92 05 75 66 2e 00 0f ba e0 13 0f 92 05 6b 66 2e 00 0f ba e0 14 0f 92 05 61 66 2e 00 0f ba e0 17 0f 92 05 50 66 2e 00 0f ba e0 19 0f 92 05 38 66 2e 00 0f ba e0 0c 0f 92 c1 0f ba e0 1b 0f 92 c2 88 15 2f 66 2e 00 21 d1 88 0d 26 66 2e 00 0f ba e0 1b 72 06 31 c9 31 d2 eb 51 89 44 24 4c e8 c7 01 00 00 45 0f 57 ff 4c 8b 35 7c 5f 2e 00 65 4d 8b 36 4d 8b 36 8b 04 24 0f ba e0 01 73 09 0f Data Ascii: 6D$DTD$DH$fEWL5;`.eM6M6D$j^.H$f;EWL5`.eM6M6D$f.{f.uf.kf.af.Pf.8f./f.!&f.r11QD$LEWL5\|_.eM6M6$s
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 18 48 8d 72 01 48 c1 e6 05 48 8b 7c 24 38 48 8b 1c 3e 4c 8b 44 24 30 4a 8b 04 06 4a 8b 4c 06 08 e8 8c 07 00 00 84 c0 75 95 eb 8b b8 01 00 00 00 90 eb 85 48 89 44 24 08 48 89 5c 24 10 e8 2f 3e 06 00 48 8b 44 24 08 48 8b 5c 24 10 0f 1f 44 00 00 e9 bb fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 08 48 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 08 48 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c1 48 d1 e8 48 ba 55 55 55 55 55 55 55 55 48 21 d0 48 21 ca 48 8d 0c 02 48 89 ca 48 c1 e9 02 48 bb 33 33 33 33 33 33 33 33 48 21 d9 48 21 d3 48 01 d9 48 89 ca 48 c1 e9 04 48 01 d1 48 ba 0f 0f 0f 0f 0f 0f 0f 0f 48 21 ca 48 89 d1 Data Ascii: HrHH\|$8H>LD$0JJLuHD$H\$/>HD$H\$DHH9HH9HHHUUUUUUUUH!H!HHHH33333333H!H!HHHHHH!H
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: 00 00 66 0f 1f 84 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 0f 1f 40 00 c5 fe 6f 17 c5 fe 6f 67 20 c5 ed 74 d9 c5 dd 74 e9 c5 fd d7 d3 c5 fd d7 cd f3 0f b8 d2 f3 0f b8 c9 49 01 d4 49 01 cc 48 83 c7 40 4c 39 df 7e d0 4c 39 ef 74 4d 4c 89 df c5 fe 6f 17 c5 fe 6f 67 20 c5 ed 74 d9 c5 dd 74 e9 c5 fd d7 d3 c5 fd d7 cd c5 f8 77 48 c1 e1 20 48 09 ca 48 83 e3 3f 48 c7 c1 40 00 00 00 48 29 d9 49 c7 c2 ff ff ff ff 49 d3 e2 4c 21 d2 f3 48 0f b8 d2 49 01 d4 4d 89 20 c3 c5 f8 77 4d 89 20 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d 86 5b 2e 00 01 74 05 e9 92 06 00 00 48 8b 74 24 08 48 8b 5c 24 10 8a 44 24 18 4c 8d 44 24 20 e9 fa fd ff ff cc cc cc cc cc cc cc cc cc cc 48 83 fb 08 0f 82 08 01 00 00 48 83 fb 40 0f 82 cc 00 00 00 80 3d 38 Data Ascii: ff@oog ttIIH@L9~L9tMLoog ttwH HH?H@H)IIL!HIM wM =[.tHt$H\$D$LD$ HH@=8
2024-12-26 19:45:48 UTC	1369	IN	Data Raw: f3 41 0f 6f 08 48 8d 74 17 f1 49 c7 c1 10 00 00 00 49 29 c1 66 0f 1f 84 00 00 00 00 00 66 90 66 0f 3a 61 0f 0c 4c 39 c9 76 18 4c 01 cf 48 39 f7 72 ed 66 0f 3a 61 4e ff 0c 4c 39 c9 77 8f 48 8d 7e ff 48 01 cf 4c 29 d7 49 89 3b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 54 24 10 4c 8b 44 24 18 48 8b 44 24 20 49 89 fa 4c 8d 5c 24 28 e9 bf fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 66 48 0f 6e c0 66 0f 60 c0 66 0f 60 c0 66 0f 70 c0 00 48 83 fb 10 7c 58 48 89 f7 48 83 fb 20 0f 87 91 00 00 00 48 8d 44 1e f0 eb 19 0f 1f 40 00 f3 0f 6f 0f 66 0f 74 c8 66 0f d7 d1 0f bc d2 75 25 48 83 c7 10 48 39 c7 72 e6 48 89 c7 f3 0f 6f 08 66 0f 74 c8 66 0f d7 d1 0f bc d2 75 08 49 c7 Data Ascii: AoHtII)fff:aL9vLH9rf:aNL9wH~HL)I;H\|$HT$LD$HD$ IL\$(fHnf`f`fpH\|XHH HD@oftfu%HH9rHoftfuI

Target ID:	0
Start time:	14:45:47
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe" > cmdline.out 2>&1
Imagebase:	0xf20000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:45:47
Start date:	26/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff74f3e0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:45:47
Start date:	26/12/2024
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://pdf-ezy.com/pdf-ez.exe"
Imagebase:	0x400000
File size:	3'895'184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:45:49
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\download\pdf-ez.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\download\pdf-ez.exe"
Imagebase:	0x7ff60acd0000
File size:	2'631'856 bytes
MD5 hash:	ADDD963C82C2AA246A853EE7CC114B00
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Antivirus matches:	Detection: 16%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	17.2%
Total number of Nodes:	790
Total number of Limit Nodes:	64

Executed Functions

Function 00007FF60ACDD780 Relevance: 14.1, Strings: 11, Instructions: 384
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 00007FF60ACDDB47
base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 00007FF60ACDDDF1
out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume, xrefs: 00007FF60ACDDB58
) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 00007FF60ACDDEC5
, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+, xrefs: 00007FF60ACDDEA5
memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 00007FF60ACDDEF2
, xrefs: 00007FF60ACDDE0F
region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime., xrefs: 00007FF60ACDDDC7
out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 00007FF60ACDDB36
end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 00007FF60ACDDE1F
out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 00007FF60ACDDB25

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+$arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr rangeneed padding in bucket (key)/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.
API String ID: 0-936411634
Opcode ID: 03971cda208206f7927824e227f210f5584e0e69b1411dfe24f4519c567dcd32
Instruction ID: adce6d76d15fd4395626be7930f7125272e58b2d24d8920d0b16fdf0888e6494
Opcode Fuzzy Hash: 03971cda208206f7927824e227f210f5584e0e69b1411dfe24f4519c567dcd32
Instruction Fuzzy Hash: CA02AC33A09B8191EA609B11E4407BAB7A4FB85BD0F6582B5EE9E937D5CF3CE444C740

Function 00007FF60ACDE320 Relevance: 9.3, Strings: 7, Instructions: 547COMMON

Download Yara Rule

Strings

malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 00007FF60ACDEBB6
unexpected malloc header in delayed zeroing of large objectreflect: call of reflect.Value.Len on ptr to non-array Valuemanual span allocation called with non-manually-managed typeaddr range base and limit are not in the same memory segmentruntime: netpoll: Pos, xrefs: 00007FF60ACDEB4C
mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largelimiterEvent.stop: invalid limiter event type foundpotential, xrefs: 00007FF60ACDEBD8
malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo, xrefs: 00007FF60ACDEBC7
mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 00007FF60ACDEBA5
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF60ACDE6B3
delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableruntime: unable, xrefs: 00007FF60ACDEB5D

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersruntime.reflect_makemap: unsupported map key typesweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableruntime: unable$malloc deadlockruntime error: elem size wrong with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]mo$malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCallback: function argument frame too largelimiterEvent.stop: invalid limiter event type foundpotential$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= $unexpected malloc header in delayed zeroing of large objectreflect: call of reflect.Value.Len on ptr to non-array Valuemanual span allocation called with non-manually-managed typeaddr range base and limit are not in the same memory segmentruntime: netpoll: Pos
API String ID: 0-1905236817
Opcode ID: b67c3bf7b8b4be83d5386c87b99dfd3faf5651390b0cb810ecc7d0c296ede8dc
Instruction ID: acf921323d6364e41b89e866f69980d0c2864866703010fbda015f908c47c9fd
Opcode Fuzzy Hash: b67c3bf7b8b4be83d5386c87b99dfd3faf5651390b0cb810ecc7d0c296ede8dc
Instruction Fuzzy Hash: 1432D063A4C69291EA608B11E0403BABB75FB45BD4F6A41B5EE8D8B7D5CF7CE840C700

Function 00007FF60ACD2540 Relevance: 9.2, Strings: 7, Instructions: 474
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanics, xrefs: 00007FF60ACD25A1
avx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptExWSAIoctlshutdownGoStringEqualSidSetEventIsWindowrecvfrom48828125infinitystrconv.parsing ParseIntThursdaySaturdayFebruaryNovemberDecember%!Month(nil PoolscavengepollDesc, xrefs: 00007FF60ACD2B44
rdtscppopcntcmd/goheaderAnswerDEBUG: ERROR: FATAL: successempty11error51 error3 error4readdirAppDataconsoleCopySidWSARecvWSASendconnectfloat32float64webviewFreeSidSleepEx\\.\UNCinvaliduintptrSwapperChanDir using , type= Value>19531259765625TuesdayJanuaryOctobe, xrefs: 00007FF60ACD25E0
pclmulqdqmath/randtlsrsakexClassINETAuthorityproductionGlobalFreeGlobalLockGlobalSizeShowWindow/dev/stdinCreateFileowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dll].resolve(dwmapi.dlluser3, xrefs: 00007FF60ACD25BF
adxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=: p=cas1cas2ca, xrefs: 00007FF60ACD2566
sse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625SundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondsysmontimersefenceselect, xrefs: 00007FF60ACD27C8
avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].reject(ole32.dllpsapi.dllwinmm.dllPurgeCommSetupCommcomplex64interfaceinvalid nfuncargs(bad indirreflect: as type Interfa, xrefs: 00007FF60ACD2B91

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: adxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=: p=cas1cas2ca$avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].reject(ole32.dllpsapi.dllwinmm.dllPurgeCommSetupCommcomplex64interfaceinvalid nfuncargs(bad indirreflect: as type Interfa$avx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptExWSAIoctlshutdownGoStringEqualSidSetEventIsWindowrecvfrom48828125infinitystrconv.parsing ParseIntThursdaySaturdayFebruaryNovemberDecember%!Month(nil PoolscavengepollDesc$ermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanics$pclmulqdqmath/randtlsrsakexClassINETAuthorityproductionGlobalFreeGlobalLockGlobalSizeShowWindow/dev/stdinCreateFileowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dllws2_32.dll].resolve(dwmapi.dlluser3$rdtscppopcntcmd/goheaderAnswerDEBUG: ERROR: FATAL: successempty11error51 error3 error4readdirAppDataconsoleCopySidWSARecvWSASendconnectfloat32float64webviewFreeSidSleepEx\\.\UNCinvaliduintptrSwapperChanDir using , type= Value>19531259765625TuesdayJanuaryOctobe$sse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625SundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondsysmontimersefenceselect
API String ID: 0-3770322468
Opcode ID: f5ae85d933dce3fd5d1ad7541e68460234f9844a8fbe8a0cbe685b7207863dab
Instruction ID: 01b5d6b38d224f26c483bd618779e71997e49f650c9b360e8181a795e4000a8e
Opcode Fuzzy Hash: f5ae85d933dce3fd5d1ad7541e68460234f9844a8fbe8a0cbe685b7207863dab
Instruction Fuzzy Hash: 72426777918B4585E300DB24E8447A837B4FB95BC4F6982B6DA8D8B3A1CF7DE499C300

Function 00007FF60AD046E0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

powrprof.dll, xrefs: 00007FF60AD046F9
PowerRegisterSuspendResumeNotification, xrefs: 00007FF60AD04749

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: PowerRegisterSuspendResumeNotification$powrprof.dll
API String ID: 0-3247360486
Opcode ID: 282d507ea5a0d461be9bcaa133736010ddc7e165a396d654e9e85b196e3163d7
Instruction ID: b57c5d067862e90af64b807c9b822db3e9478d2bf436e71ad2cd34adb2e88787
Opcode Fuzzy Hash: 282d507ea5a0d461be9bcaa133736010ddc7e165a396d654e9e85b196e3163d7
Instruction Fuzzy Hash: 27315A77608B8582D600CB11F44176AB7A5FB89BC0F688275EA8C83B95DF7DE151CB40

Function 00007FF60ACF9FE0 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me, xrefs: 00007FF60ACFA542

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me
API String ID: 0-3724787384
Opcode ID: feeea1401a8c46345cce493e9248a479bd279dddb3c72d5e968fe926be9e233c
Instruction ID: 7a109991b3227e03658ba4026df94a58213f49c5e0faec2f9ad00a76c13015bc
Opcode Fuzzy Hash: feeea1401a8c46345cce493e9248a479bd279dddb3c72d5e968fe926be9e233c
Instruction Fuzzy Hash: DEE1A173A4DB8695EA608B15E4803AAB7B0FB85BD0F659179DE8D83799CF3CD054CB00

Function 00007FF60ACE71A0 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor, xrefs: 00007FF60ACE7350

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor
API String ID: 0-1712010102
Opcode ID: 4f225db3e1da8e2d67392fa33b27cdc14b908f3feca90c9fe2e009fbedc434fc
Instruction ID: e4ebca37846d6f99019c6f640c94afd313bf15aba74bfc53071ed6aff886c539
Opcode Fuzzy Hash: 4f225db3e1da8e2d67392fa33b27cdc14b908f3feca90c9fe2e009fbedc434fc
Instruction Fuzzy Hash: 80D17F33A0DA4296EA54DB14E4922BEB7B0FB85B90F254575EA8D837D5EF3CE444CB00

Function 00007FF60AD17440 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76886f3e7331c25afa6874c89285e7793ec5519e57e245326ba860b37dbbccea
Instruction ID: fa132914851a6d79dd6836bc079148f835cf7cd714b8905e202ec69adbcdfc2c
Opcode Fuzzy Hash: 76886f3e7331c25afa6874c89285e7793ec5519e57e245326ba860b37dbbccea
Instruction Fuzzy Hash: 28D14833A0CA4296EB00DB25E49027AB7A4FB857C4F6452B5EA8DC77A5DF7CE444CB40

Function 00007FF60AD0FFE0 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80a7d07a40261beb0c1833991fef2890657d2aab185c36c5e221f931b2a0440
Instruction ID: 99a088295cc8c12fe6c0f85fc562e402a50755b117ba61774d0168b5139586d8
Opcode Fuzzy Hash: f80a7d07a40261beb0c1833991fef2890657d2aab185c36c5e221f931b2a0440
Instruction Fuzzy Hash: 1CA19F73E0C602AAEB11AB14D88037977A1EF85BC4F7491B5C94D873D5DE3DE9C58680

Function 00007FF60ACF91E0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d85a32b0c350f9d4297e3d7eeb9a0e44cd6e83ac63d69feac9711deabeb5f6
Instruction ID: 015527aa937e70694f2fddd3583244ae1bc77299dcc1a1dc813582638b181aa7
Opcode Fuzzy Hash: e1d85a32b0c350f9d4297e3d7eeb9a0e44cd6e83ac63d69feac9711deabeb5f6
Instruction Fuzzy Hash: 3341C77770878695DB44C719E4812F92771EB84BC0FA28176DE0E937A9DE3CE54AC700

Function 00007FF60AD3A620 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE ref: 00007FF60AD3A6B8

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d0420e7b245c68536b1289b904fe6097933a37c154ff1c15fd575de53d0a58cb
Instruction ID: af29960503a0e295b8e34f20932601aaf05772f755ae6cf2bbe37543b6b17167
Opcode Fuzzy Hash: d0420e7b245c68536b1289b904fe6097933a37c154ff1c15fd575de53d0a58cb
Instruction Fuzzy Hash: 87115E37A05E4181EB218B1AE4413287374E748BE4F244265DEED577A4CF29E192C700

Non-executed Functions

Function 00007FF60ACEBE60 Relevance: 18.2, Strings: 14, Instructions: 703COMMON

Download Yara Rule

Strings

ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 00007FF60ACEC98B
, xrefs: 00007FF60ACEC43F
ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 00007FF60ACEC76A
gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 00007FF60ACECC5A
gc %: gp *(in n= ) - P MPC= < end > ]:pc= G'"'cgodnstcpudpadxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallproot, xrefs: 00007FF60ACEC5CE
gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625S, xrefs: 00007FF60ACEBF24
non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptrmin size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - d, xrefs: 00007FF60ACECC38
@n, xrefs: 00007FF60ACEC918
MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 00007FF60ACECA45
@s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST, xrefs: 00007FF60ACEC5EC
MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 00007FF60ACECA05
., xrefs: 00007FF60ACEC54A
+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0, xrefs: 00007FF60ACEC736, 00007FF60ACEC8D6
failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre, xrefs: 00007FF60ACECC49

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: $ @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST$ MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0$.$@n$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre$gc %: gp *(in n= ) - P MPC= < end > ]:pc= G'"'cgodnstcpudpadxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallproot$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625S$non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptrmin size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - d
API String ID: 0-1965916994
Opcode ID: 20a9f1e947cec068c8899a96030df848e90247376e1ba733de23c8f5f173a29a
Instruction ID: b06fba4fab5472fdcd6447850c0f9e295e5cbd27e4fde54754990491d3fd342f
Opcode Fuzzy Hash: 20a9f1e947cec068c8899a96030df848e90247376e1ba733de23c8f5f173a29a
Instruction Fuzzy Hash: AD821937A1CB8295E620DB14E4813BA73A4FB897C0F6552B6DA8C877A6DF3CE444C750

Function 00007FF60ACFCFC0 Relevance: 16.8, Strings: 13, Instructions: 542COMMON

Download Yara Rule

Strings

, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base numberuser32netdnsCommonrdtscppopcntcmd/goheaderAnswerDEBUG: ERROR: FATAL: successempty11error51 error3 error4readdirAppDataconsoleCopySidWSARecvWSASendconnectfloat32float64webviewFr, xrefs: 00007FF60ACFD845
, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by ProcessPrngNetShareAddNetShar, xrefs: 00007FF60ACFD7BC
runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon, xrefs: 00007FF60ACFD8A5
bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00007FF60ACFD39C, 00007FF60ACFDAEC
, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+, xrefs: 00007FF60ACFD313, 00007FF60ACFD32F, 00007FF60ACFD751, 00007FF60ACFD76F
runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00007FF60ACFD2BF, 00007FF60ACFD6F6
runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockjson: unsupported type: invalid pattern syntax: failed to get window rectInvalid matrix dime, xrefs: 00007FF60ACFD825
, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00007FF60ACFD8C5
] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+103, xrefs: 00007FF60ACFD736
] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625SundayMondayFridayAugustUTC-11UTC-02, xrefs: 00007FF60ACFD2F8
runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of closed fileexceeded, xrefs: 00007FF60ACFD36F
][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-, xrefs: 00007FF60ACFD2DA, 00007FF60ACFD71B
, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptExWSAIoctlshutdownGoStringEqualSidSet, xrefs: 00007FF60ACFD7DA

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: , : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+$, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base numberuser32netdnsCommonrdtscppopcntcmd/goheaderAnswerDEBUG: ERROR: FATAL: successempty11error51 error3 error4readdirAppDataconsoleCopySidWSARecvWSASendconnectfloat32float64webviewFr$, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptExWSAIoctlshutdownGoStringEqualSidSet$, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by ProcessPrngNetShareAddNetShar$] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+103$] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625SundayMondayFridayAugustUTC-11UTC-02$][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-$bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflowsemacquire not on the G stackruntime: split stack overflowstring concatenation too lon$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of closed fileexceeded$runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockjson: unsupported type: invalid pattern syntax: failed to get window rectInvalid matrix dime$runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-1536050161
Opcode ID: 8100086eea9d6eb95332ed4f9c776df0943978283ac36c14b4365f4805ce75fe
Instruction ID: ffd24f9f0b2fd7a5a7242e6840783d751b3d32352c91fdcbb54c673d38eed397
Opcode Fuzzy Hash: 8100086eea9d6eb95332ed4f9c776df0943978283ac36c14b4365f4805ce75fe
Instruction Fuzzy Hash: E032B037B58B8681EA20AB11E4407EA7325FB84BC4F6141B6DE9D87BEADE3CD545C700

Function 00007FF60AD20820 Relevance: 15.4, Strings: 12, Instructions: 364COMMON

Download Yara Rule

Strings

missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGlobalLock failedG, xrefs: 00007FF60AD20CB9, 00007FF60AD20E39
locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangelooking for beginning of valuein exponent of numeric literalreflect: Len of non-array typeGODEBUG: unknown cpu feature "MIPS JMP reloc not i, xrefs: 00007FF60AD20D35
untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGl, xrefs: 00007FF60AD20DEC
and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreek, xrefs: 00007FF60AD20B8F, 00007FF60AD20D1A
args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine json: Unmarshal(non-pointer !#$%&()*+-./:;<=>?@[]^_{|}~ unexpected end of JSON inputabi.NewName: name too long: operatio, xrefs: 00007FF60AD20BAF
untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unreachable: DefWindowProcWSetWindowTextWmime/multipartWebView2LoaderRCodeNameErrorinvalid whenceShowWindowAsyncUninstallStringGetProcessTimesDuplicateHandleadvertise errorkey, xrefs: 00007FF60AD20C77
) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05J, xrefs: 00007FF60AD20BF2, 00007FF60AD20D73
+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0, xrefs: 00007FF60AD20C92, 00007FF60AD20E0F
bad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGlobalLock failedGlobalSize failed, xrefs: 00007FF60AD20C0A, 00007FF60AD20D8A
runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pskip this directoryfile already existsfile does not existfile already closedbinary.LittleEndianafter array elementmultipartmaxheadersRCodeNotImplementedinvalid read lengthGetNativeSyst, xrefs: 00007FF60AD20B73, 00007FF60AD20CFF
runtime: frame runtimer: bad ptraceback stuckCreateWindowExWPostQuitMessageIsDialogMessagejstmpllitinterptarinsecurepathx509usepolicieszipinsecurepathSetClipboardDataGetClipboardDataGetSystemMetrics0123456789abcdefTerminateProcessinvalid exchangeno route to ho, xrefs: 00007FF60AD20C54, 00007FF60AD20DC9
(targetpc= , plugin: runtime: g : frame.sp=created by ProcessPrngNetShareAddNetShareDeli/o timeoutMarshalJSONMarshalTextGetMessageWGetAncestorgocachehashgocachetesthttp2clienthttp2serverarchive/tartls10servercrypto/x509archive/zipClassHESIODdXNlcjMyLg==kernel, xrefs: 00007FF60AD20BD7, 00007FF60AD20D58

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: (targetpc= , plugin: runtime: g : frame.sp=created by ProcessPrngNetShareAddNetShareDeli/o timeoutMarshalJSONMarshalTextGetMessageWGetAncestorgocachehashgocachetesthttp2clienthttp2serverarchive/tartls10servercrypto/x509archive/zipClassHESIODdXNlcjMyLg==kernel$ and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleep cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreek$ args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine json: Unmarshal(non-pointer !#$%&()*+-./:;<=>?@[]^_{|}~ unexpected end of JSON inputabi.NewName: name too long: operatio$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangelooking for beginning of valuein exponent of numeric literalreflect: Len of non-array typeGODEBUG: unknown cpu feature "MIPS JMP reloc not i$ untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unreachable: DefWindowProcWSetWindowTextWmime/multipartWebView2LoaderRCodeNameErrorinvalid whenceShowWindowAsyncUninstallStringGetProcessTimesDuplicateHandleadvertise errorkey$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGl$) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05J$+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0$bad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGlobalLock failedGlobalSize failed$missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdjustWindowRectGODEBUG: value "RCodeFormatErrorProgramFiles(x86)globalLock failedGlobalLock failedG$runtime: frame runtimer: bad ptraceback stuckCreateWindowExWPostQuitMessageIsDialogMessagejstmpllitinterptarinsecurepathx509usepolicieszipinsecurepathSetClipboardDataGetClipboardDataGetSystemMetrics0123456789abcdefTerminateProcessinvalid exchangeno route to ho$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pskip this directoryfile already existsfile does not existfile already closedbinary.LittleEndianafter array elementmultipartmaxheadersRCodeNotImplementedinvalid read lengthGetNativeSyst
API String ID: 0-332858449
Opcode ID: a60bb16122401ca96cf067b18e0a148994f22fa01e098e16df8c29d9ce45a06e
Instruction ID: 91be1e1d943f872fd68e6d683b816079e80f661b97ca58065186a413ac419155
Opcode Fuzzy Hash: a60bb16122401ca96cf067b18e0a148994f22fa01e098e16df8c29d9ce45a06e
Instruction Fuzzy Hash: 7AF14E37A08B8685E660EF15E4807AAB365FB48BC0F644271DA8D877E6DF7CE944C710

Function 00007FF60ACEA2E0 Relevance: 14.1, Strings: 11, Instructions: 368COMMON

Download Yara Rule

Strings

because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of c, xrefs: 00007FF60ACEA7E6
runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block, xrefs: 00007FF60ACEA854
runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultjson: invalid number literal, trying to unmarshal %q into Numberwindow.external={invoke:s=>window.chrome.webview.postMessage(s)}unkn, xrefs: 00007FF60ACEA8FC
, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed, xrefs: 00007FF60ACEA930
nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 00007FF60ACEA90D
runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru, xrefs: 00007FF60ACEA950
runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already , xrefs: 00007FF60ACEA763, 00007FF60ACEA7B7, 00007FF60ACEA821
runtime.SetFinalizer: pointer not at beginning of allocated blockreflect: reflect.Value.UnsafePointer on an invalid notinheap pointerUnable to load WebView2Loader.dll from disk: %v -- or from memory: %wtoo many concurrent operations on a single file or socket , xrefs: 00007FF60ACEA86A
runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi, xrefs: 00007FF60ACEA93F
, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00007FF60ACEA845
runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state, xrefs: 00007FF60ACEA8EB

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of c$, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed$nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod$runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already $runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi$runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru$runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultjson: invalid number literal, trying to unmarshal %q into Numberwindow.external={invoke:s=>window.chrome.webview.postMessage(s)}unkn$runtime.SetFinalizer: pointer not at beginning of allocated blockreflect: reflect.Value.UnsafePointer on an invalid notinheap pointerUnable to load WebView2Loader.dll from disk: %v -- or from memory: %wtoo many concurrent operations on a single file or socket $runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state$runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block
API String ID: 0-3871885416
Opcode ID: f3fea037fbc59c6dc49e0e0531317db027d22dc8bb575e9ce3f20186e49734a6
Instruction ID: 132741a7d36fde9a6bdac59187d60eabfc7d5b907e49be6c82a516c030d87d1c
Opcode Fuzzy Hash: f3fea037fbc59c6dc49e0e0531317db027d22dc8bb575e9ce3f20186e49734a6
Instruction Fuzzy Hash: 2F028F73A09B8295EA60DB11E4423B977B5FB447C0F6A42B5DA8C937D5EF2CE444C700

Function 00007FF60ACD1160 Relevance: 13.6, APIs: 9, Instructions: 130sleepstringCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,00007FF60ACD1156), ref: 00007FF60ACD11A5
_amsg_exit.MSVCRT(?,?,?,00007FF60ACD1156), ref: 00007FF60ACD11CC
_initterm.MSVCRT ref: 00007FF60ACD120F
SetUnhandledExceptionFilter.KERNEL32(?,?,?,00007FF60ACD1156), ref: 00007FF60ACD124E
malloc.MSVCRT ref: 00007FF60ACD127E
strlen.MSVCRT ref: 00007FF60ACD12A4
malloc.MSVCRT ref: 00007FF60ACD12B0
memcpy.MSVCRT ref: 00007FF60ACD12C3
_cexit.MSVCRT(?,?,?,00007FF60ACD1156), ref: 00007FF60ACD132D

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID: malloc$ExceptionFilterSleepUnhandled_amsg_exit_cexit_inittermmemcpystrlen
String ID:
API String ID: 2643109117-0
Opcode ID: 9f059c4e0d7175df32fdc682b7db7297a43b6be884790895ab4fa97cc0a0551e
Instruction ID: 770a9607b8e5a9f710d3f41bbd69665da0543e9c5cc5555a52d05c26d50c4a6f
Opcode Fuzzy Hash: 9f059c4e0d7175df32fdc682b7db7297a43b6be884790895ab4fa97cc0a0551e
Instruction Fuzzy Hash: 2C517563A19A8391FB409B25E9543B937A0EF897C0F6986B5C94DCB3A2DF3CE441C740

Function 00007FF60ACF6AE0 Relevance: 13.3, Strings: 10, Instructions: 810COMMON

Download Yara Rule

Strings

nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].re, xrefs: 00007FF60ACF75C8
sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte, xrefs: 00007FF60ACF74E6
previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:, xrefs: 00007FF60ACF75E5
swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00007FF60ACF74F7
mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea, xrefs: 00007FF60ACF794A
sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine for type , xrefs: 00007FF60ACF7538, 00007FF60ACF7905
mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification, xrefs: 00007FF60ACF7578
mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 00007FF60ACF795B
mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00007FF60ACF7553, 00007FF60ACF7925
sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 00007FF60ACF762F

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].re$ previous allocCount=, levelBits[level] = runtime: searchIdx = defer on system stackpanic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine for type $mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-991432480
Opcode ID: dd4d95e8eb000408a3d75874c816563ffde6c3c5b0940106734e96a78eccf9cb
Instruction ID: add1443881c36934da61ee0401ef9587db2741f0fc1e8ae8f658689bed10cdaf
Opcode Fuzzy Hash: dd4d95e8eb000408a3d75874c816563ffde6c3c5b0940106734e96a78eccf9cb
Instruction Fuzzy Hash: 84828D33A4CA8292E7609B11E4407BA77B1FB85BC4F6551B6EA8D83B95DF3CE454CB00

Function 00007FF60AD2C7E0 Relevance: 8.0, Strings: 6, Instructions: 450COMMON

Download Yara Rule

Strings

fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecR, xrefs: 00007FF60AD2CE32
pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+12, xrefs: 00007FF60AD2CE72
...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14 m=StdDltfinobjgc %: gp *(in n, xrefs: 00007FF60AD2CC77
non-Go function at pc=RtlLookupFunctionEntry into Go struct field json: unknown field %qCompareBrowserVersionssetClipboardData failedGetClipboardData failedInvalid recovery amountdevice or resource busyinterrupted system callno space left on deviceoperation no, xrefs: 00007FF60AD2CF9B
sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtes, xrefs: 00007FF60AD2CE52
) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05J, xrefs: 00007FF60AD2CCCD

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtestWexecWexecR$ pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+12$ sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930monthLocaldefersweeptestRtes$) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05J$...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-01-11-12-08-09+13CETBSTMSK-06+14 m=StdDltfinobjgc %: gp *(in n$non-Go function at pc=RtlLookupFunctionEntry into Go struct field json: unknown field %qCompareBrowserVersionssetClipboardData failedGetClipboardData failedInvalid recovery amountdevice or resource busyinterrupted system callno space left on deviceoperation no
API String ID: 0-1007798798
Opcode ID: 3fe719c042daaea98e7c643f8eec413020d3404a13d9e5770bbd4579f7a71014
Instruction ID: 3b48d948d98012aa5e805633d78e6c58efc7290f1c2fc8526fbb9d898f8ccd22
Opcode Fuzzy Hash: 3fe719c042daaea98e7c643f8eec413020d3404a13d9e5770bbd4579f7a71014
Instruction Fuzzy Hash: A4222A3761DBC185E6609B11E4947AEB760FB997C0F244275EA8D87BAACF3DD844CB00

Function 00007FF60ACF18E0 Relevance: 7.7, Strings: 6, Instructions: 177COMMON

Download Yara Rule

Strings

base of ) = <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+054, xrefs: 00007FF60ACF1B1B
objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G'"'cgodnstcpudpadxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallpr, xrefs: 00007FF60ACF1B36
greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 00007FF60ACF1B6F
+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0, xrefs: 00007FF60ACF1AE5
runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo, xrefs: 00007FF60ACF1AA7
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 00007FF60ACF1B5E

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: +;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0$base of ) = <==GOGC] = pc=: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=nulljson'\''icmpigmpermssse3avx2bmi1bmi2.dllerrorfalse%dx%d<nil>writecloseLstatntohsErrorCall int16int32int64uint8arrayslice and kind=1562578125MarchApril+0530+0430+054$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $objgc %: gp *(in n= ) - P MPC= < end > ]:pc= G'"'cgodnstcpudpadxaesshaavxfmanetZGxsfailtrue.exefilereadseekopenpipeStatbindboolint8uintchanfunccallkind on Call in 3125Atoi-Inf+InfJuneJulyEESTSASTAKSTAKDTACSTACDTAESTAEDTAWSTCESTNZSTNZDT as hourallgallpr$runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)LockOSThread nesting overflo
API String ID: 0-1098575979
Opcode ID: 74028a3ed9a107562cb688fea293698fbcdeb6d73138b232c8e82cdaca70dd53
Instruction ID: 679be9e63e2362eb9fdc7f5e1670f8378fc28f170e2f487d8565d82cd0766b41
Opcode Fuzzy Hash: 74028a3ed9a107562cb688fea293698fbcdeb6d73138b232c8e82cdaca70dd53
Instruction Fuzzy Hash: A771CD73A48B8292EB009B11E4407A97774FB45BC0F5842B6EF8D977A6DF6CE194C700

Function 00007FF60AD10A60 Relevance: 7.2, Strings: 5, Instructions: 943COMMON

Download Yara Rule

Strings

findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg, xrefs: 00007FF60AD119AC
global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsCreateCoreWebView2EnvironmentWithOptionscould not resolve symbol %q in module %qunexpected call to os.Exit(0) during testcan't call pointer , xrefs: 00007FF60AD1198A
findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlineRISC-V LOW12I reloc not implementedRISC-V LOW12S reloc not implementedItanium Imm64 r, xrefs: 00007FF60AD1199B
findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionNetUserGetLocalGroupsGetProfilesDirectoryWbad type in compare: after to, xrefs: 00007FF60AD119CE
findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 00007FF60AD119BD

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlineRISC-V LOW12I reloc not implementedRISC-V LOW12S reloc not implementedItanium Imm64 r$findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionNetUserGetLocalGroupsGetProfilesDirectoryWbad type in compare: after to$global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsCreateCoreWebView2EnvironmentWithOptionscould not resolve symbol %q in module %qunexpected call to os.Exit(0) during testcan't call pointer
API String ID: 0-3241008627
Opcode ID: 96e61d1265dcf79d5a0dabb067b463dc985f3e14bf88ab1a05d50a959bd3061c
Instruction ID: 07bee8518f1dd398eddc5bab548ddb5efdb92f952c29184d5a0cdec552065fc1
Opcode Fuzzy Hash: 96e61d1265dcf79d5a0dabb067b463dc985f3e14bf88ab1a05d50a959bd3061c
Instruction Fuzzy Hash: 5A925B33A0D68695EB609B11E4803FA73A4FB85BC0F6842B9DA8D977D5CE3DE485C740

Function 00007FF60AD09780 Relevance: 6.5, Strings: 5, Instructions: 298COMMON

Download Yara Rule

Strings

, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp, xrefs: 00007FF60AD09BF0
suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function address family not supported by protocolreflect.Value.Call: call of nil functionreflect.Value.Call: wron, xrefs: 00007FF60AD09CAA
invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdju, xrefs: 00007FF60AD09C99
runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of closed fileexceeded max depthinvalid character in numeric literalPostThre, xrefs: 00007FF60AD09BBA
, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoRe, xrefs: 00007FF60AD09BD5, 00007FF60AD09C57

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoRe$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp$invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GetCurrentThreadRtlVirtualUnwindafter object keyRegisterClassExWTranslateMessageDispatchMessageWAdju$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeupuse of closed fileexceeded max depthinvalid character in numeric literalPostThre$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function address family not supported by protocolreflect.Value.Call: call of nil functionreflect.Value.Call: wron
API String ID: 0-1295745489
Opcode ID: 181abbb8e578d298f47d5fb72c3c1fa9e28a159ed069d81c290e640dd917b3f4
Instruction ID: 399046a3bb38861c0a400ecdfe0efa9c2ceb3154666a283c0ac213fed4c061c6
Opcode Fuzzy Hash: 181abbb8e578d298f47d5fb72c3c1fa9e28a159ed069d81c290e640dd917b3f4
Instruction Fuzzy Hash: 44E12077A0C78182E710DB15E051BAEBB65FB85BD0F2452B5EA9D83BE6CE3CD5408B10

Function 00007FF60ACF22A0 Relevance: 6.4, Strings: 5, Instructions: 179COMMON

Download Yara Rule

Strings

MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from dalTLDpSugct?GetTempPath2W, xrefs: 00007FF60ACF2525
(scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptEx, xrefs: 00007FF60ACF24C5
+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0, xrefs: 00007FF60ACF2545
-> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-, xrefs: 00007FF60ACF2505
pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P, xrefs: 00007FF60ACF24A6

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type number shlwapiavx512fos/execruntime#internU2VuZA==SW5wdXQ=IsIconicFullPathno anodeCancelIoReadFileAcceptEx$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from dalTLDpSugct?GetTempPath2W$+;-=/M<1_Ly, : i))(??2500M [("")) ) @s -> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+0$-> Pn=][}]> +{}":LlLtLuMn"###EOF???\\?nil\\.\??intmapptr...125625nanNaNSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecUTCEET+00+01CATWATEATGMTHSTHDT-03-04-05ESTCSTCDTMSTMDT-02EDTASTADTPSTPDTNSTNDT+06+03+04+07IST+09+08IDT+12PKT+11KST+05JST+10-$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P
API String ID: 0-3306728289
Opcode ID: da428b16634114def18819a9a5c5ad9833046f00a90852a687457b6e47873834
Instruction ID: 0bfee660bab5707564b4b075ed943e0a7b73c89d826943ea90b768855ed77e84
Opcode Fuzzy Hash: da428b16634114def18819a9a5c5ad9833046f00a90852a687457b6e47873834
Instruction Fuzzy Hash: 8D81D533D1CB9585E611EB25E4402A9B764FF8ABC0F2583B5EA8D977A6CF3CD0818740

Function 00007FF60ACDC860 Relevance: 6.3, Strings: 5, Instructions: 80COMMON

Download Yara Rule

Strings

packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseL, xrefs: 00007FF60ACDC925
cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value39, xrefs: 00007FF60ACDC905
runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00007FF60ACDC8E5
-> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00007FF60ACDC945
lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces, xrefs: 00007FF60ACDC96F

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value39$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseL$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
API String ID: 0-1730742742
Opcode ID: 8f2eb9a2b8997e63b78ae9ff9b4a00650a393834701e09d39371975257449b94
Instruction ID: 29cb4f80c61b2800fa9284bd6dc13cf794f17ac5e88fcc73c2cf3e246c620d53
Opcode Fuzzy Hash: 8f2eb9a2b8997e63b78ae9ff9b4a00650a393834701e09d39371975257449b94
Instruction Fuzzy Hash: 1C314F33A58B4696E600AF10E8416BDB764FF49BC0F6946B0EA9D877A6CF2CD444C714

Function 00007FF60ACEB280 Relevance: 5.3, Strings: 4, Instructions: 334COMMON

Download Yara Rule

Strings

!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00007FF60ACEB7F1
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRight, xrefs: 00007FF60ACEB818
runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 00007FF60ACEB7BB
flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00007FF60ACEB7D6

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRight$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
API String ID: 0-4177187854
Opcode ID: db033016f78a97d3413a5c659bc74f07ec80ba9ecf4af80d6aadedeb8fa68c6c
Instruction ID: 5800c0ccce38672f0b51f2f672dca5d0e57e955e13a77d0e1cc34bf9b2539cd4
Opcode Fuzzy Hash: db033016f78a97d3413a5c659bc74f07ec80ba9ecf4af80d6aadedeb8fa68c6c
Instruction Fuzzy Hash: 18F15D33A08B4296E710DB24E48137A77A5FB457D0F6582B5DA9D83BA5DF3CE844C740

Function 00007FF60ACD40E0 Relevance: 5.3, Strings: 4, Instructions: 294COMMON

Download Yara Rule

Strings

2-by, xrefs: 00007FF60ACD4106
te k, xrefs: 00007FF60ACD4115
expa, xrefs: 00007FF60ACD40E8
nd 3, xrefs: 00007FF60ACD40F7

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: 2-by$expa$nd 3$te k
API String ID: 0-3581043453
Opcode ID: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
Instruction ID: 65304bddf4bf0ab02c867c1957945afb1e7aa958cadc0a3f277e0500ec76e40e
Opcode Fuzzy Hash: d0a0678b136faf6cdae2b5bb443573c909990b14ac4f0b67f8b4f134291ae36c
Instruction Fuzzy Hash: C3B1C066F29FD94AF323A63810036B7EB185FFB9C9A40E327FC9474A87D72095036254

Function 00007FF60AD0D360 Relevance: 5.3, Strings: 4, Instructions: 266COMMON

Download Yara Rule

Strings

casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangejson: invalid number literal %qin literal true (expecting 'r')in literal t, xrefs: 00007FF60AD0D76F
casgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCall, xrefs: 00007FF60AD0D6DB
runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 00007FF60AD0D727
newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].reject(ole32.dllpsapi.dllw, xrefs: 00007FF60AD0D745

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlkernel32SetFocusavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestiondownloadsDownloadsFindCloseLocalFreeMoveFileWWriteFileWSASendTontdll.dll].reject(ole32.dllpsapi.dllw$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangejson: invalid number literal %qin literal true (expecting 'r')in literal t$casgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCall$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
API String ID: 0-2301614297
Opcode ID: b2e194b5385a0a913317b5ce0643d29fd988f55a6f3ebafca10e78eff0d7cfdb
Instruction ID: a22ba107228c4e5f645ad93c79168848160fa4f4ff47ba54a351883ca6c90319
Opcode Fuzzy Hash: b2e194b5385a0a913317b5ce0643d29fd988f55a6f3ebafca10e78eff0d7cfdb
Instruction Fuzzy Hash: 5CC15D37A09A8586E610DB65E08577E7762FB4ABC0F648272DA9C837E6DF3DE441C700

Function 00007FF60AD09FC0 Relevance: 5.2, Strings: 4, Instructions: 221COMMON

Download Yara Rule

Strings

reflect., xrefs: 00007FF60AD0A1AC
runtime., xrefs: 00007FF60AD0A152
runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=unknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff in string literalSHCreateMemStreamGetWindowLongPtrWSetWindowLongPtrWmultipartmaxpartsmz: b, xrefs: 00007FF60AD0A185
bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unreachable: DefWindo, xrefs: 00007FF60AD0A273

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unreachable: DefWindo$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=unknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff in string literalSHCreateMemStreamGetWindowLongPtrWSetWindowLongPtrWmultipartmaxpartsmz: b
API String ID: 0-2296074645
Opcode ID: a0a80ba4ace492d864c51c655d9bf9733eb7bda5b97a3e0cdc3934049c3c409d
Instruction ID: dd573b86138f138b6a4275e668bfec3fe7b00481dc61bfeceb08a50cb623185c
Opcode Fuzzy Hash: a0a80ba4ace492d864c51c655d9bf9733eb7bda5b97a3e0cdc3934049c3c409d
Instruction Fuzzy Hash: A7818F33B08B418AEB648B20D0407BA72A1FB95BD4F6852B5DB4D977E5DF3DE8918700

Function 00007FF60AD06900 Relevance: 4.0, Strings: 3, Instructions: 273COMMON

Download Yara Rule

Strings

runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=Incompatible matrix dimensions for multiplicationinvalid or incomplete multibyte or wide characterfunction may only return a value or a value+errornot enough signif, xrefs: 00007FF60AD06D67
self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchnot pollableLittleEndianUpdateWindowPostMessageWResult: %08xmultipathtcpgotypesa, xrefs: 00007FF60AD06DA5
runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsCreateCoreWebView2EnvironmentWithOptionscould not resolve symbol %q in module %qunexpected call to o, xrefs: 00007FF60AD06D8F

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=Incompatible matrix dimensions for multiplicationinvalid or incomplete multibyte or wide characterfunction may only return a value or a value+errornot enough signif$runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsCreateCoreWebView2EnvironmentWithOptionscould not resolve symbol %q in module %qunexpected call to o$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchnot pollableLittleEndianUpdateWindowPostMessageWResult: %08xmultipathtcpgotypesa
API String ID: 0-1549910287
Opcode ID: 66678ef200bcddfacdd84758e365ace3ed2ceda1e906b03957e659c4d905e224
Instruction ID: 43558cf373137be016b441dbc62d366d4f418e6199684b1292cf0ed611b49542
Opcode Fuzzy Hash: 66678ef200bcddfacdd84758e365ace3ed2ceda1e906b03957e659c4d905e224
Instruction Fuzzy Hash: ACD16C77A09B8181D660DB25E8413BA7760FB86BD0F258276DAAC837D5DF7CD491CB00

Function 00007FF60AD0DCC0 Relevance: 4.0, Strings: 3, Instructions: 245COMMON

Download Yara Rule

Strings

stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou, xrefs: 00007FF60AD0E0A5
stopTheWorld: not stopped (stopwait != 0)could not resolve ordinal %d in module %qreflect: Call with too few input argumentsmismatch between ABI description and typesMapIter.Value called on exhausted iterator1734723475976807094411924481391906738281258673617379, xrefs: 00007FF60AD0DFE0
stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin, xrefs: 00007FF60AD0E05B

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou$stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin$stopTheWorld: not stopped (stopwait != 0)could not resolve ordinal %d in module %qreflect: Call with too few input argumentsmismatch between ABI description and typesMapIter.Value called on exhausted iterator1734723475976807094411924481391906738281258673617379
API String ID: 0-3543418984
Opcode ID: 5aa6a0540efac6ba023bbdcb22b7394437726b5491f2a3af1439677265927957
Instruction ID: b599ec1b1b8914103300c6f1dd727ea812619fe4c551ec818d3d970bc1daa7ad
Opcode Fuzzy Hash: 5aa6a0540efac6ba023bbdcb22b7394437726b5491f2a3af1439677265927957
Instruction Fuzzy Hash: 92B15C77A0D68286EB50CB61E44077AB7A5FB85BC0F2482B6DA8D837E5CE3DE445C740

Function 00007FF60AD1D500 Relevance: 1.7, Strings: 1, Instructions: 441COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00007FF60AD1D60D, 00007FF60AD1D716, 00007FF60AD1D857, 00007FF60AD1D97F

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: 755057ceca1a695493b4e09321eac1264c36c0ba9db76b1b8dee8683e70a0cf7
Instruction ID: e253a3c3c5c299cbbce1054200aa5eec2172166cb7b66cf81abb2e03897c0e54
Opcode Fuzzy Hash: 755057ceca1a695493b4e09321eac1264c36c0ba9db76b1b8dee8683e70a0cf7
Instruction Fuzzy Hash: 1002DF23B4C682A5FA10DB15E4143B9B666FB45BD0FA842B5EA9E837C5DF7CE941C300

Function 00007FF60AD00180 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin, xrefs: 00007FF60AD00525

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin
API String ID: 0-429552053
Opcode ID: 90042688f49db71500f523f2706235332e748ec483e2f9433c1a3396dca27274
Instruction ID: 76fd3e955504a6a4bcde669459361cbb3ca0189f220420b7ae9b5013eb628b07
Opcode Fuzzy Hash: 90042688f49db71500f523f2706235332e748ec483e2f9433c1a3396dca27274
Instruction Fuzzy Hash: 53B18F77A0CB8592DA10CB11E440A6EB764FB89BC0F645272EE8D97BA9CF3CD551CB40

Function 00007FF60AD4AA40 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

ParseFloat%!Weekday(notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop tracedisablethpinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(, xrefs: 00007FF60AD4AC96, 00007FF60AD4AD6E, 00007FF60AD4AE33

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: ParseFloat%!Weekday(notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop tracedisablethpinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(
API String ID: 0-3791648319
Opcode ID: 8083993a27700a2bcb0baecee963a5fc9cf1b4d562a218d6acfd6acc3dcb11b2
Instruction ID: c897bc6c4653e301c23aef060707eec91c9d46d7451115a46e54626dbd8ad4e9
Opcode Fuzzy Hash: 8083993a27700a2bcb0baecee963a5fc9cf1b4d562a218d6acfd6acc3dcb11b2
Instruction Fuzzy Hash: F3C19273A4CB8186E665DB11F4403AA73A9FB84BC0F6442B6EA8C977A9DF3CD540C700

Function 00007FF60AD4AF00 Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

ParseFloat%!Weekday(notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop tracedisablethpinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(, xrefs: 00007FF60AD4B156, 00007FF60AD4B22F, 00007FF60AD4B2F4

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: ParseFloat%!Weekday(notifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop tracedisablethpinvalidptrschedtracesemacquiredebug call flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(
API String ID: 0-3791648319
Opcode ID: 5d3c28188a2b96cf94158475923876a819e3f4bdff1703c1d93dc667ab139dc0
Instruction ID: 1e7b699522daabcd5149378d0e8384e254e3bce9a70f7c9e5687e9713ae8e776
Opcode Fuzzy Hash: 5d3c28188a2b96cf94158475923876a819e3f4bdff1703c1d93dc667ab139dc0
Instruction Fuzzy Hash: E7C15073A08B8186EB659F11F4403AA77A8FB95BC0F6492B6EA8C87795DF3CD550C700

Function 00007FF60ACE5DA0 Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs, xrefs: 00007FF60ACE6147

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs
API String ID: 0-866072839
Opcode ID: c90b77b8830b9cee64d45adbe7cfc34da4f2bccb826234be702ad72c4483e77c
Instruction ID: 2b2fc26a8e52b5cb45bc7d9f47cd9ece4ce9959c35e0c7356881d6c512a5e3be
Opcode Fuzzy Hash: c90b77b8830b9cee64d45adbe7cfc34da4f2bccb826234be702ad72c4483e77c
Instruction Fuzzy Hash: C6A1F0B7A19B9581EB50CB16E4012AEA7B1FB48FC4F258172EE4C87B59EF3CD4918700

Function 00007FF60ACFF360 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00007FF60ACFF627

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
API String ID: 0-2099802129
Opcode ID: 3b66ac3edf4e71863b0635293b068592d0c1830b88c709e48405529fd498b817
Instruction ID: 6d753dfbc46a9dd13577b0633170e84dfd9d941dc44176c1f61065b101cbc3fa
Opcode Fuzzy Hash: 3b66ac3edf4e71863b0635293b068592d0c1830b88c709e48405529fd498b817
Instruction Fuzzy Hash: 1671F0B3B58B8582EA009B15E4403A97375FB89BD0F65427AEE9D937D6CE7CE480C340

Function 00007FF60ACEB940 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625S, xrefs: 00007FF60ACEBB14

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault tab= top=[...], fp:ole32filesGreeksse41sse42ssse3ntdllPDFEzyINFO: WARN: empty1empty2error2removelistensocketStringFormat[]bytestringGetAceGetACPsendtouint16uint32uint64structchan<-<-chan Value390625S
API String ID: 0-1879786653
Opcode ID: 02ca466dbc951129968e61d168ffd3d8c6c56ada816d4942c79c846238385bcd
Instruction ID: 9c05ea164d1c38463dccfe4553509144becfd52bf5f0d1bfb6fec62f245c0821
Opcode Fuzzy Hash: 02ca466dbc951129968e61d168ffd3d8c6c56ada816d4942c79c846238385bcd
Instruction Fuzzy Hash: 37910833A0CA4295E700DB60E4813BAB7B4FB857D0F6582B6EA9D876A5DF3DE444C740

Function 00007FF60ACF2020 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not , xrefs: 00007FF60ACF2110

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackunsafe.Slice: ptr is nil and len is not
API String ID: 0-3110597650
Opcode ID: 97b29141462e2fbba1c2b9548a6be4a931b4bbf789a2de50c77cf3238ea6bb48
Instruction ID: 0f56e34fea6ca6b0c7de30c10d57a8ad50f7dee6887ecdc204c77c0d1f40ecab
Opcode Fuzzy Hash: 97b29141462e2fbba1c2b9548a6be4a931b4bbf789a2de50c77cf3238ea6bb48
Instruction Fuzzy Hash: A321BCF3B46A8542EB009F14D4403E86722E756FD8F5AA0B5CF4D97786CE6CC596C300

Function 00007FF60AD49BA0 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda375d627d732c85cc583b6e5afd8bb722a31e253b6f9687ac3f1dd513587c4
Instruction ID: 5b1b7a1e46b510a486f59681a96feaf60f9183338ccdc315dd85042c01afa841
Opcode Fuzzy Hash: dda375d627d732c85cc583b6e5afd8bb722a31e253b6f9687ac3f1dd513587c4
Instruction Fuzzy Hash: C2D1F413F0C5A146EB218722E4207BB7A92E781BC0F6856B1EE8D57BDACE7DD841D710

Function 00007FF60AD4FF80 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e34675fcd3e560ea9b46b719ef349234e3bca018d016c7e7cf7fb67c2717e4f
Instruction ID: a8ec0d745d789a1b1767bebc142c250e0a87fe4a7f65741046b41fdabc63e06b
Opcode Fuzzy Hash: 9e34675fcd3e560ea9b46b719ef349234e3bca018d016c7e7cf7fb67c2717e4f
Instruction Fuzzy Hash: D1D1C523F0C65586EA54CB26E401ABAB751FB89BC4F644171EE8DC7B99CE3CD945C700

Function 00007FF60AD4CB40 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168d25f5af48d10d4dea5ed41eaad889904874b6cd2260b7045d0b4de342701f
Instruction ID: f85cbd6ede1a385ce6456638f0c3cbdbf74193d072d485f236561df95529c458
Opcode Fuzzy Hash: 168d25f5af48d10d4dea5ed41eaad889904874b6cd2260b7045d0b4de342701f
Instruction Fuzzy Hash: B8B1E773F2EA8183EA198719D1043B87656EB44FD4FE882B1C64E877C6DF6CA5568300

Function 00007FF60ACEF660 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4352c5823b274d3a59877725e0cd16fec01644465b7b8233395ba919350a0574
Instruction ID: 7bdbd0953d6e70e58b74bc367742310aa56caded37a86781aa72aa4f8e8279cf
Opcode Fuzzy Hash: 4352c5823b274d3a59877725e0cd16fec01644465b7b8233395ba919350a0574
Instruction Fuzzy Hash: 8CC1E133A0DB8196EA11CB10E04137977B5EB86BD0F2682B9DA9E977D5DF3CE4818740

Function 00007FF60AD11C20 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9081ae1d4ec1e6d1a84ddfaf8be54bcde7d684168bc65adef824aeb6d9a18624
Instruction ID: 694cd3a49ad2b168d43cd11aa9697d7d3a97c8ba54ddf60c7928d4f49bd8ab25
Opcode Fuzzy Hash: 9081ae1d4ec1e6d1a84ddfaf8be54bcde7d684168bc65adef824aeb6d9a18624
Instruction Fuzzy Hash: 93A1B267A1C68286D764CB56E01097AB7A1FB85BC0F285279FF8D87B85CF3CE4408B40

Function 00007FF60AD36029 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec95d420a7baf1a3593b2d8812f7bcc97ff29d1682d2854064f527c9f20c246d
Instruction ID: 37882441b6bddca212b13c673371e152186461b6cbfed20fa6b70e46cdfdb13e
Opcode Fuzzy Hash: ec95d420a7baf1a3593b2d8812f7bcc97ff29d1682d2854064f527c9f20c246d
Instruction Fuzzy Hash: 95B10C16D1CFDB20E6135678D403A762A24AFF36C4B01D73AFAC6F16B3DB566900B522

Function 00007FF60ACFCB00 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06e6395af84849eda2594e2d5ca491baba45c7f66850d3dd62b6f6675eb03e4c
Instruction ID: 1743318a6e76a3cebaaf703fb37ebfdd075a4e93af10272d043e3b8392a17616
Opcode Fuzzy Hash: 06e6395af84849eda2594e2d5ca491baba45c7f66850d3dd62b6f6675eb03e4c
Instruction Fuzzy Hash: BFA15C77A1CB8592DB108B15E0802AAB7B1F789BD4F25527AEB9D47B99CF3CD050CB40

Function 00007FF60ACFDF80 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e584ae30d33c387ee35dc5bab8e7d8b30804f784b6aec4754275f0628b64a44
Instruction ID: 05eebdd4ae56e6de7d8238465f8d2b8f9ce5b641c76a0548a1f526fba192d993
Opcode Fuzzy Hash: 2e584ae30d33c387ee35dc5bab8e7d8b30804f784b6aec4754275f0628b64a44
Instruction Fuzzy Hash: 7A91A373A18B8582EA108B15E4803AEA771F789BC0F15517AEF9D57B9ACF7CD080C740

Function 00007FF60AD507A0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edcef3eb7fb2fcebdcb2e8c91e6db3dfba97d910a87f88a05bce1dd00b9502f9
Instruction ID: 669ce77533eed02dc69653cad099dafbc70dbe37796e1d5ceef886e2cf8d7100
Opcode Fuzzy Hash: edcef3eb7fb2fcebdcb2e8c91e6db3dfba97d910a87f88a05bce1dd00b9502f9
Instruction Fuzzy Hash: CF514723F0C6528AFA2C9625D011ABC7A51EB94BD0FB953B5C94E87BC5CE6CEC41C780

Function 00007FF60ACDA940 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0cfb378e309d896f4d012ba800402fa4999d61eb0965eeb4accbe0d4dba0415
Instruction ID: 7747d9cd05d9074711b3073044f16178ca93d4a46cb8ef5099d1780271e8cd06
Opcode Fuzzy Hash: d0cfb378e309d896f4d012ba800402fa4999d61eb0965eeb4accbe0d4dba0415
Instruction Fuzzy Hash: 8D51E996B45A9551AE048B53C62007AA371EB4AFD076AE273CE1DB7B9CDE3CE402C344

Function 00007FF60AD21CE0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5daa4d25c88fd1e47f1059049e6b4c85ad7eaf3c12fa03ec3cdaaad818d319e0
Instruction ID: 158be14c643b4aab35254172d1eb909a65af979bd989343dbec6346fec394d47
Opcode Fuzzy Hash: 5daa4d25c88fd1e47f1059049e6b4c85ad7eaf3c12fa03ec3cdaaad818d319e0
Instruction Fuzzy Hash: A541A533F885468AEA509E24D4413B57285DB507F0F9887B0EF2D862C2DE2CA895D710

Function 00007FF60ACF7F20 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37cb6036a478a01f182d007b7d6c101b281179cf73c1e90344223c5dea53dbe3
Instruction ID: cc172838758fe8b02700e99e4e5a25de4933fb951c0150f2272afb7ac936fc01
Opcode Fuzzy Hash: 37cb6036a478a01f182d007b7d6c101b281179cf73c1e90344223c5dea53dbe3
Instruction Fuzzy Hash: 4651C273A4CB4281EA15CB21E44023AA371EB99BD0F3987B5EA5D937D5DF3CE4818700

Function 00007FF60AD4D400 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37d11305c1095332c3d4447bff097d6d4ec48b16bb4f541e608688dedc346756
Instruction ID: 07e0b3cc39d3ec8cf036d35db3c29c1120a24fe0a5ecd2ff20b2ea190aec75e0
Opcode Fuzzy Hash: 37d11305c1095332c3d4447bff097d6d4ec48b16bb4f541e608688dedc346756
Instruction Fuzzy Hash: 4F41F4A3F0469543EE548626D5043B8A2938B96FF4F6C8372DD3EA7BD8EE5CD9418200

Function 00007FF60AD4D200 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54fc414a448b4832f92cfc7b591f02393a1be6350950ea3aa2e16130756b50fb
Instruction ID: 7a0a72026dd1cda66f959a4dda3b427fe74c5e820956b0aa847a7fb93d854150
Opcode Fuzzy Hash: 54fc414a448b4832f92cfc7b591f02393a1be6350950ea3aa2e16130756b50fb
Instruction Fuzzy Hash: FC4149A3F4569542EF548A21D5043F4A253EB95FE0FAC8371DE2DABBD8EF5CD8428200

Function 00007FF60ACF3B80 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b52bf38f629520bff0f831e87b9f05bbdba58ee714d5eae049a43230f729308
Instruction ID: 6ef3b0ed37734b6b66fa8a8bf56903497abdbae1018d16fc01d58c09ee29a316
Opcode Fuzzy Hash: 8b52bf38f629520bff0f831e87b9f05bbdba58ee714d5eae049a43230f729308
Instruction Fuzzy Hash: 7C4136A3E5FE4665DD079B7AC461134822A9F92BE0774C7B1C83FEA2E4DF1DA0428200

Function 00007FF60AD00FC0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
Instruction ID: f8285ee1500bea0b622b220f2b6d2c06caedbd07029bfa44adf686d136e458db
Opcode Fuzzy Hash: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
Instruction Fuzzy Hash: D9313AB6B15B8946EB88CB229A247C9639AFB58BC0F15D275DF0C93758EF38E5508340

Function 00007FF60ACDEEE0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 252a1641c399c9d9d4be30fcf7ac50507005ea6e62673b8f3913282413dbc790
Instruction ID: ca82371d15b409059b72e24f8e07660ba0477cc0acd53b2a717e862d70df09e9
Opcode Fuzzy Hash: 252a1641c399c9d9d4be30fcf7ac50507005ea6e62673b8f3913282413dbc790
Instruction Fuzzy Hash: 6321FCE3E25F450ADA47963A955131181165F96BD0F38D332EC1FB97A6EF29A0C38100

Function 00007FF60AD38D80 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c10b6bf1f006778b9d1a1fe6126d3224ab63f22426b4c1ea051f947b17418c
Instruction ID: fc4c5aa3cf557f950046ab2d2e88396599cc7e84bd0583b489dbdc6db817f745
Opcode Fuzzy Hash: 66c10b6bf1f006778b9d1a1fe6126d3224ab63f22426b4c1ea051f947b17418c
Instruction Fuzzy Hash: F6C08CF3E0EA836CFB608300F14032839D5CF243C0DA8C1F0E38C812D5DE6CA2806104

Function 00007FF60ADCE910 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,?,?,00007FF60AEF5B90,00007FF60AEF5B90,?,?,00007FF60ACD0000,?,00007FF60ADCE701), ref: 00007FF60ADCE9D3
VirtualProtect.KERNEL32(?,?,?,?,00007FF60AEF5B90,00007FF60AEF5B90,?,?,00007FF60ACD0000,?,00007FF60ADCE701), ref: 00007FF60ADCEA37
memcpy.MSVCRT ref: 00007FF60ADCEA50
GetLastError.KERNEL32(?,?,?,?,00007FF60AEF5B90,00007FF60AEF5B90,?,?,00007FF60ACD0000,?,00007FF60ADCE701), ref: 00007FF60ADCEA93

Strings

VirtualProtect failed with code 0x%x, xrefs: 00007FF60ADCEA99
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF60ADCEA87
Address %p has no image-section, xrefs: 00007FF60ADCEA64

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuerymemcpy
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
API String ID: 2595394609-2123141913
Opcode ID: 4e4af254e15960c299eee42ca29b66d303040cefe8d7e8196cd1878898d3087d
Instruction ID: d9d1ff916c5d413c16b08bdab8696addb7bae47444e662eb25957488c3393ec3
Opcode Fuzzy Hash: 4e4af254e15960c299eee42ca29b66d303040cefe8d7e8196cd1878898d3087d
Instruction Fuzzy Hash: FA4181B3A1964395EA509B05E4446B937A0FB44FC0FA54AB6CE0EC37E1DE3CE646C700

Function 00007FF60ADCE5F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60ACD1247), ref: 00007FF60ADCE769

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FF60ADCE8FB
Unknown pseudo relocation bit size %d., xrefs: 00007FF60ADCE8EB

Memory Dump Source

Source File: 00000004.00000002.201077387571.00007FF60ACD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF60ACD0000, based on PE: true

Associated: 00000004.00000002.201077365790.00007FF60ACD0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077611307.00007FF60ADD5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077833652.00007FF60AEF7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077858286.00007FF60AEF9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077909765.00007FF60AF22000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077939483.00007FF60AF31000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF32000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF4A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AF51000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201077962180.00007FF60AFB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078085089.00007FF60AFBE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFC8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.201078118067.00007FF60AFD7000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff60acd0000_pdf-ez.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: be20b077370f06ab36820fd6772346baa81e137e35628540e6c6d36000c71578
Instruction ID: e5a6527b1a992b7be4b5becb4af28c3d5caa6e8456939f95a9588f9c261108c9
Opcode Fuzzy Hash: be20b077370f06ab36820fd6772346baa81e137e35628540e6c6d36000c71578
Instruction Fuzzy Hash: D45199B3A58552C6EB109B21E8407B937A1FB14BD4FA44AB5DA2D877D4CF3CE582CB00

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pdf-ezy.com/pdf-ez.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\cmdline.out

C:\Users\user\Desktop\download\pdf-ez.exe

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: cmd.exePID: 3236, Parent PID: 3716

Windows Analysis Report
https://pdf-ezy.com/pdf-ez.exe

Function 00007FF60ACDD780 Relevance: 14.1, Strings: 11, Instructions: 384
COMMON

Function 00007FF60ACD2540 Relevance: 9.2, Strings: 7, Instructions: 474
COMMON